{-# LANGUAGE DataKinds #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RankNTypes #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE TypeFamilies #-}
module Auth.Biscuit.Servant
(
RequireBiscuit
, authHandler
, genBiscuitCtx
, authHandlerWith
, genBiscuitCtxWith
, BiscuitConfig (..)
, defaultBiscuitConfig
, checkBiscuit
, checkBiscuitM
, checkBiscuitWith
, checkBiscuitMWith
, WithAuthorizer' (..)
, WithAuthorizer
, handleBiscuit
, handleBiscuitWith
, withAuthorizer
, withAuthorizer_
, withAuthorizerM
, withAuthorizerM_
, noAuthorizer
, noAuthorizer_
, withFallbackAuthorizer
, withPriorityAuthorizer
, withFallbackAuthorizerM
, withPriorityAuthorizerM
, withTransformation
, module Biscuit
) where
import Auth.Biscuit as Biscuit
import Control.Applicative (liftA2)
import Control.Monad.Except (MonadError, throwError)
import Control.Monad.IO.Class (MonadIO, liftIO)
import Control.Monad.Reader (ReaderT (..), lift,
runReaderT, withReaderT)
import Data.ByteString (ByteString)
import qualified Data.ByteString as BS
import qualified Data.ByteString.Char8 as C8
import qualified Data.ByteString.Lazy as LBS
import Data.Either (fromRight)
import Data.Kind (Type)
import Network.Wai
import Servant (AuthProtect)
import Servant.Server
import Servant.Server.Experimental.Auth
type RequireBiscuit = AuthProtect "biscuit"
type instance AuthServerData RequireBiscuit = Biscuit OpenOrSealed Verified
data WithAuthorizer' (t :: Type) (m :: Type -> Type) (a :: Type)
= WithAuthorizer
{ forall t (m :: * -> *) a. WithAuthorizer' t m a -> ReaderT t m a
handler_ :: ReaderT t m a
, forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
}
type WithAuthorizer = WithAuthorizer' (AuthorizedBiscuit OpenOrSealed)
withFallbackAuthorizer :: Functor m
=> Authorizer
-> WithAuthorizer' t m a
-> WithAuthorizer' t m a
withFallbackAuthorizer :: forall (m :: * -> *) t a.
Functor m =>
Authorizer -> WithAuthorizer' t m a -> WithAuthorizer' t m a
withFallbackAuthorizer Authorizer
newV h :: WithAuthorizer' t m a
h@WithAuthorizer{m Authorizer
authorizer_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
authorizer_} =
WithAuthorizer' t m a
h { authorizer_ :: m Authorizer
authorizer_ = (Authorizer -> Authorizer -> Authorizer
forall a. Semigroup a => a -> a -> a
<> Authorizer
newV) (Authorizer -> Authorizer) -> m Authorizer -> m Authorizer
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> m Authorizer
authorizer_ }
withFallbackAuthorizerM :: Applicative m
=> m Authorizer
-> WithAuthorizer' t m a
-> WithAuthorizer' t m a
withFallbackAuthorizerM :: forall (m :: * -> *) t a.
Applicative m =>
m Authorizer -> WithAuthorizer' t m a -> WithAuthorizer' t m a
withFallbackAuthorizerM m Authorizer
newV h :: WithAuthorizer' t m a
h@WithAuthorizer{m Authorizer
authorizer_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
authorizer_} =
WithAuthorizer' t m a
h { authorizer_ :: m Authorizer
authorizer_ = (Authorizer -> Authorizer -> Authorizer)
-> m Authorizer -> m Authorizer -> m Authorizer
forall a b c. (a -> b -> c) -> m a -> m b -> m c
forall (f :: * -> *) a b c.
Applicative f =>
(a -> b -> c) -> f a -> f b -> f c
liftA2 Authorizer -> Authorizer -> Authorizer
forall a. Semigroup a => a -> a -> a
(<>) m Authorizer
authorizer_ m Authorizer
newV }
withPriorityAuthorizer :: Functor m
=> Authorizer
-> WithAuthorizer' t m a
-> WithAuthorizer' t m a
withPriorityAuthorizer :: forall (m :: * -> *) t a.
