packages feed

servant-auth-token-api 0.4.0.1 → 0.4.1.0

raw patch · 3 files changed

+50/−3 lines, 3 filesPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

API changes (from Hackage documentation)

+ Servant.API.Auth.Token: authCheckPerm :: Permission
+ Servant.API.Auth.Token: authUserIdPerm :: Permission
+ Servant.API.Auth.Token: type AuthCheckPermissionsMethod = "auth" :> ("check" :> (TokenHeader' '["auth-check"] :> (ReqBody '[JSON] (OnlyField "permissions" [Permission]) :> Get '[JSON] Bool)))
+ Servant.API.Auth.Token: type AuthGetUserIdMethod = "auth" :> ("userid" :> (TokenHeader' '["auth-userid"] :> Get '[JSON] (OnlyId UserId)))
- Servant.API.Auth.Token: type AuthAPI = AuthSigninMethod :<|> (AuthSigninGetCodeMethod :<|> (AuthSigninPostCodeMethod :<|> (AuthTouchMethod :<|> (AuthTokenInfoMethod :<|> (AuthSignoutMethod :<|> (AuthSignupMethod :<|> (AuthUsersMethod :<|> (AuthGetUserMethod :<|> (AuthPatchUserMethod :<|> (AuthPutUserMethod :<|> (AuthDeleteUserMethod :<|> (AuthRestoreMethod :<|> (AuthGetSingleUseCodes :<|> (AuthGetGroupMethod :<|> (AuthPostGroupMethod :<|> (AuthPutGroupMethod :<|> (AuthPatchGroupMethod :<|> (AuthDeleteGroupMethod :<|> AuthGroupsMethod))))))))))))))))))
+ Servant.API.Auth.Token: type AuthAPI = AuthSigninMethod :<|> (AuthSigninGetCodeMethod :<|> (AuthSigninPostCodeMethod :<|> (AuthTouchMethod :<|> (AuthTokenInfoMethod :<|> (AuthSignoutMethod :<|> (AuthSignupMethod :<|> (AuthUsersMethod :<|> (AuthGetUserMethod :<|> (AuthPatchUserMethod :<|> (AuthPutUserMethod :<|> (AuthDeleteUserMethod :<|> (AuthRestoreMethod :<|> (AuthGetSingleUseCodes :<|> (AuthGetGroupMethod :<|> (AuthPostGroupMethod :<|> (AuthPutGroupMethod :<|> (AuthPatchGroupMethod :<|> (AuthDeleteGroupMethod :<|> (AuthGroupsMethod :<|> (AuthCheckPermissionsMethod :<|> AuthGetUserIdMethod))))))))))))))))))))

Files

CHANGELOG.md view
@@ -1,3 +1,19 @@+0.4.1.0+=======++* Add `AuthCheckPermissionsMethod` endpoint.+* Add `AuthGetUserIdMethod` endpoint.++0.4.0.1+=======++* Relax `aeson` version bound.++0.4.0.0+=======++* Sync release with `servant-auth-token` package.+ 0.3.2.0 ======= 
servant-auth-token-api.cabal view
@@ -1,5 +1,5 @@ name:                servant-auth-token-api-version:             0.4.0.1+version:             0.4.1.0 synopsis:            Servant based API for token based authorisation description:         Please see README.md homepage:            https://github.com/ncrashed/servant-auth-token-api#readme
src/Servant/API/Auth/Token.hs view
@@ -41,6 +41,8 @@   , AuthPatchGroupMethod   , AuthDeleteGroupMethod   , AuthGroupsMethod+  , AuthCheckPermissionsMethod+  , AuthGetUserIdMethod   , authAPI   , authDocs   -- ** Permission symbol@@ -81,10 +83,12 @@   , PatchUserGroup(..)   -- ** Default permissions   , adminPerm-  , registerPerm+  , authCheckPerm+  , authDeletePerm   , authInfoPerm   , authUpdatePerm-  , authDeletePerm+  , authUserIdPerm+  , registerPerm   -- * Swagger helpers   , authOperations   ) where@@ -440,6 +444,8 @@   :<|> AuthPatchGroupMethod   :<|> AuthDeleteGroupMethod   :<|> AuthGroupsMethod+  :<|> AuthCheckPermissionsMethod+  :<|> AuthGetUserIdMethod  -- | How to get a token, expire of 'Nothing' means -- some default value (server config).@@ -644,6 +650,20 @@   :> TokenHeader' '["auth-info"]   :> Get '[JSON] (PagedList UserGroupId UserGroup) +-- | Check permissions of the token, if the passed token doesn't have permissions+-- that are passed via body, server returns 'False'. 401 status is returned+-- if the token owner is not permitted to check self permissions.+type AuthCheckPermissionsMethod = "auth" :> "check"+  :> TokenHeader' '["auth-check"]+  :> ReqBody '[JSON] (OnlyField "permissions" [Permission])+  :> Get '[JSON] Bool++-- | Get the user id of the owner of specified token. 401 error is raised if+-- the token doesn't have 'auth-userid' token.+type AuthGetUserIdMethod = "auth" :> "userid"+  :> TokenHeader' '["auth-userid"]+  :> Get '[JSON] (OnlyId UserId)+ -- | Proxy type for auth API, used to pass the type-level info into -- client/docs generation functions authAPI :: Proxy AuthAPI@@ -669,6 +689,15 @@ authDeletePerm :: Permission authDeletePerm = "auth-delete" +-- | Permission that allows to check permissions of token that has the+-- permission.+authCheckPerm :: Permission+authCheckPerm = "auth-check"++-- | Permission that allows to get user ID of owner of token.+authUserIdPerm :: Permission+authUserIdPerm = "auth-userid"+ -- | Select only operations of the Auth API authOperations :: Traversal' Swagger Operation authOperations = operationsOf $ toSwagger (Proxy :: Proxy AuthAPI)@@ -702,6 +731,8 @@     <> mkExtra (Proxy :: Proxy AuthPatchGroupMethod) "Patch info about given user group, requires 'authUpdatePerm' for token"     <> mkExtra (Proxy :: Proxy AuthDeleteGroupMethod) "Delete all info about given user group, requires 'authDeletePerm' for token"     <> mkExtra (Proxy :: Proxy AuthGroupsMethod) "Get list of user groups, requires 'authInfoPerm' for token "+    <> mkExtra (Proxy :: Proxy AuthCheckPermissionsMethod) "Check persistence of passed permissions of the token, requires 'authCheckPerm' for token"+    <> mkExtra (Proxy :: Proxy AuthGetUserIdMethod) "Get ID of owner of specified token, requires 'authUserIdPerm'"    mkExtra p s = extraInfo p $     defAction & notes <>~ [ DocNote "Description" [s] ]