biscuit-servant: Servant support for the Biscuit security token

[ bsd3, library, security ] [ Propose Tags ]

Modules

[Index] [Quick Jump]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

Versions [RSS] 0.1.1.0, 0.2.0.0, 0.2.0.1, 0.2.1.0, 0.3.0.0
Change log ChangeLog.md
Dependencies base (>=4.7 && <5), biscuit-haskell (>=0.2 && <0.3), bytestring (>=0.10 && <0.11), mtl (>=2.2 && <2.3), servant-server (>=0.18 && <0.19), text (>=1.2 && <1.3), wai (>=3.2 && <3.3) [details]
License BSD-3-Clause
Copyright 2021 Clément Delafargue
Author Clément Delafargue
Maintainer clement@delafargue.name
Category Security
Home page https://github.com/divarvel/biscuit-haskell#readme
Bug tracker https://github.com/divarvel/biscuit-haskell/issues
Source repo head: git clone https://github.com/divarvel/biscuit-haskell
Uploaded by clementd at 2022-01-14T15:15:41Z
Distributions
Downloads 331 total (16 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs uploaded by user
Build status unknown [no reports yet]

Readme for biscuit-servant-0.2.0.1

[back to package description]

biscuit-servant 🤖 Hackage

Servant combinators to enable biscuit validation in your API trees

Usage

type AppM = WithAuthorizer Handler
type API = RequireBiscuit :> ProtectedAPI

-- /users
-- /users/:userId
type ProtectedAPI =
  "users" :> ( Get '[JSON] [User]
             :<|> Capture "userId" Int :> Get '[JSON] User
             )
app :: PublicKey -> Application
app pk = serveWithContext @API Proxy (genBiscuitCtx pk) server

server :: Server API
server biscuit =
  let handlers = userListHandler :<|> singleUserHandler
      handleAuth =
        handleBiscuit biscuit
        -- `allow if right("admin");` will be the first policy
        -- for every endpoint.
        -- Policies added by endpoints (or sub-apis) will tried after this one.
        . withPriorityAuthorizer [authorizer|allow if right("admin");|]
        -- `deny if true;` will be the last policy for every endpoint.
        -- Policies added by endpoints (or sub-apis) will tried before this one.
        . withFallbackAuthorizer [authorizer|deny if true;|]
  in hoistServer @ProtectedAPI Proxy handleAuth handlers

allUsers :: [User]
allUsers = [ User 1 "Danielle" "George"
           , User 2 "Albert" "Einstein"
           ]

userListHandler :: AppM [User]
userListHandler = withAuthorizer [authorizer|allow if right("userList")|]
  $ pure allUsers

singleUserHandler :: Int -> AppM User
singleUserHandler uid =
  withAuthorizer [authorizer|allow if right("getUser", ${uid})|] $
  let user = find (\user -> userId user == uid) allUsers
   in maybe (throwError error404) (\user -> pure user) user