Haskell framework for the web

Speaking in Tongues

Authentication Required

To protect the user accounts, Yesod provides libraries, which you use to implement the login procedure. The library includes Yesod.Auth.OpenId [17], which provides a way for users to log in to an existing Google+ or Yahoo account on the website, without needing the webmaster to manage the passwords (Listings 13 and 14). To implement this authentication, the Foundation.hs file has to import the above-mentioned library. Enable the plugin and also specify which routes do not need authentication or a login (Listing 15).

Listing 13

<My project>/GoogleEmail.hs

01 module googleemail where
02 import Data.Text
03
04 clientId :: Text
05 clientId = "<myid>"
06
07 clientSecret :: Text
08 clientSecret = "<mysecret>"

Listing 14

<My project>/Foundation.hs (Extract)

01 [...]
02 import Yesod.Auth.OpenId
03 import Yesod.Auth.GoogleEmail2
04 import Googleemail
05 [...]
06 instance YesodAuth App where
07     authPlugins m =
08         [ authGoogleEmail clientId clientSecret ]
09
10  [...]
11 - Default value: Authorized
12  isAuthorized _ _ = return Authorized
13  [...]

Listing 15

<My project>/Foundation.hs (Extract)

01 [...]
02 instance YesodAuth App where
03     loginHandler = defaultLayout $ do
04       [whamlet|
05         <form method="get" action=@{AuthR forwardUrl} >
06            <input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id">
07         <button class="btn-openid">
08            Login via Google
09       |]
10  [...]

Sometimes it is also necessary to add libraries to the <Project name>.cabal project file for Yesod to compile the project, which the framework points out at compile time.

By overwriting the login handler in the Foundation.hs file (Listing 15), you can design the login page to suit your needs. Simple HTML code is all you need in Yesod to implement the login handler.

Conclusions

The performance of Haskell, on which Yesod is based, is good enough to form the core of the Facebook Sigma system. Among other things, Facebook uses Haskell for spam prevention, and the production system used there handles approximately one million requests per second [18].

According to the project's own metrics [19], with a large Amazon EC2 instance, the Haskell-based Yesod is one of the fastest web frameworks. It also offers everything you need to tackle larger projects, because it supports, for example, a number of well-known databases.

Although the Java and PHP programming languages have numerous how-tos for payment systems such as PayPal, helpful hints are rarely given for Yesod or Haskell. Yesod users will search in vain for add-ins, whereas, Drupal and WordPress, for example, offer plugins numbering into five digits.

Additionally, the Haskell base puts your staying power to the test despite numerous simplifications. For example, it is not always easy to decipher error messages from the compiler; nevertheless, of the Haskell-based web frameworks, Yesod is one of the most advanced, probably because it comes with its own template languages and numerous libraries. In addition to the advantages mentioned initially, Yesod provides inquisitive developers with an incentive to plumb the depths of practical examples in the Haskell world.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lua for Apache

    Lua is a small, lean, and fast scripting language – ideal for working with web servers. Version 2.4 of the Apache web server is the first to offer a matching module that has a few quirks – and pitfalls, if you dig more deeply.

  • How to Hide a Malicious File

    The best way to stop an attack is to think like an attacker. We’ll show you how to use the Metasploit framework to create a malicious payload that escapes antivirus detection.

  • A DIY HTML Engine
    Jekyll is a lightweight, fast, HTML engine that renders websites with ease, with the added benefits of low cost, high speed, security, and free hosting with GitHub Pages.
  • Slipping your pen test past antivirus protection with Veil-Evasion
    The Veil pen-testing platform provides some powerful tools that will hide your attack from antivirus scanners – and Veil even supports Metasploit payloads.
  • Introduction to HDF5

    HDF5 is a data model, library, and file format used primarily for scientific computing to store and manage data.

comments powered by Disqus