yu-auth-0.1.1.10: src/Yu/Auth.hs
{-
Copyright (C) 2017-2018 Johann Lee <me@qinka.pro>
This file is part of Yu.
Yu is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Yu is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Yu. If not, see <http://www.gnu.org/licenses/>.
-}
{-|
Module: Yu.Auth
Description: The methods for authentication
Copyright: (C) 2017-2018 Johann Lee <me@qinka.pro>
License: GPL3
Maintainer: me@qinka.pro
Stability: experimental
Portability: unknown
The methods about authentication for Yu (using Yesod)
-}
{-# LANGUAGE FunctionalDependencies #-}
{-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE OverloadedStrings #-}
module Yu.Auth
( -- * check whether it is authorized
checkAuth
, -- * Type Class to limit
Auth(..)
, -- * reexport module
module Yu.Auth.Core
) where
import Control.Applicative
import Control.Monad.IO.Class
import Yesod.Core
import Yu.Auth.Core
import Yu.Import.ByteString (ByteString)
import qualified Yu.Import.ByteString as B
import qualified Yu.Import.Text as T
-- | The class to limit the an application with it hash algorithm
-- and the password of the site.
class HashAlgorithm a => Auth site a | site -> a where
-- | to get the HASH
tokenHash :: MonadIO m => site -> m a
-- | to get the password
tokenItem :: MonadIO m => site -> m ByteString
-- | check auth
checkAuth :: Auth site hash
=> HandlerT site IO AuthResult -- ^ return result
checkAuth = do -- Handler _ IO
site <- getYesod
item <- tokenItem site
hash <- tokenHash site
token <- fetchToken
liftIO $ print $ generateHash hash item
liftIO $ print token
case verifyHash hash item <$> token of
-- success
Just True -> return Authorized
-- failure
_ -> return $ Unauthorized "Who are you! The thing did not answer."
-- | fetch
fetchToken :: Auth site hash
=> HandlerT site IO (Maybe ByteString)
fetchToken = do
ct <- fmap T.encodeUtf8 <$> lookupCookie "Token"
gt <- fmap T.encodeUtf8 <$> lookupGetParam "Token"
pt <- fmap T.encodeUtf8 <$> lookupPostParam "Token"
ht <- lookupHeader "Token"
ca <- fmap T.encodeUtf8 <$> lookupCookie "Authorization"
ga <- fmap T.encodeUtf8 <$> lookupGetParam "Authorization"
pa <- fmap T.encodeUtf8 <$> lookupPostParam "Authorization"
ha <- lookupHeader "Authorization"
return $ ca <|> ct <|> pa <|> pt <|> ga <|> gt <|> ha <|> ht