/usr/share/doc/libghc-servant-server-doc/html/src/Servant-Server-Internal-BasicAuth.html is in libghc-servant-server-doc 0.8.1-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- Generated by HsColour, http://code.haskell.org/~malcolm/hscolour/ -->
<title>src/Servant/Server/Internal/BasicAuth.hs</title>
<link type='text/css' rel='stylesheet' href='hscolour.css' />
</head>
<body>
<pre><a name="line-1"></a><span class='hs-comment'>{-# LANGUAGE DeriveDataTypeable #-}</span>
<a name="line-2"></a><span class='hs-comment'>{-# LANGUAGE DeriveFunctor #-}</span>
<a name="line-3"></a><span class='hs-comment'>{-# LANGUAGE DeriveGeneric #-}</span>
<a name="line-4"></a><span class='hs-comment'>{-# LANGUAGE OverloadedStrings #-}</span>
<a name="line-5"></a>
<a name="line-6"></a><span class='hs-keyword'>module</span> <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>Server</span><span class='hs-varop'>.</span><span class='hs-conid'>Internal</span><span class='hs-varop'>.</span><span class='hs-conid'>BasicAuth</span> <span class='hs-keyword'>where</span>
<a name="line-7"></a>
<a name="line-8"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Control</span><span class='hs-varop'>.</span><span class='hs-conid'>Monad</span> <span class='hs-layout'>(</span><span class='hs-varid'>guard</span><span class='hs-layout'>)</span>
<a name="line-9"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Control</span><span class='hs-varop'>.</span><span class='hs-conid'>Monad</span><span class='hs-varop'>.</span><span class='hs-conid'>Trans</span> <span class='hs-layout'>(</span><span class='hs-varid'>liftIO</span><span class='hs-layout'>)</span>
<a name="line-10"></a><span class='hs-keyword'>import</span> <span class='hs-keyword'>qualified</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span> <span class='hs-keyword'>as</span> <span class='hs-conid'>BS</span>
<a name="line-11"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span><span class='hs-varop'>.</span><span class='hs-conid'>Base64</span> <span class='hs-layout'>(</span><span class='hs-varid'>decodeLenient</span><span class='hs-layout'>)</span>
<a name="line-12"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>Monoid</span> <span class='hs-layout'>(</span><span class='hs-layout'>(</span><span class='hs-varop'><></span><span class='hs-layout'>)</span><span class='hs-layout'>)</span>
<a name="line-13"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>Typeable</span> <span class='hs-layout'>(</span><span class='hs-conid'>Typeable</span><span class='hs-layout'>)</span>
<a name="line-14"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>Word8</span> <span class='hs-layout'>(</span><span class='hs-varid'>isSpace</span><span class='hs-layout'>,</span> <span class='hs-varid'>toLower</span><span class='hs-layout'>,</span> <span class='hs-sel'>_colon</span><span class='hs-layout'>)</span>
<a name="line-15"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>GHC</span><span class='hs-varop'>.</span><span class='hs-conid'>Generics</span>
<a name="line-16"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Network</span><span class='hs-varop'>.</span><span class='hs-conid'>HTTP</span><span class='hs-varop'>.</span><span class='hs-conid'>Types</span> <span class='hs-layout'>(</span><span class='hs-conid'>Header</span><span class='hs-layout'>)</span>
<a name="line-17"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Network</span><span class='hs-varop'>.</span><span class='hs-conid'>Wai</span> <span class='hs-layout'>(</span><span class='hs-conid'>Request</span><span class='hs-layout'>,</span> <span class='hs-varid'>requestHeaders</span><span class='hs-layout'>)</span>
<a name="line-18"></a>
<a name="line-19"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>API</span><span class='hs-varop'>.</span><span class='hs-conid'>BasicAuth</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthData</span><span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthData</span><span class='hs-layout'>)</span><span class='hs-layout'>)</span>
<a name="line-20"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>Server</span><span class='hs-varop'>.</span><span class='hs-conid'>Internal</span><span class='hs-varop'>.</span><span class='hs-conid'>RoutingApplication</span>
<a name="line-21"></a><span class='hs-keyword'>import</span> <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>Server</span><span class='hs-varop'>.</span><span class='hs-conid'>Internal</span><span class='hs-varop'>.</span><span class='hs-conid'>ServantErr</span>
<a name="line-22"></a>
<a name="line-23"></a><span class='hs-comment'>-- * Basic Auth</span>
<a name="line-24"></a>
<a name="line-25"></a><span class='hs-comment'>-- | servant-server's current implementation of basic authentication is not</span>