Functor m =>
Authorizer -> WithAuthorizer' t m a -> WithAuthorizer' t m a
withPriorityAuthorizer Authorizer
newV h :: WithAuthorizer' t m a
h@WithAuthorizer{m Authorizer
authorizer_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
authorizer_} =
WithAuthorizer' t m a
h { authorizer_ :: m Authorizer
authorizer_ = (Authorizer
newV Authorizer -> Authorizer -> Authorizer
forall a. Semigroup a => a -> a -> a
<>) (Authorizer -> Authorizer) -> m Authorizer -> m Authorizer
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> m Authorizer
authorizer_ }
withPriorityAuthorizerM :: Applicative m
=> m Authorizer
-> WithAuthorizer' t m a
-> WithAuthorizer' t m a
withPriorityAuthorizerM :: forall (m :: * -> *) t a.
Applicative m =>
m Authorizer -> WithAuthorizer' t m a -> WithAuthorizer' t m a
withPriorityAuthorizerM m Authorizer
newV h :: WithAuthorizer' t m a
h@WithAuthorizer{m Authorizer
authorizer_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
authorizer_} =
WithAuthorizer' t m a
h { authorizer_ :: m Authorizer
authorizer_ = (Authorizer -> Authorizer -> Authorizer)
-> m Authorizer -> m Authorizer -> m Authorizer
forall a b c. (a -> b -> c) -> m a -> m b -> m c
forall (f :: * -> *) a b c.
Applicative f =>
(a -> b -> c) -> f a -> f b -> f c
liftA2 Authorizer -> Authorizer -> Authorizer
forall a. Semigroup a => a -> a -> a
(<>) m Authorizer
newV m Authorizer
authorizer_ }
withAuthorizer :: Applicative m
=> Authorizer
-> ReaderT t m a
-> WithAuthorizer' t m a
withAuthorizer :: forall (m :: * -> *) t a.
Applicative m =>
Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
withAuthorizer Authorizer
v ReaderT t m a
handler_ =
WithAuthorizer
{ ReaderT t m a
handler_ :: ReaderT t m a
handler_ :: ReaderT t m a
handler_
, authorizer_ :: m Authorizer
authorizer_ = Authorizer -> m Authorizer
forall a. a -> m a
forall (f :: * -> *) a. Applicative f => a -> f a
pure Authorizer
v
}
withAuthorizerM :: m Authorizer
-> ReaderT t m a
-> WithAuthorizer' t m a
withAuthorizerM :: forall (m :: * -> *) t a.
m Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
withAuthorizerM m Authorizer
authorizer_ ReaderT t m a
handler_ =
WithAuthorizer
{ ReaderT t m a
handler_ :: ReaderT t m a
handler_ :: ReaderT t m a
handler_
, m Authorizer
authorizer_ :: m Authorizer
authorizer_ :: m Authorizer
authorizer_
}
withAuthorizer_ :: Monad m => Authorizer -> m a -> WithAuthorizer' t m a
withAuthorizer_ :: forall (m :: * -> *) a t.
Monad m =>
Authorizer -> m a -> WithAuthorizer' t m a
withAuthorizer_ Authorizer
v = Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
forall (m :: * -> *) t a.
Applicative m =>
Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
withAuthorizer Authorizer
v (ReaderT t m a -> WithAuthorizer' t m a)
-> (m a -> ReaderT t m a) -> m a -> WithAuthorizer' t m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. m a -> ReaderT t m a
forall (m :: * -> *) a. Monad m => m a -> ReaderT t m a
forall (t :: (* -> *) -> * -> *) (m :: * -> *) a.
(MonadTrans t, Monad m) =>
m a -> t m a
lift
withAuthorizerM_ :: Monad m => m Authorizer -> m a -> WithAuthorizer' t m a
withAuthorizerM_ :: forall (m :: * -> *) a t.
