package sihl

  1. Overview
  2. Docs
val authentication_session : ?key:Stdlib.String.t -> ?error_handler:('a -> Response.t Lwt.t) -> (email:string -> password:string -> (Sihl__.Contract_user.t, 'a) Stdlib.result Lwt.t) -> Rock.Middleware.t
val authentication_token : ?key:string -> ?error_handler:('a -> Response.t Lwt.t) -> (email:string -> password:string -> (Sihl__.Contract_user.t, 'a) Stdlib.result Lwt.t) -> ((string * string) list -> string Lwt.t) -> Rock.Middleware.t
val authorization_user : login_path_f:(unit -> string) -> Rock.Middleware.t
val authorization_admin : login_path_f:(unit -> string) -> (Sihl__.Contract_user.t -> bool) -> Rock.Middleware.t
val bearer_token : Rock.Middleware.t

csrf ?not_allowed_handler ?cookie_key ?secret () returns a middleware that enables CSRF protection for unsafe HTTP requests.

not_allowed_handler is used if an unsafe request does not pass the CSRF protection check. By default, not_allowed_handler returns an empty response with status 403.

cookie_key is the key in the cookie under which a CSRF token will be stored. By default, cookie_key has a __Host prefix to increase cookie security. One important consequence of this prefix is, that the cookie cannot be sent across unencrypted (HTTP) connections. You should only set this argument if you know what you are doing and aware of the consequences.

secret is the secret used to hash the CSRF cookie value with. By default, SIHL_SECRET is used.

Internally, the CSRF protection is implemented as the Double Submit Cookie approach.

val csrf : ?not_allowed_handler:(Rock.Request.t -> Rock.Response.t Lwt.t) -> ?cookie_key:string -> ?secret:string -> unit -> Rock.Middleware.t
val error : ?email_config:(string * string * (Sihl__.Contract_email.t -> unit Lwt.t)) -> ?reporter:(string -> unit Lwt.t) -> ?error_handler:(Rock.Request.t -> Rock.Response.t Lwt.t) -> unit -> Rock.Middleware.t

error ?email_config ?reporter ?handler () returns a middleware that catches all exceptions and shows them.

By default, it logs the exception with the request details. The response is either `text/html` or `application/json`, depending on the `Content-Type` header of the request. If SIHL_ENV is `development`, a more detailed debugging page is shown which makes development easier. You can override the error page/JSON that is shown by providing a custom error handler error_handler.

Optional email configuration email_config can be specified, which is a tuple (sender, recipient, send_function). Exceptions that are caught will be sent per email to recipient where sender is the sender of the email. Pass in the send function of the Sihl email service or provide your own send_function. An email will only be sent if SIHL_ENV is `production`.

An optional custom reporter reporter can be defined. The middleware passes the stringified exception as first argument to the reporter callback. Use the reporter to implement custom error reporting.

val flash : ?cookie_key:string -> unit -> Rock.Middleware.t
val session : ?cookie_key:string -> ?secret:string -> unit -> Rock.Middleware.t
val static_file : unit -> Rock.Middleware.t
val user_session : ?key:string -> (user_id:string -> Sihl__.Contract_user.t option Lwt.t) -> Rock.Middleware.t
val user_token : ?key:string -> ?invalid_token_handler:(Rock.Request.t -> Rock.Response.t Lwt.t) -> (string -> k:string -> 'a option Lwt.t) -> (user_id:'a -> Sihl__.Contract_user.t option Lwt.t) -> (string -> unit Lwt.t) -> Rock.Middleware.t
OCaml

Innovation. Community. Security.