diff options
author | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2015-10-13 21:28:48 -0400 |
---|---|---|
committer | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2015-10-13 21:28:48 -0400 |
commit | 7adcf4073b1e42a7a2a7baf2a0ffb14d76bdc660 (patch) | |
tree | 2b64b4df05f23d77d22b44bb7a9425dbc06a2f2a | |
parent | c32fae261c0991d7a1a4f81cfd28f736f812689e (diff) |
Authenticatiof of all API methods.
-rw-r--r-- | src/Main.hs | 32 | ||||
-rw-r--r-- | web/index.html | 17 |
2 files changed, 22 insertions, 27 deletions
diff --git a/src/Main.hs b/src/Main.hs index 187a9a6..97c849c 100644 --- a/src/Main.hs +++ b/src/Main.hs @@ -43,11 +43,15 @@ data RenameRequest = RenameRequest instance FromJSON RenameRequest instance ToJSON RenameError +type WithAuthentication = Header "X-Token" String type PhotoApi = - "albums" :> Get '[JSON] [Album] - :<|> "rename" :> ReqBody '[JSON] RenameRequest :> Post '[JSON] (Either RenameError ()) - :<|> "test" :> Header "X-Token" String :> Get '[JSON] String --- Introduce request header containing auth information. + "albums" + :> WithAuthentication + :> Get '[JSON] [Album] + :<|> "rename" + :> WithAuthentication + :> ReqBody '[JSON] RenameRequest + :> Post '[JSON] (Either RenameError ()) type Token = String @@ -60,24 +64,20 @@ config = Config , photosPath = flags_photos_path } -whenAuthenticated :: Maybe Token -> EitherT ServantErr IO a -> EitherT ServantErr IO a -whenAuthenticated (Just token) action = liftIO (isAuthenticated token) >>= \case - True -> action +checkAuthenticated :: Maybe Token -> EitherT ServantErr IO () +checkAuthenticated (Just token) = liftIO (isAuthenticated token) >>= \case + True -> return () False -> left err503 { errBody = "Not authenticated" } -whenAuthenticated Nothing _ = left err503 { errBody = "Missing token" } +checkAuthenticated Nothing = left err503 { errBody = "Missing token" } server :: Server PhotoApi server = albums :<|> rename - :<|> test - where albums = liftIO (getAlbums config) + where albums token = checkAuthenticated token >> liftIO (getAlbums config) - rename :: RenameRequest -> EitherT ServantErr IO (Either RenameError ()) - rename (RenameRequest from to) = liftIO $ - runEitherT (renameAlbum config from to) - - test = (`whenAuthenticated` test') - test' = return "Yay" + rename token (RenameRequest from to) = do + _ <- checkAuthenticated token + liftIO $ runEitherT (renameAlbum config from to) photoApi :: Proxy PhotoApi photoApi = Proxy diff --git a/web/index.html b/web/index.html index a17562e..3655b59 100644 --- a/web/index.html +++ b/web/index.html @@ -12,6 +12,8 @@ <link rel="stylesheet" href="style.css"> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script> <script> + var authentication_token = null; + function addPending(albumName) { function makeElement(name) { return $('<li>' + name + ' (<a href="javascript:void(0)">edit</a>)</li>'); @@ -45,6 +47,7 @@ function fetchAlbums() { $.ajax({ url: "/api/albums", + headers: {'X-Token': authentication_token}, success: function(data) { $('#pending-error').empty(); $('#pending-container').empty(); @@ -80,6 +83,7 @@ }; $.ajax({ url: '/api/rename', + headers: {'X-Token': authentication_token}, type: 'POST', contentType: 'application/json', data: JSON.stringify(request), @@ -100,21 +104,12 @@ console.log("Name: " + profile.getName()); console.log("Image URL: " + profile.getImageUrl()); console.log("Email: " + profile.getEmail()); - + authentication_token = googleUser.getAuthResponse().id_token; // The ID token you need to pass to your backend: var id_token = googleUser.getAuthResponse().id_token; console.log("ID Token: " + id_token); $('.g-signin2').remove(); - $.ajax({ - url: '/api/test', - headers: {'X-Token': id_token}, - success: function(data) { - console.log('Success:', data); - }, - error: function(data) { - console.log('Failure:', data); - } - }); + fetchAlbums(); }; </script> </head> |