haskell - How do you use Snap's authentication mechanisms during a single POST request? -

haskell - How do you use Snap's authentication mechanisms during a single POST request? -

i'm working on haskell snap-based web app, , want expose api endpoint invoked remote service without establishing authenticated session a-priori; however, want request authenticated, credentials should provided @ time of request.

you imagine request containing 4 fields:

username password payload id payload file

the payload id , file might irrelevant question, include them because (a) need back upwards file uploads in request (which, understand it, restricts encoding used send fields) , (b) need retrieve @ to the lowest degree 1 non-file field. combination of things posed difficulty when set without authentication, perhaps relevant.

in snap parlance, let's phone call handler uploadhandler.

as indicated above, have working fine without authentication, setup this:

uploadhandler :: handler app app () uploadhandler = -- collect files / form fields , process needed. -- , using routes: routes :: [(bytestring, handler app app ())] routes = [ ("/login", auth handleloginsubmit) , ("/logout", auth handlelogout) , ("/new_user", auth handlenewuser) -- handle upload: , ("/upload", handleupload) ]

the naive solution add together 'with auth' , alter type of handleupload:

uploadhandler :: handler app (authmanager app) () uploadhandler = -- collect files / form fields , process needed. -- , using routes: routes :: [(bytestring, handler app app ())] routes = [ ("/login", auth handleloginsubmit) , ("/logout", auth handlelogout) , ("/new_user", auth handlenewuser) -- handle upload, auth: , ("/upload", auth handleupload) ]

however, seems require 2 requests: (i) authenticate , found session, (ii) send post request containing actual payload.

i found way in 1 request, seems there should more elegant means. here's illustration restricted post handler i've hacked together:

restrictedpost :: handler app (authmanager app) () restrictedpost = mname <- getpostparam "username" mpass <- getpostparam "password" allow uname = c8.unpack $ frommaybe "" mname pass = cleartext $ frommaybe "" mpass authresult <- loginbyusername (t.pack uname) pass false case authresult of left authfail -> writetext "could not log in" right user -> writetext (t.append "hello " (userlogin user))

is there 'with auth' can utilize instead of turning illustration (restrictedpost) combinator? realize may need know fields credentials out of, know little web services (maybe there means? maybe total non-issue, , don't know how check auth post requests. i'm open suggestions!)

i don't think understand with auth doing. has nil whether authentication required. convert handler b (authmanager b) handler b v. no permissions checks performed. restrictedpost function has right idea.

authentication haskell snap-framework