servant-auth-token-api 0.4.0.1 → 0.4.1.0
raw patch · 3 files changed
+50/−3 lines, 3 filesPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
API changes (from Hackage documentation)
+ Servant.API.Auth.Token: authCheckPerm :: Permission
+ Servant.API.Auth.Token: authUserIdPerm :: Permission
+ Servant.API.Auth.Token: type AuthCheckPermissionsMethod = "auth" :> ("check" :> (TokenHeader' '["auth-check"] :> (ReqBody '[JSON] (OnlyField "permissions" [Permission]) :> Get '[JSON] Bool)))
+ Servant.API.Auth.Token: type AuthGetUserIdMethod = "auth" :> ("userid" :> (TokenHeader' '["auth-userid"] :> Get '[JSON] (OnlyId UserId)))
- Servant.API.Auth.Token: type AuthAPI = AuthSigninMethod :<|> (AuthSigninGetCodeMethod :<|> (AuthSigninPostCodeMethod :<|> (AuthTouchMethod :<|> (AuthTokenInfoMethod :<|> (AuthSignoutMethod :<|> (AuthSignupMethod :<|> (AuthUsersMethod :<|> (AuthGetUserMethod :<|> (AuthPatchUserMethod :<|> (AuthPutUserMethod :<|> (AuthDeleteUserMethod :<|> (AuthRestoreMethod :<|> (AuthGetSingleUseCodes :<|> (AuthGetGroupMethod :<|> (AuthPostGroupMethod :<|> (AuthPutGroupMethod :<|> (AuthPatchGroupMethod :<|> (AuthDeleteGroupMethod :<|> AuthGroupsMethod))))))))))))))))))
+ Servant.API.Auth.Token: type AuthAPI = AuthSigninMethod :<|> (AuthSigninGetCodeMethod :<|> (AuthSigninPostCodeMethod :<|> (AuthTouchMethod :<|> (AuthTokenInfoMethod :<|> (AuthSignoutMethod :<|> (AuthSignupMethod :<|> (AuthUsersMethod :<|> (AuthGetUserMethod :<|> (AuthPatchUserMethod :<|> (AuthPutUserMethod :<|> (AuthDeleteUserMethod :<|> (AuthRestoreMethod :<|> (AuthGetSingleUseCodes :<|> (AuthGetGroupMethod :<|> (AuthPostGroupMethod :<|> (AuthPutGroupMethod :<|> (AuthPatchGroupMethod :<|> (AuthDeleteGroupMethod :<|> (AuthGroupsMethod :<|> (AuthCheckPermissionsMethod :<|> AuthGetUserIdMethod))))))))))))))))))))
Files
- CHANGELOG.md +16/−0
- servant-auth-token-api.cabal +1/−1
- src/Servant/API/Auth/Token.hs +33/−2
CHANGELOG.md view
@@ -1,3 +1,19 @@+0.4.1.0+=======++* Add `AuthCheckPermissionsMethod` endpoint.+* Add `AuthGetUserIdMethod` endpoint.++0.4.0.1+=======++* Relax `aeson` version bound.++0.4.0.0+=======++* Sync release with `servant-auth-token` package.+ 0.3.2.0 =======
servant-auth-token-api.cabal view
@@ -1,5 +1,5 @@ name: servant-auth-token-api-version: 0.4.0.1+version: 0.4.1.0 synopsis: Servant based API for token based authorisation description: Please see README.md homepage: https://github.com/ncrashed/servant-auth-token-api#readme
src/Servant/API/Auth/Token.hs view
@@ -41,6 +41,8 @@ , AuthPatchGroupMethod , AuthDeleteGroupMethod , AuthGroupsMethod+ , AuthCheckPermissionsMethod+ , AuthGetUserIdMethod , authAPI , authDocs -- ** Permission symbol@@ -81,10 +83,12 @@ , PatchUserGroup(..) -- ** Default permissions , adminPerm- , registerPerm+ , authCheckPerm+ , authDeletePerm , authInfoPerm , authUpdatePerm- , authDeletePerm+ , authUserIdPerm+ , registerPerm -- * Swagger helpers , authOperations ) where@@ -440,6 +444,8 @@ :<|> AuthPatchGroupMethod :<|> AuthDeleteGroupMethod :<|> AuthGroupsMethod+ :<|> AuthCheckPermissionsMethod+ :<|> AuthGetUserIdMethod -- | How to get a token, expire of 'Nothing' means -- some default value (server config).@@ -644,6 +650,20 @@ :> TokenHeader' '["auth-info"] :> Get '[JSON] (PagedList UserGroupId UserGroup) +-- | Check permissions of the token, if the passed token doesn't have permissions+-- that are passed via body, server returns 'False'. 401 status is returned+-- if the token owner is not permitted to check self permissions.+type AuthCheckPermissionsMethod = "auth" :> "check"+ :> TokenHeader' '["auth-check"]+ :> ReqBody '[JSON] (OnlyField "permissions" [Permission])+ :> Get '[JSON] Bool++-- | Get the user id of the owner of specified token. 401 error is raised if+-- the token doesn't have 'auth-userid' token.+type AuthGetUserIdMethod = "auth" :> "userid"+ :> TokenHeader' '["auth-userid"]+ :> Get '[JSON] (OnlyId UserId)+ -- | Proxy type for auth API, used to pass the type-level info into -- client/docs generation functions authAPI :: Proxy AuthAPI@@ -669,6 +689,15 @@ authDeletePerm :: Permission authDeletePerm = "auth-delete" +-- | Permission that allows to check permissions of token that has the+-- permission.+authCheckPerm :: Permission+authCheckPerm = "auth-check"++-- | Permission that allows to get user ID of owner of token.+authUserIdPerm :: Permission+authUserIdPerm = "auth-userid"+ -- | Select only operations of the Auth API authOperations :: Traversal' Swagger Operation authOperations = operationsOf $ toSwagger (Proxy :: Proxy AuthAPI)@@ -702,6 +731,8 @@ <> mkExtra (Proxy :: Proxy AuthPatchGroupMethod) "Patch info about given user group, requires 'authUpdatePerm' for token" <> mkExtra (Proxy :: Proxy AuthDeleteGroupMethod) "Delete all info about given user group, requires 'authDeletePerm' for token" <> mkExtra (Proxy :: Proxy AuthGroupsMethod) "Get list of user groups, requires 'authInfoPerm' for token "+ <> mkExtra (Proxy :: Proxy AuthCheckPermissionsMethod) "Check persistence of passed permissions of the token, requires 'authCheckPerm' for token"+ <> mkExtra (Proxy :: Proxy AuthGetUserIdMethod) "Get ID of owner of specified token, requires 'authUserIdPerm'" mkExtra p s = extraInfo p $ defAction & notes <>~ [ DocNote "Description" [s] ]