diff --git a/src/Server.hs b/src/Server.hs index a6137e9..f927d25 100644 --- a/src/Server.hs +++ b/src/Server.hs @@ -239,11 +239,10 @@ mkToken state = do type Users = "users" type HeaderR = Header' [Strict, Required] -type Me user userData = BasicAuth "login" user --TODO basic auth should not be necessary - :> Users - :> "me" - :> HeaderR "Authorization" Text - :> Get '[JSON] userData +type Me userData = Users + :> "me" + :> HeaderR "Authorization" Text + :> Get '[JSON] userData type UserList userData = Users :> "query" @@ -251,11 +250,11 @@ type UserList userData = Users :> Get '[JSON] [userData] -- TODO support query params -userEndpoint :: forall user userData . UserData user userData => AuthServer (Me user userData) +userEndpoint :: forall user userData . UserData user userData => AuthServer (Me userData) userEndpoint = handleUserData where - handleUserData :: user -> Text -> AuthHandler userData - handleUserData u jwtw = do + handleUserData :: Text -> AuthHandler userData + handleUserData jwtw = do let mToken = stripPrefix "Bearer " jwtw unless (isJust mToken) . throwError $ err500 { errBody = "Invalid token format"} token <- asks (decodeToken (fromJust mToken)) >>= liftIO @@ -265,7 +264,7 @@ userEndpoint = handleUserData Right (Jwe (header, body)) -> do let jwt = fromJust . decode @JWT $ fromStrict body -- TODO check if token grants access, then read logged in user from cookie - return $ userScope @user @userData u (readScope @user @userData "Profile") + return mempty -- let -- scopes' = map (readScope @user @userData) $ words scopes -- uData = mconcat $ map (userScope @user @userData u) scopes' @@ -291,7 +290,7 @@ userListEndpoint = handleUserData type Routing user userData = Auth user userData :<|> Token - :<|> Me user userData + :<|> Me userData :<|> UserList userData routing :: forall user userData . UserData user userData => AuthServer (Routing user userData)