From c84776ff01a946369888b987eb7d85229a0a3210 Mon Sep 17 00:00:00 2001
From: Maxim Koltsov <kolmax94@gmail.com>
Date: Fri, 16 Jul 2021 12:42:23 +0300
Subject: [PATCH] version 0.1.3.9: pass access token to handlers (#28)

---
 CHANGELOG.md                     |  4 ++++
 app/ServantApp.hs                |  9 +++++----
 src/Web/Template/Servant.hs      |  5 +++++
 src/Web/Template/Servant/Auth.hs | 18 ++++++++++++++++--
 web-template.cabal               |  2 +-
 5 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0639a17..73eb551 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.3.9] - 2021-07-015
+### Changed
+- Pass access token to handlers.
+
 ## [0.1.3.8] - 2021-06-22
 ### Added
 - Possibility to accept Service Token in `OIDCAuth`. Token is considered a Service Token if it
diff --git a/app/ServantApp.hs b/app/ServantApp.hs
index 55b0843..f0cb9ac 100644
--- a/app/ServantApp.hs
+++ b/app/ServantApp.hs
@@ -1,5 +1,6 @@
 {-# LANGUAGE DataKinds         #-}
 {-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards   #-}
 {-# LANGUAGE TypeApplications  #-}
 {-# LANGUAGE TypeOperators     #-}
 
@@ -12,9 +13,9 @@ import Servant                         (Description, Get, Handler, JSON, PlainTe
 import Servant.OpenApi                 (toOpenApi)
 import Servant.Server.Internal.Context (Context (..))
 
-import Web.Template.Servant (OIDCAuth, OIDCConfig (..), Permit, SwaggerSchemaUI, UserId (..),
-                             Version, defaultOIDCCfg, runServantServerWithContext,
-                             swaggerSchemaUIServer)
+import Web.Template.Servant (OIDCAuth, OIDCConfig (..), OIDCUser (OIDCUser, oidcUserId), Permit,
+                             SwaggerSchemaUI, UserId (..), Version, defaultOIDCCfg,
+                             runServantServerWithContext, swaggerSchemaUIServer)
 import Web.Template.Wai     (defaultHandleLog, defaultHeaderCORS)
 
 type API = Version "1" :>
@@ -46,7 +47,7 @@ main = do
         (defaultHeaderCORS . defaultHandleLog)
         5000
         (cfg {oidcIssuer = uri, oidcClientId = cId} :. EmptyContext )
-        $ swaggerSchemaUIServer swagger :<|> (pingH :<|> (\userId -> helloH userId :<|> postH userId))
+        $ swaggerSchemaUIServer swagger :<|> (pingH :<|> (\OIDCUser{..} -> helloH oidcUserId :<|> postH oidcUserId))
   where
     uri = error "set uri here"
     cId = error "set client id here"
diff --git a/src/Web/Template/Servant.hs b/src/Web/Template/Servant.hs
index 19efb32..9111f4b 100644
--- a/src/Web/Template/Servant.hs
+++ b/src/Web/Template/Servant.hs
@@ -6,6 +6,10 @@ module Web.Template.Servant
   , SwaggerSchemaUI
   , swaggerSchemaUIServer
 
+  , userIdVaultKey
+  , tokenVaultKey
+  , pTokenVaultKey
+
   , module Web.Template.Servant.Aeson
   , module Web.Template.Servant.API
   , module Web.Template.Servant.Auth
@@ -20,6 +24,7 @@ import Servant.Swagger.UI       (SwaggerSchemaUI, swaggerSchemaUIServer)
 import Servant.Server           (Context, DefaultErrorFormatters, ErrorFormatters, HasContextEntry,
                                  HasServer, Server, serveWithContext, type (.++), (.++))
 
+import Web.Template.Log   (pTokenVaultKey, tokenVaultKey, userIdVaultKey)
 import Web.Template.Types (Port)
 import Web.Template.Wai   (defaultHandleLog, defaultHeaderCORS, warpSettings)
 
diff --git a/src/Web/Template/Servant/Auth.hs b/src/Web/Template/Servant/Auth.hs
index 410c87c..7866acf 100644
--- a/src/Web/Template/Servant/Auth.hs
+++ b/src/Web/Template/Servant/Auth.hs
@@ -9,6 +9,7 @@ module Web.Template.Servant.Auth
   , UserId (..)
   , OIDCConfig (..)
   , defaultOIDCCfg
+  , OIDCUser (..)
   , Permit
   ) where
 
@@ -122,6 +123,15 @@ instance HasOpenApi api => HasOpenApi (CbdAuth :> api) where
 -- Stores token and claims in vault.
 data OIDCAuth
 
+
+data OIDCUser
+  = OIDCUser
+      { oidcUserId      :: UserId
+      , oidcAccessToken :: Text
+      , oidcParsedToken :: ClaimsSet
+      }
+  deriving (Eq, Show, Generic)
+
 -- | Info needed for OIDC authorization & key cache
 data OIDCConfig
   = OIDCConfig
@@ -160,7 +170,7 @@ instance ( HasServer api context
          , HasContextEntry context OIDCConfig
          ) => HasServer (OIDCAuth :> api) context where
 
-  type ServerT (OIDCAuth :> api) m = UserId -> ServerT api m
+  type ServerT (OIDCAuth :> api) m = OIDCUser -> ServerT api m
 
   hoistServerWithContext _ pc nt s = hoistServerWithContext @api Proxy pc nt . s
 
@@ -195,7 +205,11 @@ instance ( HasServer api context
           , pTokenVaultKey <?> req <&> flip writeIORef (Just claims)
           ]
 
-        return $ UserId uid
+        return OIDCUser
+          { oidcUserId = UserId uid
+          , oidcAccessToken = decodeUtf8 token
+          , oidcParsedToken = claims
+          }
     where
       https mgr = (`httpLbs` mgr)
 
diff --git a/web-template.cabal b/web-template.cabal
index 68d84da..cdb88cd 100644
--- a/web-template.cabal
+++ b/web-template.cabal
@@ -1,5 +1,5 @@
 name:                web-template
-version:             0.1.3.8
+version:             0.1.3.9
 synopsis:            Web template
 description:
             Web template includes: