Building a Blog in Haskell with Yesod–Authentication

Posted on July 29, 2019 by Riccardo

Building a Blog in Haskell with Yesod (Series)

Building a Blog in Haskell with Yesod–The Basic StructureBuilding a Blog in Haskell with Yesod–Using a DatabaseBuilding a Blog in Haskell with Yesod–AuthenticationBuilding a Blog in Haskell with Yesod–AuthorizationBuilding a Blog in Haskell with Yesod–Returning JSONBuilding a Blog in Haskell with Yesod–JSON APIBuilding a Blog in Haskell with Yesod–Giving Back

This is a series about Yesod: a Haskell web framework that follows a similar philosophy to Rails. In fact, it is strongly opinionated and provides a lot of functionality out of the box.

A good read about Yesod is available online for free: Developing web applications with Haskell and Yesod. That's why this series will be a commentary of the commits from a repo we will use to develop a super simple blog.

In other words, this won't be good material to learn how to use Yesod. However, it will hopefully give an overview of how the framework works.

Use authDummy for Logins

Up until now, we have used a form with username and password as a login. Turns out Yesod provides Yesod.Auth.Dummy to make development easy. Later on, in production other providers can be used.

Screenshot of the Yesod dummy login form that consists of a text input and submit button

Commit 76c4347cdf4f563e9f543e83e5558848d29826a5:

  • makes the landing page always redirect to the login page redirect $ AuthR LoginR
  • sets the posts page as the target redirect for a successful login loginDest _ = PostsR
  • sets our emptyLayout as a layout for the auth pages authLayout = liftHandler . emptyLayout

Show Logged-in User in the Layout

Commit aab5274c2ecb823b8c4d1c4eecfa37bf0e41c51f adds the username of the logged-in user to the layout.

Screenshot of the blog with the username of the current user at the top

Require Authentication for the Posts Page

Commit 9f97a457afdfb2c1fc7724dde990d650168783a7 adds authentication to the posts page:

- Nothing -> Unauthorized "You must login to access this page"
+ Nothing -> AuthenticationRequired

In other words, if an unauthenticated user tries to visit the posts page, a redirect to the login form is triggered.

Tweaking the Landing

Commit dd46b15777f6118074f4b2ce461f78c5efca8ef1 makes the landing page redirect to either the login page or the posts page depending on the authentication state of the current user.


It's one of the selected few I follow every week – Mateusz

Tired of RELEARNING webdev stuff?

  • A 100+ page book with the best links I curated over the years
  • An email once a week full of timeless software wisdom
  • Your recommended weekly dose of pink
  • Try before you buy? Check the archives.