package sihl

  1. Overview
  2. Docs
package sihl
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Web.MiddlewareSource

Sourceval authentication_session : ?key:String.t -> ?error_handler:('a -> Response.t Lwt.t) -> (email:string -> password:string -> (Sihl__.Contract_user.t, 'a) result Lwt.t) -> Rock.Middleware.t
Sourceval authentication_token : ?key:string -> ?error_handler:('a -> Response.t Lwt.t) -> (email:string -> password:string -> (Sihl__.Contract_user.t, 'a) result Lwt.t) -> ((string * string) list -> string Lwt.t) -> Rock.Middleware.t
Sourceval authorization_user : login_path_f:(unit -> string) -> Rock.Middleware.t
Sourceval authorization_admin : login_path_f:(unit -> string) -> (Sihl__.Contract_user.t -> bool) -> Rock.Middleware.t
Sourceval bearer_token : Rock.Middleware.t

csrf ?not_allowed_handler ?cookie_key ?secret () returns a middleware that enables CSRF protection for unsafe HTTP requests.

not_allowed_handler is used if an unsafe request does not pass the CSRF protection check. By default, not_allowed_handler returns an empty response with status 403.

cookie_key is the key in the cookie under which a CSRF token will be stored. By default, cookie_key has a __Host prefix to increase cookie security. One important consequence of this prefix is, that the cookie cannot be sent across unencrypted (HTTP) connections. You should only set this argument if you know what you are doing and aware of the consequences.

secret is the secret used to hash the CSRF cookie value with. By default, SIHL_SECRET is used.

Internally, the CSRF protection is implemented as the Double Submit Cookie approach.

Sourceval csrf : ?not_allowed_handler:(Rock.Request.t -> Rock.Response.t Lwt.t) -> ?cookie_key:string -> ?secret:string -> unit -> Rock.Middleware.t
Sourceval error : ?email_config:(string * string * (Sihl__.Contract_email.t -> unit Lwt.t)) -> ?reporter:(string -> unit Lwt.t) -> ?error_handler:(Rock.Request.t -> Rock.Response.t Lwt.t) -> unit -> Rock.Middleware.t

error ?email_config ?reporter ?handler () returns a middleware that catches all exceptions and shows them.

By default, it logs the exception with the request details. The response is either `text/html` or `application/json`, depending on the `Content-Type` header of the request. If SIHL_ENV is `development`, a more detailed debugging page is shown which makes development easier. You can override the error page/JSON that is shown by providing a custom error handler error_handler.

Optional email configuration email_config can be specified, which is a tuple (sender, recipient, send_function). Exceptions that are caught will be sent per email to recipient where sender is the sender of the email. Pass in the send function of the Sihl email service or provide your own send_function. An email will only be sent if SIHL_ENV is `production`.

An optional custom reporter reporter can be defined. The middleware passes the stringified exception as first argument to the reporter callback. Use the reporter to implement custom error reporting.

Sourceval flash : ?cookie_key:string -> unit -> Rock.Middleware.t
Sourceval form : Rock.Middleware.t
Sourceval htmx : Rock.Middleware.t
Sourceval id : Rock.Middleware.t
Sourceval json : Rock.Middleware.t
Sourceval session : ?cookie_key:string -> ?secret:string -> unit -> Rock.Middleware.t
Sourceval static_file : unit -> Rock.Middleware.t
Sourceval user_session : ?key:string -> (user_id:string -> Sihl__.Contract_user.t option Lwt.t) -> Rock.Middleware.t
Sourceval user_token : ?key:string -> ?invalid_token_handler:(Rock.Request.t -> Rock.Response.t Lwt.t) -> (string -> k:string -> 'a option Lwt.t) -> (user_id:'a -> Sihl__.Contract_user.t option Lwt.t) -> (string -> unit Lwt.t) -> Rock.Middleware.t