<a name="line-26"></a><span class='hs-comment'>-- immune to certian kinds of timing attacks. Decoding payloads does not take</span>
<a name="line-27"></a><span class='hs-comment'>-- a fixed amount of time.</span>
<a name="line-28"></a>
<a name="line-29"></a><a name="BasicAuthResult"></a><span class='hs-comment'>-- | The result of authentication/authorization</span>
<a name="line-30"></a><a name="BasicAuthResult"></a><span class='hs-keyword'>data</span> <span class='hs-conid'>BasicAuthResult</span> <span class='hs-varid'>usr</span>
<a name="line-31"></a> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>Unauthorized</span>
<a name="line-32"></a> <span class='hs-keyglyph'>|</span> <span class='hs-conid'>BadPassword</span>
<a name="line-33"></a> <span class='hs-keyglyph'>|</span> <span class='hs-conid'>NoSuchUser</span>
<a name="line-34"></a> <span class='hs-keyglyph'>|</span> <span class='hs-conid'>Authorized</span> <span class='hs-varid'>usr</span>
<a name="line-35"></a> <span class='hs-keyword'>deriving</span> <span class='hs-layout'>(</span><span class='hs-conid'>Eq</span><span class='hs-layout'>,</span> <span class='hs-conid'>Show</span><span class='hs-layout'>,</span> <span class='hs-conid'>Read</span><span class='hs-layout'>,</span> <span class='hs-conid'>Generic</span><span class='hs-layout'>,</span> <span class='hs-conid'>Typeable</span><span class='hs-layout'>,</span> <span class='hs-conid'>Functor</span><span class='hs-layout'>)</span>
<a name="line-36"></a>
<a name="line-37"></a><a name="BasicAuthCheck"></a><span class='hs-comment'>-- | Datatype wrapping a function used to check authentication.</span>
<a name="line-38"></a><a name="BasicAuthCheck"></a><span class='hs-keyword'>newtype</span> <span class='hs-conid'>BasicAuthCheck</span> <span class='hs-varid'>usr</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>BasicAuthCheck</span>
<a name="line-39"></a> <span class='hs-layout'>{</span> <span class='hs-varid'>unBasicAuthCheck</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>BasicAuthData</span>
<a name="line-40"></a> <span class='hs-keyglyph'>-></span> <span class='hs-conid'>IO</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthResult</span> <span class='hs-varid'>usr</span><span class='hs-layout'>)</span>
<a name="line-41"></a> <span class='hs-layout'>}</span>
<a name="line-42"></a> <span class='hs-keyword'>deriving</span> <span class='hs-layout'>(</span><span class='hs-conid'>Generic</span><span class='hs-layout'>,</span> <span class='hs-conid'>Typeable</span><span class='hs-layout'>,</span> <span class='hs-conid'>Functor</span><span class='hs-layout'>)</span>
<a name="line-43"></a>
<a name="line-44"></a><a name="mkBAChallengerHdr"></a><span class='hs-comment'>-- | Internal method to make a basic-auth challenge</span>
<a name="line-45"></a><span class='hs-definition'>mkBAChallengerHdr</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span> <span class='hs-keyglyph'>-></span> <span class='hs-conid'>Header</span>
<a name="line-46"></a><span class='hs-definition'>mkBAChallengerHdr</span> <span class='hs-varid'>realm</span> <span class='hs-keyglyph'>=</span> <span class='hs-layout'>(</span><span class='hs-str'>"WWW-Authenticate"</span><span class='hs-layout'>,</span> <span class='hs-str'>"Basic realm=\""</span> <span class='hs-varop'><></span> <span class='hs-varid'>realm</span> <span class='hs-varop'><></span> <span class='hs-str'>"\""</span><span class='hs-layout'>)</span>
<a name="line-47"></a>
<a name="line-48"></a><a name="decodeBAHdr"></a><span class='hs-comment'>-- | Find and decode an 'Authorization' header from the request as Basic Auth</span>
<a name="line-49"></a><span class='hs-definition'>decodeBAHdr</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Request</span> <span class='hs-keyglyph'>-></span> <span class='hs-conid'>Maybe</span> <span class='hs-conid'>BasicAuthData</span>
<a name="line-50"></a><span class='hs-definition'>decodeBAHdr</span> <span class='hs-varid'>req</span> <span class='hs-keyglyph'>=</span> <span class='hs-keyword'>do</span>
<a name="line-51"></a> <span class='hs-varid'>ah</span> <span class='hs-keyglyph'><-</span> <span class='hs-varid'>lookup</span> <span class='hs-str'>"Authorization"</span> <span class='hs-varop'>$</span> <span class='hs-varid'>requestHeaders</span> <span class='hs-varid'>req</span>
<a name="line-52"></a> <span class='hs-keyword'>let</span> <span class='hs-layout'>(</span><span class='hs-varid'>b</span><span class='hs-layout'>,</span> <span class='hs-varid'>rest</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>break</span> <span class='hs-varid'>isSpace</span> <span class='hs-varid'>ah</span>
