The repo contains server implementation of servant-auth-token-api.
At the moment you have two options for backend storage:
-
persistent backend - persistent backend, simple to integrate with your app.
-
acid-state backend - acid-state backend is light solution for in memory storage, but it is more difficult to integrate it with your app.
-
Possible candidates for other storage backends: VCache, leveldb, JSON files. To see how to implement them, see HasStorage type class.
Now you can use 'guardAuthToken' to check authorization headers in endpoints of your server:
-- | Read a single customer from DB
customerGet :: CustomerId -- ^ Customer unique id
-> MToken '["customer-read"] -- ^ Required permissions for auth token
-> ServerM Customer -- ^ Customer data
customerGet i token = do
guardAuthToken token
runDB404 "customer" $ getCustomer i