servant-auth-token: Servant based API and server for token based authorisation

[ bsd3, library, web ] [ Propose Tags ] [ Report a vulnerability ]
This version is deprecated.
Versions [RSS] 0.1.0.0, 0.1.1.0, 0.1.2.0, 0.2.0.0, 0.2.0.1, 0.3.0.0, 0.3.1.0, 0.3.2.0, 0.4.0.0, 0.4.1.0, 0.4.1.1, 0.4.2.0, 0.4.3.0, 0.4.4.0, 0.4.4.1, 0.4.5.0, 0.4.6.0, 0.4.7.0, 0.4.7.1, 0.5.0.0, 0.5.1.0, 0.5.2.0, 0.5.3.0, 0.5.4.0, 0.5.5.0, 0.5.6.0 (info)
Change log CHANGELOG.md
Dependencies aeson-injector (>=1.0.4 && <1.1), base (>=4.7 && <5), bytestring (>=0.10 && <0.11), containers (>=0.5 && <0.6), mtl (>=2.2 && <2.3), pwstore-fast (>=2.4 && <2.5), servant-auth-token-api (>=0.4.2 && <0.5), servant-server (>=0.9 && <0.10), text (>=1.2 && <1.3), time (>=1.5 && <1.7), transformers (>=0.4 && <0.6), uuid (>=1.3 && <1.4) [details]
License BSD-3-Clause
Copyright 2016-2017 Anton Gushcha
Author Anton Gushcha <ncrashed@gmail.com> , Ivan Lazar Miljenovic <Ivan.Miljenovic@gmail.com>
Maintainer ncrashed@gmail.com
Category Web
Home page https://github.com/ncrashed/servant-auth-token#readme
Source repo head: git clone https://github.com/ncrashed/servant-auth-token
Uploaded by NCrashed at 2017-05-16T12:38:34Z
Distributions
Reverse Dependencies 5 direct, 1 indirect [details]
Downloads 14703 total (35 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2017-05-16 [all 1 reports]

Readme for servant-auth-token-0.4.6.0

[back to package description]

servant-auth-token

Build Status

The repo contains server implementation of servant-auth-token-api.

How to add to your server

At the moment you have two options for backend storage:

  • persistent backend - persistent backend, simple to integrate with your app.

  • acid-state backend - acid-state backend is light solution for in memory storage, but it is more difficult to integrate it with your app.

  • Possible candidates for other storage backends: VCache, leveldb, JSON files. To see how to implement them, see HasStorage type class.

Now you can use 'guardAuthToken' to check authorization headers in endpoints of your server:

-- | Read a single customer from DB
customerGet :: CustomerId -- ^ Customer unique id
  -> MToken '["customer-read"] -- ^ Required permissions for auth token
  -> ServerM Customer -- ^ Customer data
customerGet i token = do
  guardAuthToken token
  runDB404 "customer" $ getCustomer i