@@ -38,63 +38,65 @@ import Network.Wai (Middleware, Request (..), Response,
3838 responseLBS )
3939
4040-- | Key where the verified biscuit is stored in the request context. The
41- -- ` Vault` module is designed to make keys opaque and unique, hence the use of
42- -- `IO` for key generation. Here we don’t care about unicity, we want the token
43- -- to be easily accessible. Hence the call to ` unsafePerformIO` .
41+ -- ' Vault' module is designed to make keys opaque and unique, hence the use of
42+ -- 'IO' for key generation. Here we don’t care about unicity, we want the token
43+ -- to be easily accessible. Hence the call to ' unsafePerformIO' .
4444{-# NOINLINE biscuitKey #-}
4545biscuitKey :: Vault. KeyBiscuit OpenOrSealed Verified )
4646biscuitKey = unsafePerformIO Vault. newKey
4747
4848-- | Key where the authorized biscuit is stored in the request context. The
49- -- ` Vault` module is designed to make keys opaque and unique, hence the use of
50- -- `IO` for key generation. Here we don’t care about unicity, we want the token
51- -- to be easily accessible. Hence the call to ` unsafePerformIO` .
49+ -- ' Vault' module is designed to make keys opaque and unique, hence the use of
50+ -- 'IO' for key generation. Here we don’t care about unicity, we want the token
51+ -- to be easily accessible. Hence the call to ' unsafePerformIO' .
5252{-# NOINLINE authorizedBiscuitKey #-}
5353authorizedBiscuitKey :: Vault. KeyAuthorizedBiscuit OpenOrSealed )
5454authorizedBiscuitKey = unsafePerformIO Vault. newKey
5555
5656-- | Retrieve the parsed token from the request context. It is meant to be used
57- -- in conjunction with the ` parseBiscuit` (or ` parseBiscuitWith` ) middleware.
58- -- It will not be set by the ` authorizeBiscuit'` (or ` authorizeBiscuitWith` )
57+ -- in conjunction with the ' parseBiscuit' (or ' parseBiscuitWith' ) middleware.
58+ -- It will not be set by the ' authorizeBiscuit'' (or ' authorizeBiscuitWith' )
5959-- middleware.
6060getBiscuit :: Request -> Maybe Biscuit OpenOrSealed Verified )
6161getBiscuit = Vault. lookup biscuitKey . vault
6262
6363-- | Retrieve the result of the successful authorization from the request
64- -- context. It is meant to be used in conjunction with the ` authorizeBiscuit'`
65- -- (or the ` authorizeBiscuitWith` ) middleware.
64+ -- context. It is meant to be used in conjunction with the ' authorizeBiscuit''
65+ -- (or the ' authorizeBiscuitWith' ) middleware.
6666getAuthorizedBiscuit :: Request -> Maybe AuthorizedBiscuit OpenOrSealed )
6767getAuthorizedBiscuit = Vault. lookup authorizedBiscuitKey . vault
6868
6969-- | Given a public key, generate a middleware that will extract a biscuit
7070-- token from incoming requests, parse it, and verify its signature. Requests
7171-- without a verified biscuit are rejected, and the verified biscuit is added
72- -- to the request context. __The token is not authorized, only parsed and has
73- -- its signature verified.__ Authorization is meant to be carried out in the
74- -- application itself. If you want to carry out authorization in the middleware,
75- -- have a look at `authorizeBiscuit'` (or `authorizeBiscuitWith`).
72+ -- to the request context.
73+ -- __The token is not authorized, only parsed and has its signature verified__.
74+ -- Authorization is meant to be carried out in the application itself. If you
75+ -- want to carry out authorization in the middleware, have a look at
76+ -- 'authorizeBiscuit'' (or 'authorizeBiscuitWith').
7677--
7778-- The token is expected as a base64-encoded string, provided as a bearer token
7879-- in the @Authorization@ header. A missing header results in a bodyless 401
7980-- HTTP response. An invalid token results in a bodyless 403 HTTP response.
8081-- Errors are logged to stdout.
8182--
8283-- If you need custom extraction, parsing or error handling, have a look at
83- -- ` parseBiscuitWith` .
84+ -- ' parseBiscuitWith' .
8485parseBiscuit :: PublicKey -> Middleware
8586parseBiscuit = parseBiscuitWith . defaultExtractionConfig
8687
8788-- | Given a way to extract a token from a request, parse it, and handle errors,
8889-- generate a middleware that will extract a biscuit token from incoming
8990-- requests, parse it, and verify its signature. Requests without a verified
9091-- biscuit are rejected, and the verified biscuit is added to the request
91- -- context. __The token is not authorized, only parsed and has its signature
92- -- verified. __Authorization is meant to be carried out in the application
93- -- itself. If you want to carry out authorization in the middleware, have a
94- -- look at `authorizeBiscuit'` (or `authorizeBiscuitWith`).