<a name="line-53"></a> <span class='hs-varid'>guard</span> <span class='hs-layout'>(</span><span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>map</span> <span class='hs-varid'>toLower</span> <span class='hs-varid'>b</span> <span class='hs-varop'>==</span> <span class='hs-str'>"basic"</span><span class='hs-layout'>)</span>
<a name="line-54"></a> <span class='hs-keyword'>let</span> <span class='hs-varid'>decoded</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>decodeLenient</span> <span class='hs-layout'>(</span><span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>dropWhile</span> <span class='hs-varid'>isSpace</span> <span class='hs-varid'>rest</span><span class='hs-layout'>)</span>
<a name="line-55"></a> <span class='hs-keyword'>let</span> <span class='hs-layout'>(</span><span class='hs-varid'>username</span><span class='hs-layout'>,</span> <span class='hs-varid'>passWithColonAtHead</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>break</span> <span class='hs-layout'>(</span><span class='hs-varop'>==</span> <span class='hs-sel'>_colon</span><span class='hs-layout'>)</span> <span class='hs-varid'>decoded</span>
<a name="line-56"></a> <span class='hs-layout'>(</span><span class='hs-keyword'>_</span><span class='hs-layout'>,</span> <span class='hs-varid'>password</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'><-</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>uncons</span> <span class='hs-varid'>passWithColonAtHead</span>
<a name="line-57"></a> <span class='hs-varid'>return</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthData</span> <span class='hs-varid'>username</span> <span class='hs-varid'>password</span><span class='hs-layout'>)</span>
<a name="line-58"></a>
<a name="line-59"></a><a name="runBasicAuth"></a><span class='hs-comment'>-- | Run and check basic authentication, returning the appropriate http error per</span>
<a name="line-60"></a><span class='hs-comment'>-- the spec.</span>
<a name="line-61"></a><span class='hs-definition'>runBasicAuth</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Request</span> <span class='hs-keyglyph'>-></span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span> <span class='hs-keyglyph'>-></span> <span class='hs-conid'>BasicAuthCheck</span> <span class='hs-varid'>usr</span> <span class='hs-keyglyph'>-></span> <span class='hs-conid'>DelayedIO</span> <span class='hs-varid'>usr</span>
<a name="line-62"></a><span class='hs-definition'>runBasicAuth</span> <span class='hs-varid'>req</span> <span class='hs-varid'>realm</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthCheck</span> <span class='hs-varid'>ba</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span>
<a name="line-63"></a> <span class='hs-keyword'>case</span> <span class='hs-varid'>decodeBAHdr</span> <span class='hs-varid'>req</span> <span class='hs-keyword'>of</span>
<a name="line-64"></a> <span class='hs-conid'>Nothing</span> <span class='hs-keyglyph'>-></span> <span class='hs-varid'>plzAuthenticate</span>
<a name="line-65"></a> <span class='hs-conid'>Just</span> <span class='hs-varid'>e</span> <span class='hs-keyglyph'>-></span> <span class='hs-varid'>liftIO</span> <span class='hs-layout'>(</span><span class='hs-varid'>ba</span> <span class='hs-varid'>e</span><span class='hs-layout'>)</span> <span class='hs-varop'>>>=</span> <span class='hs-keyglyph'>\</span><span class='hs-varid'>res</span> <span class='hs-keyglyph'>-></span> <span class='hs-keyword'>case</span> <span class='hs-varid'>res</span> <span class='hs-keyword'>of</span>
<a name="line-66"></a> <span class='hs-conid'>BadPassword</span> <span class='hs-keyglyph'>-></span> <span class='hs-varid'>plzAuthenticate</span>
<a name="line-67"></a> <span class='hs-conid'>NoSuchUser</span> <span class='hs-keyglyph'>-></span> <span class='hs-varid'>plzAuthenticate</span>
<a name="line-68"></a> <span class='hs-conid'>Unauthorized</span> <span class='hs-keyglyph'>-></span> <span class='hs-varid'>delayedFailFatal</span> <span class='hs-varid'>err403</span>
<a name="line-69"></a> <span class='hs-conid'>Authorized</span> <span class='hs-varid'>usr</span> <span class='hs-keyglyph'>-></span> <span class='hs-varid'>return</span> <span class='hs-varid'>usr</span>
<a name="line-70"></a> <span class='hs-keyword'>where</span> <span class='hs-varid'>plzAuthenticate</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>delayedFailFatal</span> <span class='hs-varid'>err401</span> <span class='hs-layout'>{</span> <span class='hs-varid'>errHeaders</span> <span class='hs-keyglyph'>=</span> <span class='hs-keyglyph'>[</span><span class='hs-varid'>mkBAChallengerHdr</span> <span class='hs-varid'>realm</span><span class='hs-keyglyph'>]</span> <span class='hs-layout'>}</span>
</pre></body>
</html>
|