libghc-servant-server-doc 0.8.1-2 / usr / share / doc / libghc-servant-server-doc / html / src / Servant-Server-Internal-BasicAuth.html

This file is indexed.

/usr/share/doc/libghc-servant-server-doc/html/src/Servant-Server-Internal-BasicAuth.html is in libghc-servant-server-doc 0.8.1-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- Generated by HsColour, http://code.haskell.org/~malcolm/hscolour/ -->
<title>src/Servant/Server/Internal/BasicAuth.hs</title>
<link type='text/css' rel='stylesheet' href='hscolour.css' />
</head>
<body>
<pre><a name="line-1"></a><span class='hs-comment'>{-# LANGUAGE DeriveDataTypeable #-}</span>
<a name="line-2"></a><span class='hs-comment'>{-# LANGUAGE DeriveFunctor #-}</span>
<a name="line-3"></a><span class='hs-comment'>{-# LANGUAGE DeriveGeneric #-}</span>
<a name="line-4"></a><span class='hs-comment'>{-# LANGUAGE OverloadedStrings #-}</span>
<a name="line-5"></a>
<a name="line-6"></a><span class='hs-keyword'>module</span> <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>Server</span><span class='hs-varop'>.</span><span class='hs-conid'>Internal</span><span class='hs-varop'>.</span><span class='hs-conid'>BasicAuth</span> <span class='hs-keyword'>where</span>
<a name="line-7"></a>
<a name="line-8"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Control</span><span class='hs-varop'>.</span><span class='hs-conid'>Monad</span>          <span class='hs-layout'>(</span><span class='hs-varid'>guard</span><span class='hs-layout'>)</span>
<a name="line-9"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Control</span><span class='hs-varop'>.</span><span class='hs-conid'>Monad</span><span class='hs-varop'>.</span><span class='hs-conid'>Trans</span>    <span class='hs-layout'>(</span><span class='hs-varid'>liftIO</span><span class='hs-layout'>)</span>
<a name="line-10"></a><span class='hs-keyword'>import</span> <span class='hs-keyword'>qualified</span> <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span>        <span class='hs-keyword'>as</span> <span class='hs-conid'>BS</span>
<a name="line-11"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span><span class='hs-varop'>.</span><span class='hs-conid'>Base64</span> <span class='hs-layout'>(</span><span class='hs-varid'>decodeLenient</span><span class='hs-layout'>)</span>
<a name="line-12"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>Monoid</span>            <span class='hs-layout'>(</span><span class='hs-layout'>(</span><span class='hs-varop'>&lt;&gt;</span><span class='hs-layout'>)</span><span class='hs-layout'>)</span>
<a name="line-13"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>Typeable</span>          <span class='hs-layout'>(</span><span class='hs-conid'>Typeable</span><span class='hs-layout'>)</span>
<a name="line-14"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Data</span><span class='hs-varop'>.</span><span class='hs-conid'>Word8</span>             <span class='hs-layout'>(</span><span class='hs-varid'>isSpace</span><span class='hs-layout'>,</span> <span class='hs-varid'>toLower</span><span class='hs-layout'>,</span> <span class='hs-sel'>_colon</span><span class='hs-layout'>)</span>
<a name="line-15"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>GHC</span><span class='hs-varop'>.</span><span class='hs-conid'>Generics</span>
<a name="line-16"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Network</span><span class='hs-varop'>.</span><span class='hs-conid'>HTTP</span><span class='hs-varop'>.</span><span class='hs-conid'>Types</span>     <span class='hs-layout'>(</span><span class='hs-conid'>Header</span><span class='hs-layout'>)</span>
<a name="line-17"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Network</span><span class='hs-varop'>.</span><span class='hs-conid'>Wai</span>            <span class='hs-layout'>(</span><span class='hs-conid'>Request</span><span class='hs-layout'>,</span> <span class='hs-varid'>requestHeaders</span><span class='hs-layout'>)</span>
<a name="line-18"></a>
<a name="line-19"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>API</span><span class='hs-varop'>.</span><span class='hs-conid'>BasicAuth</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthData</span><span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthData</span><span class='hs-layout'>)</span><span class='hs-layout'>)</span>
<a name="line-20"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>Server</span><span class='hs-varop'>.</span><span class='hs-conid'>Internal</span><span class='hs-varop'>.</span><span class='hs-conid'>RoutingApplication</span>
<a name="line-21"></a><span class='hs-keyword'>import</span>           <span class='hs-conid'>Servant</span><span class='hs-varop'>.</span><span class='hs-conid'>Server</span><span class='hs-varop'>.</span><span class='hs-conid'>Internal</span><span class='hs-varop'>.</span><span class='hs-conid'>ServantErr</span>
<a name="line-22"></a>
<a name="line-23"></a><span class='hs-comment'>-- * Basic Auth</span>
<a name="line-24"></a>
<a name="line-25"></a><span class='hs-comment'>-- | servant-server's current implementation of basic authentication is not</span>
<a name="line-26"></a><span class='hs-comment'>-- immune to certian kinds of timing attacks. Decoding payloads does not take</span>
<a name="line-27"></a><span class='hs-comment'>-- a fixed amount of time.</span>
<a name="line-28"></a>
<a name="line-29"></a><a name="BasicAuthResult"></a><span class='hs-comment'>-- | The result of authentication/authorization</span>
<a name="line-30"></a><a name="BasicAuthResult"></a><span class='hs-keyword'>data</span> <span class='hs-conid'>BasicAuthResult</span> <span class='hs-varid'>usr</span>
<a name="line-31"></a>  <span class='hs-keyglyph'>=</span> <span class='hs-conid'>Unauthorized</span>
<a name="line-32"></a>  <span class='hs-keyglyph'>|</span> <span class='hs-conid'>BadPassword</span>
<a name="line-33"></a>  <span class='hs-keyglyph'>|</span> <span class='hs-conid'>NoSuchUser</span>
<a name="line-34"></a>  <span class='hs-keyglyph'>|</span> <span class='hs-conid'>Authorized</span> <span class='hs-varid'>usr</span>
<a name="line-35"></a>  <span class='hs-keyword'>deriving</span> <span class='hs-layout'>(</span><span class='hs-conid'>Eq</span><span class='hs-layout'>,</span> <span class='hs-conid'>Show</span><span class='hs-layout'>,</span> <span class='hs-conid'>Read</span><span class='hs-layout'>,</span> <span class='hs-conid'>Generic</span><span class='hs-layout'>,</span> <span class='hs-conid'>Typeable</span><span class='hs-layout'>,</span> <span class='hs-conid'>Functor</span><span class='hs-layout'>)</span>
<a name="line-36"></a>
<a name="line-37"></a><a name="BasicAuthCheck"></a><span class='hs-comment'>-- | Datatype wrapping a function used to check authentication.</span>
<a name="line-38"></a><a name="BasicAuthCheck"></a><span class='hs-keyword'>newtype</span> <span class='hs-conid'>BasicAuthCheck</span> <span class='hs-varid'>usr</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>BasicAuthCheck</span>
<a name="line-39"></a>  <span class='hs-layout'>{</span> <span class='hs-varid'>unBasicAuthCheck</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>BasicAuthData</span>
<a name="line-40"></a>                     <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>IO</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthResult</span> <span class='hs-varid'>usr</span><span class='hs-layout'>)</span>
<a name="line-41"></a>  <span class='hs-layout'>}</span>
<a name="line-42"></a>  <span class='hs-keyword'>deriving</span> <span class='hs-layout'>(</span><span class='hs-conid'>Generic</span><span class='hs-layout'>,</span> <span class='hs-conid'>Typeable</span><span class='hs-layout'>,</span> <span class='hs-conid'>Functor</span><span class='hs-layout'>)</span>
<a name="line-43"></a>
<a name="line-44"></a><a name="mkBAChallengerHdr"></a><span class='hs-comment'>-- | Internal method to make a basic-auth challenge</span>
<a name="line-45"></a><span class='hs-definition'>mkBAChallengerHdr</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Header</span>
<a name="line-46"></a><span class='hs-definition'>mkBAChallengerHdr</span> <span class='hs-varid'>realm</span> <span class='hs-keyglyph'>=</span> <span class='hs-layout'>(</span><span class='hs-str'>"WWW-Authenticate"</span><span class='hs-layout'>,</span> <span class='hs-str'>"Basic realm=\""</span> <span class='hs-varop'>&lt;&gt;</span> <span class='hs-varid'>realm</span> <span class='hs-varop'>&lt;&gt;</span> <span class='hs-str'>"\""</span><span class='hs-layout'>)</span>
<a name="line-47"></a>
<a name="line-48"></a><a name="decodeBAHdr"></a><span class='hs-comment'>-- | Find and decode an 'Authorization' header from the request as Basic Auth</span>
<a name="line-49"></a><span class='hs-definition'>decodeBAHdr</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Request</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>Maybe</span> <span class='hs-conid'>BasicAuthData</span>
<a name="line-50"></a><span class='hs-definition'>decodeBAHdr</span> <span class='hs-varid'>req</span> <span class='hs-keyglyph'>=</span> <span class='hs-keyword'>do</span>
<a name="line-51"></a>    <span class='hs-varid'>ah</span> <span class='hs-keyglyph'>&lt;-</span> <span class='hs-varid'>lookup</span> <span class='hs-str'>"Authorization"</span> <span class='hs-varop'>$</span> <span class='hs-varid'>requestHeaders</span> <span class='hs-varid'>req</span>
<a name="line-52"></a>    <span class='hs-keyword'>let</span> <span class='hs-layout'>(</span><span class='hs-varid'>b</span><span class='hs-layout'>,</span> <span class='hs-varid'>rest</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>break</span> <span class='hs-varid'>isSpace</span> <span class='hs-varid'>ah</span>
<a name="line-53"></a>    <span class='hs-varid'>guard</span> <span class='hs-layout'>(</span><span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>map</span> <span class='hs-varid'>toLower</span> <span class='hs-varid'>b</span> <span class='hs-varop'>==</span> <span class='hs-str'>"basic"</span><span class='hs-layout'>)</span>
<a name="line-54"></a>    <span class='hs-keyword'>let</span> <span class='hs-varid'>decoded</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>decodeLenient</span> <span class='hs-layout'>(</span><span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>dropWhile</span> <span class='hs-varid'>isSpace</span> <span class='hs-varid'>rest</span><span class='hs-layout'>)</span>
<a name="line-55"></a>    <span class='hs-keyword'>let</span> <span class='hs-layout'>(</span><span class='hs-varid'>username</span><span class='hs-layout'>,</span> <span class='hs-varid'>passWithColonAtHead</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>break</span> <span class='hs-layout'>(</span><span class='hs-varop'>==</span> <span class='hs-sel'>_colon</span><span class='hs-layout'>)</span> <span class='hs-varid'>decoded</span>
<a name="line-56"></a>    <span class='hs-layout'>(</span><span class='hs-keyword'>_</span><span class='hs-layout'>,</span> <span class='hs-varid'>password</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>&lt;-</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-varid'>uncons</span> <span class='hs-varid'>passWithColonAtHead</span>
<a name="line-57"></a>    <span class='hs-varid'>return</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthData</span> <span class='hs-varid'>username</span> <span class='hs-varid'>password</span><span class='hs-layout'>)</span>
<a name="line-58"></a>
<a name="line-59"></a><a name="runBasicAuth"></a><span class='hs-comment'>-- | Run and check basic authentication, returning the appropriate http error per</span>
<a name="line-60"></a><span class='hs-comment'>-- the spec.</span>
<a name="line-61"></a><span class='hs-definition'>runBasicAuth</span> <span class='hs-keyglyph'>::</span> <span class='hs-conid'>Request</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>BS</span><span class='hs-varop'>.</span><span class='hs-conid'>ByteString</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>BasicAuthCheck</span> <span class='hs-varid'>usr</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-conid'>DelayedIO</span> <span class='hs-varid'>usr</span>
<a name="line-62"></a><span class='hs-definition'>runBasicAuth</span> <span class='hs-varid'>req</span> <span class='hs-varid'>realm</span> <span class='hs-layout'>(</span><span class='hs-conid'>BasicAuthCheck</span> <span class='hs-varid'>ba</span><span class='hs-layout'>)</span> <span class='hs-keyglyph'>=</span>
<a name="line-63"></a>  <span class='hs-keyword'>case</span> <span class='hs-varid'>decodeBAHdr</span> <span class='hs-varid'>req</span> <span class='hs-keyword'>of</span>
<a name="line-64"></a>     <span class='hs-conid'>Nothing</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-varid'>plzAuthenticate</span>
<a name="line-65"></a>     <span class='hs-conid'>Just</span> <span class='hs-varid'>e</span>  <span class='hs-keyglyph'>-&gt;</span> <span class='hs-varid'>liftIO</span> <span class='hs-layout'>(</span><span class='hs-varid'>ba</span> <span class='hs-varid'>e</span><span class='hs-layout'>)</span> <span class='hs-varop'>&gt;&gt;=</span> <span class='hs-keyglyph'>\</span><span class='hs-varid'>res</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-keyword'>case</span> <span class='hs-varid'>res</span> <span class='hs-keyword'>of</span>
<a name="line-66"></a>       <span class='hs-conid'>BadPassword</span>    <span class='hs-keyglyph'>-&gt;</span> <span class='hs-varid'>plzAuthenticate</span>
<a name="line-67"></a>       <span class='hs-conid'>NoSuchUser</span>     <span class='hs-keyglyph'>-&gt;</span> <span class='hs-varid'>plzAuthenticate</span>
<a name="line-68"></a>       <span class='hs-conid'>Unauthorized</span>   <span class='hs-keyglyph'>-&gt;</span> <span class='hs-varid'>delayedFailFatal</span> <span class='hs-varid'>err403</span>
<a name="line-69"></a>       <span class='hs-conid'>Authorized</span> <span class='hs-varid'>usr</span> <span class='hs-keyglyph'>-&gt;</span> <span class='hs-varid'>return</span> <span class='hs-varid'>usr</span>
<a name="line-70"></a>  <span class='hs-keyword'>where</span> <span class='hs-varid'>plzAuthenticate</span> <span class='hs-keyglyph'>=</span> <span class='hs-varid'>delayedFailFatal</span> <span class='hs-varid'>err401</span> <span class='hs-layout'>{</span> <span class='hs-varid'>errHeaders</span> <span class='hs-keyglyph'>=</span> <span class='hs-keyglyph'>[</span><span class='hs-varid'>mkBAChallengerHdr</span> <span class='hs-varid'>realm</span><span class='hs-keyglyph'>]</span> <span class='hs-layout'>}</span>
</pre></body>
</html>

APT Browse - Built by Thomas Orozco.