Releases · SuaveIO/suave

In this release we have the opportunity to improve how to load data from forms and query strings into your custom objects, as well as improve session, authentication and state handling with cookie, by making them encrypted.

Changelog

Added module Suave.Model with a Choice builder under the name binding, as well as establishing a pattern for using Choice to bind data with good error messages on failure.
Docs for types in Suave.Types as well as functions for reading their properties. This moves query from Suave.Types to Suave.Types.HttpRequest. Similarly form has been moved.
UploadedFile.{Path,FileName} -> UploadedFile.{temp_file_path,file_name} as a part of normalising names across all types
New module Suave.Cookie takes over Parsing.XXX_cookie.
Cookie.fsi aims to document all things doable to cookies for the above module.
You can now overwrite cookies from a chained WebPart.
New module Suave.Auth when you don't need to write any particular data to a state store, but still need a cryptographically strong primitive for giving user authenticated access to your web application.
New module Suave.Json with three tiny primitives for mapping Json data -- this module's API might change in the future
Moved Globals.crypt_random to Suave.Utils.Crypto.crypt_random
New module Suave.Utils.String with constant time comparison of strings to avoid (crypto-)differential attacks and make it easier to do function composition with strings
New module/function Suave.Utils.Map.put for modifying a map and adding the key/value if it doesn't exist or replacing the existing value if it does.
New module Suave.Utils.Choice with map, map_2, bind and from_option
New module/function List.flat_map that maps f across xs and then concatenates any lists together to form a flat list.
New value cookie_encoding with two functions to base64 encode data and ensure the output base64 data is possible to write to headers (with the two functions returned, encode and decode you can go between string and base64-for-headers.
New module Crypto with support for HMAC and AES256 encryption and AES256-HMACSHA256 encrypt-then-hmac 'secretbox' generation similar to the principles for symmetric encryption in NaCl. This is the foundations for the new Auth, State and revamped Session modules. It works off of a key:
New SuaveConfig field server_key to be used for hmac summing and for symmetric encryption. The new crypto module can take this key as input to the server_key parameters the accept. By default this property is automatically/randomized on server start; so if you want cookies and data in cookies or whatever else you use the server key for, to survive server restarts, you should probably pass this as a configuration setting yourself. Ensure it has HttpRuntime.ServerKeyLength number of bytes in it, or you'll get cryptic crypto errors (Crypto.generate_key HttpRuntime.ServerKeyLength can be used to generate a new one (once?))
The functions Crypto.secretbox : key:byte [] -> msg : byte [] and Crypto.secretbox_open : key:byte [] -> cipher_text:byte [] can be used for the authenticated encryption detailed above. This means that you'll detect modifications to the message (and will get a nice discriminated union member to tell you about it as output when you use it). Useful for general-purpose tokens too, as only your server can read the data in them and noone can modify those contents without the server knowing. E.g. such a base64-encoded token can be used as a query string parameter in a link to verify an account.

We hope you enjoy this release; a lot of work has gone into it.

Henrik and Ademar

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Changelog

Releases: SuaveIO/suave

Session and Cleanup Release

Changelog

v0.18 - a tiny release with breaking changes to 'file' and 'browse'