avers-server 0.0.19.0 → 0.1.0
raw patch · 4 files changed
+14/−10 lines, 4 filesdep −eitherPVP ok
version bump matches the API change (PVP)
Dependencies removed: either
API changes (from Hackage documentation)
Files
- avers-server.cabal +1/−2
- src/Avers/Server.hs +4/−2
- src/Avers/Server/Authorization.hs +6/−3
- src/Avers/Server/Instances.hs +3/−3
avers-server.cabal view
@@ -1,5 +1,5 @@ name: avers-server-version: 0.0.19.0+version: 0.1.0 synopsis: Server implementation of the Avers API description: Server implementation of the Avers API homepage: http://github.com/wereHamster/avers-server@@ -39,7 +39,6 @@ , containers , cookie , cryptonite- , either , http-types , memory , mtl
src/Avers/Server.hs view
@@ -68,7 +68,8 @@ credentialsObjId :: Handle -> Credentials -> Handler ObjId credentialsObjId aversH cred = do errOrObjId <- case cred of- SessionIdCredential sId -> liftIO $ evalAvers aversH $+ CredAnonymous -> throwError err401+ CredSessionId sId -> liftIO $ evalAvers aversH $ sessionObjId <$> lookupSession sId case errOrObjId of@@ -296,7 +297,8 @@ serveChangeSecret cred ChangeSecretBody{..} = do reqAvers aversH $ do Session{..} <- case cred of- SessionIdCredential sId -> lookupSession sId+ CredAnonymous -> throwError NotAuthorized+ CredSessionId sId -> lookupSession sId updateSecret (SecretId $ unObjId sessionObjId) csbNewSecret
src/Avers/Server/Authorization.hs view
@@ -47,19 +47,22 @@ , lookupObjectAuthz = \cred objId -> [ sufficient $ do session <- case cred of- SessionIdCredential sId -> lookupSession sId+ CredAnonymous -> throwError NotAuthorized+ CredSessionId sId -> lookupSession sId sessionCreatedObject session objId ] , patchObjectAuthz = \cred objId _ -> [ sufficient $ do session <- case cred of- SessionIdCredential sId -> lookupSession sId+ CredAnonymous -> throwError NotAuthorized+ CredSessionId sId -> lookupSession sId sessionCreatedObject session objId ] , deleteObjectAuthz = \cred objId -> [ sufficient $ do session <- case cred of- SessionIdCredential sId -> lookupSession sId+ CredAnonymous -> throwError NotAuthorized+ CredSessionId sId -> lookupSession sId sessionCreatedObject session objId ] , uploadBlobAuthz = \_ _ -> [pure AllowR]
src/Avers/Server/Instances.hs view
@@ -43,10 +43,10 @@ mbSessionIdText = lookup "session" =<< fmap parseCookiesText mbCookieHeaders case mbSessionIdText of- Nothing -> delayedFailFatal err401+ Nothing -> pure CredAnonymous Just sessionIdText -> case parseQueryParam sessionIdText of- Left _ -> delayedFailFatal err401- Right sId -> pure $ SessionIdCredential $ SessionId sId+ Left _ -> delayedFailFatal err400+ Right sId -> pure $ CredSessionId $ SessionId sId