92+ -- context.
93+ -- __The token is not authorized, only parsed and has its signature verified__.
94+ -- Authorization is meant to be carried out in the application itself. If you
95+ -- want to carry out authorization in the middleware, have a look at
96+ -- 'authorizeBiscuit'' (or 'authorizeBiscuitWith').
9597--
9698-- If you don’t need custom extraction, parsing or error handling logic, have a
97- -- look at ` parseBiscuit` .
99+ -- look at ' parseBiscuit' .
98100parseBiscuitWith :: ExtractionConfig e -> Middleware
99101parseBiscuitWith config app req sendResponse = do
100102 let ExtractionConfig {extractToken,parseToken,handleError} = config
@@ -109,10 +111,11 @@ parseBiscuitWith config app req sendResponse = do
109111-- generate a middleware that will extract a biscuit token from incoming
110112-- requests, parse it, verify its signature and authorize it. Requests without
111113-- an authorized biscuit are rejected, and the authorized biscuit is added to
112- -- the request context. __The underlying application will only receive requests
113- -- where the whole authorization process succeeded.__ If you want to only parse
114- -- tokens and delegate actual authorization to the underlying application, have
115- -- a look at `parseBiscuit` (or `parseBiscuitWith`).
114+ -- the request context.
115+ -- __The underlying application will only receive requests where the whole authorization process succeeded.__
116+ -- If you want to only parse tokens and delegate actual authorization to the
117+ -- underlying application, have a look at 'parseBiscuit'
118+ -- (or 'parseBiscuitWith').
116119--
117120-- The token is expected as a base64-encoded string, provided as a bearer token
118121-- in the @Authorization@ header. A missing header results in a bodyless 401
@@ -121,22 +124,22 @@ parseBiscuitWith config app req sendResponse = do
121124-- Errors are logged to stdout.
122125--
123126-- If you need custom extraction, parsing, authorization or error handling,
124- -- have a look at ` authorizeBiscuitWith` .
127+ -- have a look at ' authorizeBiscuitWith' .
125128authorizeBiscuit' :: PublicKey -> (Request -> IO Authorizer ) -> Middleware
126129authorizeBiscuit' publicKey = authorizeBiscuitWith . defaultAuthorizationConfig publicKey
127130
128131-- | Given a way to extract a token from a request, parse it, authorized it and
129132-- handle errors, generate a middleware that will extract a biscuit token from
130133-- incoming requests, parse it, verify its signature and authorize it.
131134-- Requests without an authorized biscuit are rejected, and the authorized
132- -- biscuit is added to the request context. __The underlying application will
133- -- only receive requests where the whole authorization process succeeded .
134- -- __ If you want to only parse tokens and delegate actual authorization to the
135- -- underlying application, have a look at ` parseBiscuit` (or
136- -- ` parseBiscuitWith` ).
135+ -- biscuit is added to the request context.
136+ -- __The underlying application will only receive requests where the whole authorization process succeeded__ .
137+ -- If you want to only parse tokens and delegate actual authorization to the
138+ -- underlying application, have a look at ' parseBiscuit' (or
139+ -- ' parseBiscuitWith' ).
137140--
138141-- If you don’t need custom extraction, parsing, authorization, or error
139- -- handling logic, have a look at ` authorizeBiscuit'` .
142+ -- handling logic, have a look at ' authorizeBiscuit'' .
140143authorizeBiscuitWith :: AuthorizationConfig e -> Middleware
141144authorizeBiscuitWith config app req sendResponse = do
142145 let AuthorizationConfig {extractToken,parseToken,authorizeToken,handleError} = config
@@ -148,7 +151,7 @@ authorizeBiscuitWith config app req sendResponse = do
148151 eResult <- either (pure . Left
149152 either onError forward eResult
150153
151- -- | Configuration for ` parseBiscuitWith` .
154+ -- | Configuration for ' parseBiscuitWith' .
152155data ExtractionConfig e
153156 = ExtractionConfig
154157 -- | How to extract a token from a request
@@ -159,7 +162,7 @@ data ExtractionConfig e
159162 , handleError :: e -> IO Response
160163 }
161164
162- -- | Configuration for ` authorizeBiscuitWith` .
165+ -- | Configuration for ' authorizeBiscuitWith' .
163166data AuthorizationConfig e
164167 = AuthorizationConfig
165168 -- | How to extract a token from a request
0 commit comments