servant-auth-token 0.4.1.1 → 0.4.2.0
raw patch · 4 files changed
+43/−3 lines, 4 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
+ Servant.Server.Auth.Token: authCheckPermissionsMethod :: AuthHandler m => MToken' '["auth-check"] -> OnlyField "permissions" [Permission] -> m Bool
+ Servant.Server.Auth.Token: authGetUserIdMethod :: AuthHandler m => MToken' '["auth-userid"] -> m (OnlyId UserId)
Files
- CHANGELOG.md +11/−0
- servant-auth-token.cabal +1/−1
- src/Servant/Server/Auth/Token.hs +22/−0
- stack.yaml +9/−2
CHANGELOG.md view
@@ -1,3 +1,14 @@+0.4.2.0+=======++* Add implementation for `AuthCheckPermissionsMethod` and `AuthGetUserIdMethod` endpoints.++0.4.1.1+=======++* Relax `aeson` and `opt-parse-applicative` bounds.+* Add `monad-control` instances.+ 0.4.1.0 =======
servant-auth-token.cabal view
@@ -1,5 +1,5 @@ name: servant-auth-token-version: 0.4.1.1+version: 0.4.2.0 synopsis: Servant based API and server for token based authorisation description: Please see README.md homepage: https://github.com/ncrashed/servant-auth-token#readme
src/Servant/Server/Auth/Token.hs view
@@ -57,6 +57,8 @@ , authGroupPatch , authGroupDelete , authGroupList+ , authCheckPermissionsMethod+ , authGetUserIdMethod -- * Low-level API , getAuthToken ) where@@ -109,6 +111,8 @@ :<|> authGroupPatch :<|> authGroupDelete :<|> authGroupList+ :<|> authCheckPermissionsMethod+ :<|> authGetUserIdMethod -- | Implementation of "signin" method authSignin :: AuthHandler m@@ -539,3 +543,21 @@ pagedListItems = catMaybes groups , pagedListPages = ceiling $ (fromIntegral total :: Double) / fromIntegral size }++-- | Check that the token has required permissions and return 'False' if it doesn't.+authCheckPermissionsMethod :: AuthHandler m+ => MToken' '["auth-check"] -- ^ Authorisation header with token+ -> OnlyField "permissions" [Permission] -- ^ Body with permissions to check+ -> m Bool -- ^ 'True' if all permissions are OK, 'False' if some permissions are not set for token and 401 error if the token doesn't have 'auth-check' permission.+authCheckPermissionsMethod token (OnlyField perms) = do+ guardAuthToken token+ let check = const True <$> guardAuthToken' (unToken <$> token) perms+ check `catchError` (\e -> if errHTTPCode e == 401 then pure True else throwError e)++-- | Get user ID for the owner of the speified token.+authGetUserIdMethod :: AuthHandler m+ => MToken' '["auth-userid"] -- ^ Authorisation header with token+ -> m (OnlyId UserId)+authGetUserIdMethod token = do+ guardAuthToken token+ OnlyField . respUserId <$> authToken (downgradeToken token)
stack.yaml view
@@ -39,24 +39,31 @@ - '.' - 'servant-auth-token-acid' - 'servant-auth-token-persistent'+- 'servant-auth-token-leveldb' - 'example/acid' - 'example/persistent'+- 'example/leveldb' # - location: # git: https://github.com/NCrashed/servant-auth-token-api.git # commit: d011f7bfecd18d07ff67ce9f67f8741e110a2719 # extra-dep: true-- '../servant-auth-token-api'+# - '../servant-auth-token-api' # Dependency packages to be pulled from upstream that are not in the resolver # (e.g., acme-missiles-0.3) extra-deps: - aeson-injector-1.0.7.0+- concurrent-extra-0.7.0.10 - http-api-data-0.3.5 - natural-transformation-0.4+- safecopy-store-0.9.2 - servant-0.9+- servant-auth-token-api-0.4.1.0 - servant-docs-0.9-- servant-auth-token-api-0.3.1.0 - servant-server-0.9+- store-0.3.1+- store-core-0.3+- th-utilities-0.2.0.1 # Override default flag values for local packages and extra-deps flags: {}