Support AuthProtect combinator

[lthms]

Correct me if I am wrong, but I think the AuthProtect combinator is not supported by servant-purescript. Do you have any plan to add this support?

Anyway, thank for this awesome project!

[eskimor]

I did not know about it. What is it about? Anyway - I will look into it, when I have some time. If you need it sooner - I would love a pull request! :-)

You are welcome! I am happy if people find it useful!

[eskimor]

Docs: http://haskell-servant.readthedocs.io/en/stable/tutorial/Authentication.html
Needs to be fixed first: haskell-servant/servant#463

Until someone (e.g. me) gets to fixing this, you can use an authentication scheme like I do for my application:

I simply use a plain Authorization header and create an API like this:

type FullAPI = "public" :> "endpoint" :> Get '[JSON] Text
              :<|> "private" :> Header "Authorization" AuthToken :> AuthAPI

type AuthAPI = my protected handlers

Then I use servant's enter to protect my auth API in a single place. With enter you can translate a monad stack to another monad stack of your liking, e.g. one with a Reader monad containing the retrieved authorization data, in the translation function you can simply throw an appropriate error if the authentication data is not correct. You can find an example here. It is a bit obfuscated because I am not yet using a standard transformer stack, but freer extensible effects (was an experiment) - but you get the idea.

Hope that helps - it took me a while to notice that you can handle authentication pretty well with
enter, which is documented here.

Best regards,

Robert

[eskimor]

In fact I am quite happy with this enter based authentication - that's why I never really checked out the new Auth API of servant.

[lthms]

Thanks. I ended up doing something similar with a real API and a fake one, like this. However, your idea is quite interesting!