From 6513755670892983db88a6633b8c1ea6019c03d1 Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Fri, 15 Nov 2024 14:55:37 -0500 Subject: Re-namespace some stuff to Omni I was getting confused about what is a product and what is internal infrastructure; I think it is good to keep those things separate. So I moved a bunch of stuff to an Omni namespace, actually most stuff went there. Only things that are explicitly external products are still in the Biz namespace. --- Biz/Auth.hs | 141 ------------------------------------------------------------ 1 file changed, 141 deletions(-) delete mode 100644 Biz/Auth.hs (limited to 'Biz/Auth.hs') diff --git a/Biz/Auth.hs b/Biz/Auth.hs deleted file mode 100644 index 73022d7..0000000 --- a/Biz/Auth.hs +++ /dev/null @@ -1,141 +0,0 @@ -{-# LANGUAGE DataKinds #-} -{-# LANGUAGE DeriveAnyClass #-} -{-# LANGUAGE DeriveGeneric #-} -{-# LANGUAGE OverloadedStrings #-} -{-# LANGUAGE RecordWildCards #-} - --- | A module for common OAuth flows. --- --- Consider using authenticate-oauth package -module Biz.Auth - ( -- * OAuth - OAuthResponse (..), - OAuthArgs (..), - - -- * GitHub Authentication - GitHub (..), - githubOauth, - - -- * Servant Helpers - SetCookies, - liveCookieSettings, - testCookieSettings, - ) -where - -import Alpha -import qualified Data.Aeson as Aeson -import Network.HTTP.Req ((/:), (=:)) -import qualified Network.HTTP.Req as Req -import Servant (Header, Headers) -import qualified Servant.Auth.Server as Auth -import qualified System.Envy as Envy - --- | Use this instead of 'mempty' for explicity. -notset :: Text -notset = "notset" - --- | Wrapper around 'Auth.SetCookie' that you can put in a servant path --- descriptor. -type SetCookies ret = - (Headers '[Header "Set-Cookie" Auth.SetCookie, Header "Set-Cookie" Auth.SetCookie] ret) - -liveCookieSettings :: Auth.CookieSettings -liveCookieSettings = - Auth.defaultCookieSettings - { Auth.cookieIsSecure = Auth.Secure, - -- disable XSRF protection because we don't use any javascript - Auth.cookieXsrfSetting = Nothing - } - -testCookieSettings :: Auth.CookieSettings -testCookieSettings = - Auth.defaultCookieSettings - { Auth.cookieIsSecure = Auth.NotSecure, - Auth.cookieXsrfSetting = Nothing - } - --- | These are arguments that a 3rd-party OAuth provider needs in order for us --- to authenticate a user. -data OAuthArgs = OAuthArgs - { clientSecret :: Text, - clientId :: Text, - clientState :: Text - } - deriving (Generic, Show) - -instance Envy.DefConfig OAuthArgs where - defConfig = - OAuthArgs - { clientSecret = notset, - clientId = notset, - clientState = notset - } - -instance Envy.FromEnv OAuthArgs - --- | A type for parsing JSON auth responses, used in 'githubOauth' below. --- Should be moved to Biz.Auth with others. -data OAuthResponse = OAuthResponse - { access_token :: Text, - scope :: Text, - token_type :: Text - } - deriving (Generic, Aeson.FromJSON) - -newtype GitHub = GitHub OAuthArgs - deriving (Show, Generic) - -instance Envy.DefConfig GitHub where - defConfig = - GitHub - <| OAuthArgs - { clientSecret = notset, - clientId = notset, - clientState = notset - } - -instance Envy.FromEnv GitHub where - fromEnv Nothing = - GitHub - - -- | This should be GitHub.Token but GitHub.Auth doesn't export Token. - Text -> - IO OAuthResponse -githubOauth (GitHub OAuthArgs {..}) code = - accessTokenRequest - /> Req.responseBody - |> Req.runReq Req.defaultHttpConfig - where - accessTokenRequest :: Req.Req (Req.JsonResponse OAuthResponse) - accessTokenRequest = - Req.req - Req.POST - (Req.https "github.com" /: "login" /: "oauth" /: "access_token") - Req.NoReqBody - Req.jsonResponse - <| "client_id" - =: clientId - <> "client_secret" - =: clientSecret - <> "code" - =: code - <> "state" - =: clientState -- cgit v1.2.3