Monad m =>
m Authorizer -> m a -> WithAuthorizer' t m a
withAuthorizerM_ m Authorizer
v = m Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
forall (m :: * -> *) t a.
m Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
withAuthorizerM m Authorizer
v (ReaderT t m a -> WithAuthorizer' t m a)
-> (m a -> ReaderT t m a) -> m a -> WithAuthorizer' t m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. m a -> ReaderT t m a
forall (m :: * -> *) a. Monad m => m a -> ReaderT t m a
forall (t :: (* -> *) -> * -> *) (m :: * -> *) a.
(MonadTrans t, Monad m) =>
m a -> t m a
lift
noAuthorizer :: Applicative m
=> ReaderT t m a
-> WithAuthorizer' t m a
noAuthorizer :: forall (m :: * -> *) t a.
Applicative m =>
ReaderT t m a -> WithAuthorizer' t m a
noAuthorizer = Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
forall (m :: * -> *) t a.
Applicative m =>
Authorizer -> ReaderT t m a -> WithAuthorizer' t m a
withAuthorizer Authorizer
forall a. Monoid a => a
mempty
noAuthorizer_ :: Monad m => m a -> WithAuthorizer' t m a
noAuthorizer_ :: forall (m :: * -> *) a t. Monad m => m a -> WithAuthorizer' t m a
noAuthorizer_ = ReaderT t m a -> WithAuthorizer' t m a
forall (m :: * -> *) t a.
Applicative m =>
ReaderT t m a -> WithAuthorizer' t m a
noAuthorizer (ReaderT t m a -> WithAuthorizer' t m a)
-> (m a -> ReaderT t m a) -> m a -> WithAuthorizer' t m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. m a -> ReaderT t m a
forall (m :: * -> *) a. Monad m => m a -> ReaderT t m a
forall (t :: (* -> *) -> * -> *) (m :: * -> *) a.
(MonadTrans t, Monad m) =>
m a -> t m a
lift
data BiscuitConfig e
= BiscuitConfig
{ forall e. BiscuitConfig e -> ParserConfig Handler
parserConfig :: ParserConfig Handler
, :: Request -> Either e ByteString
, :: forall a. e -> Handler a
, forall e. BiscuitConfig e -> forall a. ParseError -> Handler a
onParseError :: forall a. ParseError -> Handler a
}
defaultBiscuitConfig :: PublicKey -> BiscuitConfig String
defaultBiscuitConfig :: PublicKey -> BiscuitConfig String
defaultBiscuitConfig PublicKey
publicKey = BiscuitConfig
{ parserConfig :: ParserConfig Handler
parserConfig = ParserConfig
{ getPublicKey :: Maybe Int -> PublicKey
getPublicKey = PublicKey -> Maybe Int -> PublicKey
forall a b. a -> b -> a
const PublicKey
publicKey
, isRevoked :: Set ByteString -> Handler Bool
isRevoked = Handler Bool -> Set ByteString -> Handler Bool
forall a b. a -> b -> a
const (Handler Bool -> Set ByteString -> Handler Bool)
-> Handler Bool -> Set ByteString -> Handler Bool
forall a b. (a -> b) -> a -> b
$ Bool -> Handler Bool
forall a. a -> Handler a
forall (f :: * -> *) a. Applicative f => a -> f a
pure Bool
False
, encoding :: BiscuitEncoding
encoding = BiscuitEncoding
UrlBase64
}
, extractSerializedBiscuit :: Request -> Either String ByteString
extractSerializedBiscuit = Request -> Either String ByteString
readFromAuthHeader
, onExtractionError :: forall a. String -> Handler a
onExtractionError = ServerError -> Handler a
forall a. ServerError -> Handler a
forall e (m :: * -> *) a. MonadError e m => e -> m a
throwError (ServerError -> Handler a)
-> (String -> ServerError) -> String -> Handler a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Either ParseError String -> ServerError
