Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Source file contract_token.ml
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101exceptionExceptionofstringletname="token"moduletypeSig=sigmoduleWeb:sigmoduleUser:sigexceptionUser_not_found(** [find req] returns the user that is associated with the bearer token.
If no user is found, {!User_not_found} is raised. *)valfind:Rock.Request.t->Contract_user.t(** [find_opt req] returns the user that is associated with the bearer
token. *)valfind_opt:Rock.Request.t->Contract_user.toptionendmoduleMiddleware:sig(** [user ?key find_user] returns a middleware that sets the current user
based on the [Bearer Token] in the [Authorization] header.
[key] is the user id that has been used to store a user id in the
session. Be default, the value is [user_id].
[find_user] is a function that returns a user given a user id. *)valuser:?key:string->(string->Contract_user.toptionLwt.t)->Rock.Middleware.tendend(** [create ?expires_in ?secret data] returns a token that expires in
[expires_in] with the associated data [data]. If no [expires_in] is set,
the default is 7 days. An optional secret [secret] can be provided for the
token signature, by default `SIHL_SECRET` is used. *)valcreate:?secret:string->?expires_in:Core_time.duration->(string*string)list->stringLwt.t(** [read ?secret ?force token k] returns the value that is associated with
the key [k] in the token [token]. If [force] is set, the value is read and
returned even if the token is expired, deactivated and the signature is
invalid. If the token is completely invalid and can not be read, no value
is returned. An optional secret [secret] can be provided to override the
default `SIHL_SECRET`. *)valread:?secret:string->?force:unit->string->k:string->stringoptionLwt.t(** [read_all ?secret ?force token] returns all key-value pairs associated
with the token [token]. If [force] is set, the values are read and
returned even if the token is expired, deactivated and the signature is
invalid. If the token is completely invalid and can not be read, no value
is returned. An optional secret [secret] can be provided to override the
default `SIHL_SECRET`.*)valread_all:?secret:string->?force:unit->string->(string*string)listoptionLwt.t(** [verify ?secret token] returns true if the token has a valid structure and
the signature is valid, false otherwise. An optional secret [secret] can
be provided to override the default `SIHL_SECRET`. *)valverify:?secret:string->string->boolLwt.t(** [deactivate token] deactivates the token. Depending on the backend of the
token service a blacklist is used to store the token. *)valdeactivate:string->unitLwt.t(** [activate token] re-activates the token. Depending on the backend of the
token service a blacklist is used to store the token. *)valactivate:string->unitLwt.t(** [is_active token] returns true if the token is active, false if the token
was deactivated. An expired token or a token that has an invalid signature
is not necessarily inactive.*)valis_active:string->boolLwt.t(** [is_expired token] returns true if the token is expired, false otherwise.
An optional secret [secret] can be provided to override the default
`SIHL_SECRET`. *)valis_expired:?secret:string->string->boolLwt.t(** [is_valid token] returns true if the token is not expired, active and the
signature is valid and false otherwise. A valid token can safely be used.
An optional secret [secret] can be provided to override the default
`SIHL_SECRET`. *)valis_valid:?secret:string->string->boolLwt.tvalregister:unit->Core_container.Service.tincludeCore_container.Service.Sigend