A fully functional app template for starting a new servant app with cookie authentication, postgresql-simple and postgresql-simple-migrations.
This version uses servant-auth for authentication, which is poised to become the standard authentication framework for servant
Check out the servant-auth-cookie branch for a version that uses servant-auth-cookie.
This is the result of my own Haskell learning experience - reviews, helpful suggestions & pull requests are welcome!
Prerequisites: Install stack and have a PostgreSQL database named 'servant-starter-app' running on port 5432, without authentication (see src/Database.hs if you require additional configuration).
Starting the server using stack:
stack setup
stack runStarting the server using nix:
nix-shell
cabal new-runTesting the API:
# create a new user
curl -X POST -v -H "Content-Type: application/json" -d '{"credentialsEmail":"user@example.com", "credentialsPassword":"a password"}' localhost:4000/user
# log in
curl -X POST -b cookies -c cookies -v -H "Content-Type: application/json" -d '{"credentialsEmail":"user@example.com", "credentialsPassword":"a password"}' localhost:4000/session
# access the protected user endpoint, which returns the user as a JSON object
# Note that servant-auth uses XSRF protection, so you need to set a header field (it only works once, as the xsrf cookie is renewed after each request
curl -b cookies -c cookies -v -H "Content-Type: application/json" -H "X-XSRF-TOKEN: <enter xsrf token from cookies file here>" localhost:4000/user
# log out (doesn't work yet)
curl -X DELETE -b cookies -c cookies -v -H "Content-Type: application/json" localhost:4000/session
# verify the user endpoint is not accessible anymore
curl -b cookies -c cookies -v -H "Content-Type: application/json" localhost:4000/user