defaultInvalidBiscuitError (Either ParseError String -> ServerError)
-> (String -> Either ParseError String) -> String -> ServerError
forall b c a. (b -> c) -> (a -> b) -> a -> c
. String -> Either ParseError String
forall a b. b -> Either a b
Right
, onParseError :: forall a. ParseError -> Handler a
onParseError = ServerError -> Handler a
forall a. ServerError -> Handler a
forall e (m :: * -> *) a. MonadError e m => e -> m a
throwError (ServerError -> Handler a)
-> (ParseError -> ServerError) -> ParseError -> Handler a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Either ParseError String -> ServerError
defaultInvalidBiscuitError (Either ParseError String -> ServerError)
-> (ParseError -> Either ParseError String)
-> ParseError
-> ServerError
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ParseError -> Either ParseError String
forall a b. a -> Either a b
Left
}
readFromAuthHeader :: Request -> Either String ByteString
Request
req = do
let note :: a -> Maybe b -> Either a b
note a
e = Either a b -> (b -> Either a b) -> Maybe b -> Either a b
forall b a. b -> (a -> b) -> Maybe a -> b
maybe (a -> Either a b
forall a b. a -> Either a b
Left a
e) b -> Either a b
forall a b. b -> Either a b
Right
ByteString
authHeader <- String -> Maybe ByteString -> Either String ByteString
forall {a} {b}. a -> Maybe b -> Either a b
note String
"Missing Authorization header" (Maybe ByteString -> Either String ByteString)
-> (RequestHeaders -> Maybe ByteString)
-> RequestHeaders
-> Either String ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. HeaderName -> RequestHeaders -> Maybe ByteString
forall a b. Eq a => a -> [(a, b)] -> Maybe b
lookup HeaderName
"Authorization" (RequestHeaders -> Either String ByteString)
-> RequestHeaders -> Either String ByteString
forall a b. (a -> b) -> a -> b
$ Request -> RequestHeaders
requestHeaders Request
req
String -> Maybe ByteString -> Either String ByteString
forall {a} {b}. a -> Maybe b -> Either a b
note String
"Not a Bearer token" (Maybe ByteString -> Either String ByteString)
-> Maybe ByteString -> Either String ByteString
forall a b. (a -> b) -> a -> b
$ ByteString -> ByteString -> Maybe ByteString
BS.stripPrefix ByteString
"Bearer " ByteString
authHeader
defaultInvalidBiscuitError :: Either ParseError String -> ServerError
defaultInvalidBiscuitError :: Either ParseError String -> ServerError
defaultInvalidBiscuitError Either ParseError String
e =
let s :: String
s = String -> Either ParseError String -> String
forall b a. b -> Either a b -> b
fromRight String
"Not a B64-encoded biscuit" Either ParseError String
e
in ServerError
err401 { errBody :: ByteString
errBody = ByteString -> ByteString
LBS.fromStrict (String -> ByteString
C8.pack String
s) }
defaultUnauthorizedBiscuitError :: ExecutionError -> ServerError
defaultUnauthorizedBiscuitError :: ExecutionError -> ServerError
defaultUnauthorizedBiscuitError ExecutionError
_ =
ServerError
err403 { errBody :: ByteString
errBody = ByteString
"Biscuit failed checks" }
authHandlerWith :: BiscuitConfig e
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandlerWith :: forall e.
