Building a Blog in Haskell with Yesod–Authentication
This is a series about Yesod: a Haskell web framework that follows a similar philosophy to Rails. In fact, it is strongly opinionated and provides a lot of functionality out of the box.
A good read about Yesod is available online for free: Developing web applications with Haskell and Yesod. That’s why this series will be a commentary of the commits from a repo we will use to develop a super simple blog.
In other words, this won’t be good material to learn how to use Yesod. However, it will hopefully give an overview of how the framework works.
Series index: - Building a Blog in Haskell with Yesod–The Basic Structure - Building a Blog in Haskell with Yesod–Using a Database - Building a Blog in Haskell with Yesod–Authentication (this post)
authDummy for Logins
Up until now, we have used a form with username and password as a login. Turns out Yesod provides
Yesod.Auth.Dummy to make development easy. Later on, in production other providers can be used.
- makes the landing page always redirect to the login page
redirect $ AuthR LoginR
- sets the posts page as the target redirect for a successful login
loginDest _ = PostsR
- sets our
emptyLayoutas a layout for the auth pages
authLayout = liftHandler . emptyLayout
Show Logged-in User in the Layout
Commit aab5274c2ecb823b8c4d1c4eecfa37bf0e41c51f adds the username of the logged-in user to the layout.
Require Authentication for the Posts Page
Commit 9f97a457afdfb2c1fc7724dde990d650168783a7 adds authentication to the posts page:
In other words, if an unauthenticated user tries to visit the posts page, a redirect to the login form is triggered.
Tweaking the Landing
Commit dd46b15777f6118074f4b2ce461f78c5efca8ef1 makes the landing page redirect to either the login page or the posts page depending on the authentication state of the current user.