Snap.Snaplet.Auth helper functions
48 views
Skip to first unread message
Janne Hellsten
Sep 23, 2012, 5:00:32 AM9/23/12
to snap_fr...@googlegroups.com
Hi all,
I'm developing a small web app using Snap with snaplet-auth and
snaplet-sqlite-simple [1].
While using some of the Snap.Snaplet.Auth helper functions, I came up
with a couple of suggestions.
1. Helper function requireUser should call the "good" handler with an AuthUser
requireUser :: Lens b (Snaplet (AuthManager b))
-> Handler b v a -- bad (not logged in)
-> Handler b v a -- good (logged in)
-> Handler b v a
Wouldn't this make more sense as:
requireUser :: Lens b (Snaplet (AuthManager b))
-> Handler b v a -- bad (not logged in)
-> (AuthUser -> Handler b v a) -- good (logged in), call
with currently authenticated user
-> Handler b v a
This way the handlers that require the user to be logged in wouldn't
need to separately get the currentUser and match it for "Just user".
The currentUser returns a Maybe AuthUser so every handler that needs
to access the AuthUser will need to deal with this Maybe value, even
though they probably were called by requireUser which already ensures
that the user is logged in.
I would argue that any application that has multi-user support with a
database backend will need access to AuthUser in the majority of its
handlers.
2. Why is AuthUser userId a Maybe UserId instead of UserId?
Why would the AuthUser userId field ever be Nothing? I realize there
may be a need for not specifying the uid for a user when creating new
users in the db, but will this field ever be Nothing once a user has
been persisted to a database?
I'd like to pass in AuthUser to my handlers that need to query data
based on the currently logged in user. But because userId is "Maybe
UserId" instead of just "UserId", every handler needs to deal with the
possible Nothing value. I worked around this by adding my own User
type which doesn't use Maybe for the user id. (I realize many bigger
apps will have their own User type anyway.)
Here's how my code for requiring a logged in user looks like:
-- Run actions with a logged in user or do nothing (error)
withUser :: (User -> Handler App App ()) -> Handler App App ()
withUser action = do
with auth currentUser >>= go
where
go Nothing = return ()
go (Just u) =
maybe
(return ())
(\uid -> action (User (read . T.unpack $ unUid uid) (userLogin
u))) (userId u)
Is there a reason for this use of Maybe that I'm missing?
Thanks,
Janne
- [1] http://hackage.haskell.org/package/snaplet-sqlite-simple
I'm developing a small web app using Snap with snaplet-auth and
snaplet-sqlite-simple [1].
While using some of the Snap.Snaplet.Auth helper functions, I came up
with a couple of suggestions.
1. Helper function requireUser should call the "good" handler with an AuthUser
requireUser :: Lens b (Snaplet (AuthManager b))
-> Handler b v a -- bad (not logged in)
-> Handler b v a -- good (logged in)
-> Handler b v a
Wouldn't this make more sense as:
requireUser :: Lens b (Snaplet (AuthManager b))
-> Handler b v a -- bad (not logged in)
-> (AuthUser -> Handler b v a) -- good (logged in), call
with currently authenticated user
-> Handler b v a
This way the handlers that require the user to be logged in wouldn't
need to separately get the currentUser and match it for "Just user".
The currentUser returns a Maybe AuthUser so every handler that needs
to access the AuthUser will need to deal with this Maybe value, even
though they probably were called by requireUser which already ensures
that the user is logged in.
I would argue that any application that has multi-user support with a
database backend will need access to AuthUser in the majority of its
handlers.
2. Why is AuthUser userId a Maybe UserId instead of UserId?
Why would the AuthUser userId field ever be Nothing? I realize there
may be a need for not specifying the uid for a user when creating new
users in the db, but will this field ever be Nothing once a user has
been persisted to a database?
I'd like to pass in AuthUser to my handlers that need to query data
based on the currently logged in user. But because userId is "Maybe
UserId" instead of just "UserId", every handler needs to deal with the
possible Nothing value. I worked around this by adding my own User
type which doesn't use Maybe for the user id. (I realize many bigger
apps will have their own User type anyway.)
Here's how my code for requiring a logged in user looks like:
-- Run actions with a logged in user or do nothing (error)
withUser :: (User -> Handler App App ()) -> Handler App App ()
withUser action = do
with auth currentUser >>= go
where
go Nothing = return ()
go (Just u) =
maybe
(return ())
(\uid -> action (User (read . T.unpack $ unUid uid) (userLogin
u))) (userId u)
Is there a reason for this use of Maybe that I'm missing?
Thanks,
Janne
- [1] http://hackage.haskell.org/package/snaplet-sqlite-simple
MightyByte
Sep 24, 2012, 10:34:22 AM9/24/12
to snap_fr...@googlegroups.com
This functionality is certainly useful, but I think I'd provide it as a separate function instead of changing the existing one. Oz originally wrote this, and he has used it quite a bit in real apps, so he might have a use case for the current version.
2. Why is AuthUser userId a Maybe UserId instead of UserId?
Why would the AuthUser userId field ever be Nothing? I realize there
may be a need for not specifying the uid for a user when creating new
users in the db, but will this field ever be Nothing once a user has
been persisted to a database?
This is indeed the reason. It also could be the case that your backend does not have a separate UserId field. As you can see, the userLogin field does not have a Maybe. That's the one that is required.
I'd like to pass in AuthUser to my handlers that need to query data
based on the currently logged in user. But because userId is "Maybe
UserId" instead of just "UserId", every handler needs to deal with the
possible Nothing value. I worked around this by adding my own User
type which doesn't use Maybe for the user id. (I realize many bigger
apps will have their own User type anyway.)
Here's how my code for requiring a logged in user looks like:
-- Run actions with a logged in user or do nothing (error)
withUser :: (User -> Handler App App ()) -> Handler App App ()
withUser action = do
with auth currentUser >>= go
where
go Nothing = return ()
go (Just u) =
maybe
(return ())
(\uid -> action (User (read . T.unpack $ unUid uid) (userLogin
u))) (userId u)
Is there a reason for this use of Maybe that I'm missing?
Thanks,
Janne
- [1] http://hackage.haskell.org/package/snaplet-sqlite-simple
--
Reply all
Reply to author
Forward
0 new messages