BiscuitConfig e
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandlerWith BiscuitConfig{ParserConfig Handler
Request -> Either e ByteString
forall a. e -> Handler a
forall a. ParseError -> Handler a
parserConfig :: forall e. BiscuitConfig e -> ParserConfig Handler
extractSerializedBiscuit :: forall e. BiscuitConfig e -> Request -> Either e ByteString
onExtractionError :: forall e. BiscuitConfig e -> forall a. e -> Handler a
onParseError :: forall e. BiscuitConfig e -> forall a. ParseError -> Handler a
parserConfig :: ParserConfig Handler
extractSerializedBiscuit :: Request -> Either e ByteString
onExtractionError :: forall a. e -> Handler a
onParseError :: forall a. ParseError -> Handler a
..} = (Request -> Handler (Biscuit OpenOrSealed Verified))
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
forall r usr. (r -> Handler usr) -> AuthHandler r usr
mkAuthHandler Request -> Handler (Biscuit OpenOrSealed Verified)
handler
where
orExtractionError :: Either e ByteString -> Handler ByteString
orExtractionError = (e -> Handler ByteString)
-> (ByteString -> Handler ByteString)
-> Either e ByteString
-> Handler ByteString
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either e -> Handler ByteString
forall a. e -> Handler a
onExtractionError ByteString -> Handler ByteString
forall a. a -> Handler a
forall (f :: * -> *) a. Applicative f => a -> f a
pure
orParseError :: Either ParseError (Biscuit OpenOrSealed Verified)
-> Handler (Biscuit OpenOrSealed Verified)
orParseError = (ParseError -> Handler (Biscuit OpenOrSealed Verified))
-> (Biscuit OpenOrSealed Verified
-> Handler (Biscuit OpenOrSealed Verified))
-> Either ParseError (Biscuit OpenOrSealed Verified)
-> Handler (Biscuit OpenOrSealed Verified)
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either ParseError -> Handler (Biscuit OpenOrSealed Verified)
forall a. ParseError -> Handler a
onParseError Biscuit OpenOrSealed Verified
-> Handler (Biscuit OpenOrSealed Verified)
forall a. a -> Handler a
forall (f :: * -> *) a. Applicative f => a -> f a
pure
handler :: Request -> Handler (Biscuit OpenOrSealed Verified)
handler Request
req = do
ByteString
bs <- Either e ByteString -> Handler ByteString
orExtractionError (Either e ByteString -> Handler ByteString)
-> Either e ByteString -> Handler ByteString
forall a b. (a -> b) -> a -> b
$ Request -> Either e ByteString
extractSerializedBiscuit Request
req
Either ParseError (Biscuit OpenOrSealed Verified)
-> Handler (Biscuit OpenOrSealed Verified)
orParseError (Either ParseError (Biscuit OpenOrSealed Verified)
-> Handler (Biscuit OpenOrSealed Verified))
-> Handler (Either ParseError (Biscuit OpenOrSealed Verified))
-> Handler (Biscuit OpenOrSealed Verified)
forall (m :: * -> *) a b. Monad m => (a -> m b) -> m a -> m b
=<< ParserConfig Handler
-> ByteString
-> Handler (Either ParseError (Biscuit OpenOrSealed Verified))
forall (m :: * -> *).
Applicative m =>
ParserConfig m
-> ByteString
-> m (Either ParseError (Biscuit OpenOrSealed Verified))
parseWith ParserConfig Handler
parserConfig ByteString
bs
authHandler :: PublicKey -> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandler :: PublicKey -> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandler = BiscuitConfig String
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
forall e.
BiscuitConfig e
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandlerWith (BiscuitConfig String
-> AuthHandler Request (Biscuit OpenOrSealed Verified))
-> (PublicKey -> BiscuitConfig String)
-> PublicKey
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PublicKey -> BiscuitConfig String
defaultBiscuitConfig
genBiscuitCtx :: PublicKey
-> Context '[AuthHandler Request (Biscuit OpenOrSealed Verified)]
genBiscuitCtx :: PublicKey
-> Context '[AuthHandler Request (Biscuit OpenOrSealed Verified)]
genBiscuitCtx PublicKey
pk = PublicKey -> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandler PublicKey
pk AuthHandler Request (Biscuit OpenOrSealed Verified)
-> Context '[]
-> Context '[AuthHandler Request (Biscuit OpenOrSealed Verified)]
forall x (xs :: [*]). x -> Context xs -> Context (x : xs)
:. Context '[]
EmptyContext
genBiscuitCtxWith :: BiscuitConfig e
-> Context '[AuthHandler Request (Biscuit OpenOrSealed Verified)]
genBiscuitCtxWith :: forall e.
BiscuitConfig e
-> Context '[AuthHandler Request (Biscuit OpenOrSealed Verified)]
genBiscuitCtxWith BiscuitConfig e
c = BiscuitConfig e
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
forall e.
