blob: 98b4932d47dac2fc07146b315888c082efc09aab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
{-# LANGUAGE OverloadedStrings, LambdaCase #-}
module Auth (
ensureAuth
) where
import Control.Monad (unless)
import Crypto.Hash (hash, Digest, SHA512)
import Data.ByteArray.Encoding (convertToBase, Base(Base64))
import Data.Text.Encoding (encodeUtf8)
import Yesod
import Config
ensureAuth :: MonadHandler m => Config -> m ()
ensureAuth cfg = lookupBasicAuth >>= \case
Nothing -> notAuthenticated
Just (user, pw) -> unless (hashSha512 pw == encodeUtf8 (confPwHash cfg) && user == confUser cfg) $ permissionDenied "Wrong username/password"
where hashSha512 pw = convertToBase Base64 $ (hash $ encodeUtf8 pw :: Digest SHA512)
|
