Copyright | (c) Miles Frankel, 2015 |
---|---|
License | GPL-2 |
Safe Haskell | None |
Language | Haskell2010 |
A Simple library for session adding and checking, with automatic SQLite backup of session store. The session store is kept in memory for fast access. Session cookie expiration and database syncing timing are configurable. Note that this packages does not handle user authorization; you will have to roll your own (the package persistent is recommended) or use another package.
Example usage:
{-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE ScopedTypeVariables #-} module Main where import qualified Data.Text.Lazy as T import Web.Scotty as S import Web.Scotty.Login.Session conf :: SessionConfig conf = defaultSessionConfig main :: IO () main = do initializeCookieDb conf scotty 8000 routes routes :: ScottyM () routes = do S.get "/denied" $ S.text "access denied" S.get "/login" $ do S.html $ T.pack $ unlines $ [ "<form method=\"POST\" action=\"/login\">" , "<input type=\"text\" name=\"username\">" , "<input type=\"password\" name=\"password\">" , "<input type=\"submit\" name=\"login\" value=\"login\">" , "</form>" ] S.post "/login" $ do (usn :: String) <- param "username" (pass :: String) <- param "password" if usn == "guest" && pass == "password" then do addSession conf redirect "/authed" else do redirect "/denied" S.get "/authcheck" $ authCheck (redirect "/denied") $ S.text "authorized"
- initializeCookieDb :: SessionConfig -> IO ()
- addSession :: SessionConfig -> ActionT Text IO (Maybe Session)
- authCheck :: (MonadIO m, ScottyError e) => ActionT e m () -> ActionT e m () -> ActionT e m ()
- data SessionConfig = SessionConfig {}
- data Session
- defaultSessionConfig :: SessionConfig
Documentation
initializeCookieDb :: SessionConfig -> IO () Source
Reload the session database into memory, and fork the database sync and cleanup thread. This must be called before invoking scotty.
addSession :: SessionConfig -> ActionT Text IO (Maybe Session) Source
Add a session. This gives the user a SessionId cookie, and inserts a corresponding entry into the session store. It also returns the Session that was just inserted.
:: (MonadIO m, ScottyError e) | |
=> ActionT e m () | The action to perform if user is denied |
-> ActionT e m () | The action to perform if user is authorized |
-> ActionT e m () |
Check whether a user is authorized.
Example usage:
S.get "/auth_test" $ authCheck (redirect "/denied") $ S.text "authorized"
data SessionConfig Source
Configuration for the session database.
SessionConfig | |
|
Show Session Source | |
PersistFieldSql Session Source | |
PersistEntity Session Source | |
PersistField Session Source | |
ToBackendKey SqlBackend Session Source | |
Eq (Key Session) Source | |
Ord (Key Session) Source | |
Read (Key Session) Source | |
Show (Key Session) Source | |
ToJSON (Key Session) Source | |
FromJSON (Key Session) Source | |
PathPiece (Key Session) Source | |
PersistFieldSql (Key Session) Source | |
PersistField (Key Session) Source | |
data Unique Session Source | |
data EntityField Session where
| |
data Key Session = SessionKey {} Source | |
type PersistEntityBackend Session = SqlBackend Source |
defaultSessionConfig :: SessionConfig Source
Default settings for the session store. May not be suitable for all applications.
They are:
- dbPath = "sessions.sqlite",
- syncInterval = 1200 seconds (30 minutes),
- expirationInterval = 86400 seconds (1 day)