BiscuitConfig e
-> AuthHandler Request (Biscuit OpenOrSealed Verified)
authHandlerWith BiscuitConfig e
c AuthHandler Request (Biscuit OpenOrSealed Verified)
-> Context '[]
-> Context '[AuthHandler Request (Biscuit OpenOrSealed Verified)]
forall x (xs :: [*]). x -> Context xs -> Context (x : xs)
:. Context '[]
EmptyContext
checkBiscuit :: (MonadIO m, MonadError ServerError m)
=> Biscuit OpenOrSealed Verified
-> Authorizer
-> m a
-> m a
checkBiscuit :: forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
Biscuit OpenOrSealed Verified -> Authorizer -> m a -> m a
checkBiscuit Biscuit OpenOrSealed Verified
vb = do
Biscuit OpenOrSealed Verified -> m Authorizer -> m a -> m a
forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
Biscuit OpenOrSealed Verified -> m Authorizer -> m a -> m a
checkBiscuitM Biscuit OpenOrSealed Verified
vb (m Authorizer -> m a -> m a)
-> (Authorizer -> m Authorizer) -> Authorizer -> m a -> m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Authorizer -> m Authorizer
forall a. a -> m a
forall (f :: * -> *) a. Applicative f => a -> f a
pure
checkBiscuitWith :: (MonadIO m, MonadError ServerError m)
=> (forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitWith :: forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitWith forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
vb =
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitMWith ExecutionError -> m b
forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
vb (m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a -> m a)
-> (Authorizer -> m Authorizer)
-> Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Authorizer -> m Authorizer
forall a. a -> m a
forall (f :: * -> *) a. Applicative f => a -> f a
pure
checkBiscuitM :: (MonadIO m, MonadError ServerError m)
=> Biscuit OpenOrSealed Verified
-> m Authorizer
-> m a
-> m a
checkBiscuitM :: forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
Biscuit OpenOrSealed Verified -> m Authorizer -> m a -> m a
checkBiscuitM Biscuit OpenOrSealed Verified
vb m Authorizer
mv m a
h = do
let onError :: ExecutionError -> m a
onError = ServerError -> m a
forall a. ServerError -> m a
forall e (m :: * -> *) a. MonadError e m => e -> m a
throwError (ServerError -> m a)
-> (ExecutionError -> ServerError) -> ExecutionError -> m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ExecutionError -> ServerError
defaultUnauthorizedBiscuitError
in (forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitMWith ExecutionError -> m b
forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
vb m Authorizer
mv (m a -> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
forall (m :: * -> *) a.
Monad m =>
m a -> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
forall (t :: (* -> *) -> * -> *) (m :: * -> *) a.
(MonadTrans t, Monad m) =>
m a -> t m a
lift m a
h)
checkBiscuitMWith :: (MonadIO m, MonadError ServerError m)
=> (forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitMWith :: forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitMWith forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
vb m Authorizer
mv ReaderT (AuthorizedBiscuit OpenOrSealed) m a
h = do
Authorizer
v <- m Authorizer
mv
Either ExecutionError (AuthorizedBiscuit OpenOrSealed)
res <- IO (Either ExecutionError (AuthorizedBiscuit OpenOrSealed))
-> m (Either ExecutionError (AuthorizedBiscuit OpenOrSealed))
forall a. IO a -> m a
forall (m :: * -> *) a. MonadIO m => IO a -> m a
liftIO (IO (Either ExecutionError (AuthorizedBiscuit OpenOrSealed))
-> m (Either ExecutionError (AuthorizedBiscuit OpenOrSealed)))
-> IO (Either ExecutionError (AuthorizedBiscuit OpenOrSealed))
-> m (Either ExecutionError (AuthorizedBiscuit OpenOrSealed))
forall a b. (a -> b) -> a -> b
$ Biscuit OpenOrSealed Verified
-> Authorizer
-> IO (Either ExecutionError (AuthorizedBiscuit OpenOrSealed))
forall proof.
Biscuit proof Verified
-> Authorizer
-> IO (Either ExecutionError (AuthorizedBiscuit proof))
authorizeBiscuit Biscuit OpenOrSealed Verified
vb Authorizer
v
case Either ExecutionError (AuthorizedBiscuit OpenOrSealed)
res of
Left ExecutionError
e -> ExecutionError -> m a
forall b. ExecutionError -> m b
onError ExecutionError
e
Right AuthorizedBiscuit OpenOrSealed
as -> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> AuthorizedBiscuit OpenOrSealed -> m a
forall r (m :: * -> *) a. ReaderT r m a -> r -> m a
runReaderT ReaderT (AuthorizedBiscuit OpenOrSealed) m a
h AuthorizedBiscuit OpenOrSealed
as
handleBiscuit :: (MonadIO m, MonadError ServerError m)
=> Biscuit OpenOrSealed Verified
-> WithAuthorizer m a
-> m a
handleBiscuit :: forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
Biscuit OpenOrSealed Verified -> WithAuthorizer m a -> m a
handleBiscuit Biscuit OpenOrSealed Verified
b WithAuthorizer{m Authorizer
authorizer_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
authorizer_, ReaderT (AuthorizedBiscuit OpenOrSealed) m a
handler_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> ReaderT t m a
handler_ :: ReaderT (AuthorizedBiscuit OpenOrSealed) m a
handler_} =
let onError :: ExecutionError -> m a
onError = ServerError -> m a
forall a. ServerError -> m a
forall e (m :: * -> *) a. MonadError e m => e -> m a
throwError (ServerError -> m a)
-> (ExecutionError -> ServerError) -> ExecutionError -> m a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ExecutionError -> ServerError
defaultUnauthorizedBiscuitError
in (forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitMWith ExecutionError -> m b
forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
b m Authorizer
authorizer_ ReaderT (AuthorizedBiscuit OpenOrSealed) m a
handler_
handleBiscuitWith :: (MonadIO m, MonadError ServerError m)
=> (forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> WithAuthorizer m a
-> m a
handleBiscuitWith :: forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified -> WithAuthorizer m a -> m a
handleBiscuitWith forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
b WithAuthorizer{m Authorizer
authorizer_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> m Authorizer
authorizer_ :: m Authorizer
authorizer_, ReaderT (AuthorizedBiscuit OpenOrSealed) m a
handler_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> ReaderT t m a
handler_ :: ReaderT (AuthorizedBiscuit OpenOrSealed) m a
handler_} =
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
forall (m :: * -> *) a.
(MonadIO m, MonadError ServerError m) =>
(forall b. ExecutionError -> m b)
-> Biscuit OpenOrSealed Verified
-> m Authorizer
-> ReaderT (AuthorizedBiscuit OpenOrSealed) m a
-> m a
checkBiscuitMWith ExecutionError -> m b
forall b. ExecutionError -> m b
onError Biscuit OpenOrSealed Verified
b m Authorizer
authorizer_ ReaderT (AuthorizedBiscuit OpenOrSealed) m a
handler_
withTransformation :: Monad m
=> (t -> m t')
-> WithAuthorizer' t' m a
-> WithAuthorizer' t m a
withTransformation :: forall (m :: * -> *) t t' a.
Monad m =>
(t -> m t') -> WithAuthorizer' t' m a -> WithAuthorizer' t m a
withTransformation t -> m t'
compute wa :: WithAuthorizer' t' m a
wa@WithAuthorizer{ReaderT t' m a
handler_ :: forall t (m :: * -> *) a. WithAuthorizer' t m a -> ReaderT t m a
handler_ :: ReaderT t' m a
handler_} =
let newHandler :: ReaderT t m a
newHandler = do
t'
t' <- (t -> m t') -> ReaderT t m t'
forall r (m :: * -> *) a. (r -> m a) -> ReaderT r m a
ReaderT t -> m t'
compute
(t -> t') -> ReaderT t' m a -> ReaderT t m a
forall r' r (m :: * -> *) a.
(r' -> r) -> ReaderT r m a -> ReaderT r' m a
withReaderT (t' -> t -> t'
forall a b. a -> b -> a
const t'
t') ReaderT t' m a
handler_
in WithAuthorizer' t' m a
wa { handler_ :: ReaderT t m a
handler_ = ReaderT t m a
newHandler }