a bit more comments

fumieval · Sep 20, 2020 · 6b79412 · 6b79412
1 parent 0baeeb8
commit 6b79412
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/wai-middleware-webauthn/README.md b/wai-middleware-webauthn/README.md
@@ -7,14 +7,14 @@ based on [Web Authentication API](https://developer.mozilla.org/en-US/docs/Web/A
 Configuration
 ----
 
-One easy way to configure the middleware is to use YAML.
+One easy way to configure the middleware is to use `staticKeys` with a YAML file.
 
 ```haskell
 import qualified Network.Wai.Middleware.WebAuthn as WebAuthn
 import qualified Data.Yaml as Yaml
 main = do
   config <- Yaml.decodeFileThrow "config.yaml"
-  mid <- WebAuthn.mkMiddleware config
+  mid <- WebAuthn.mkMiddleware $ staticKeys <$> config
   ...
 ```
 
@@ -23,10 +23,13 @@ origin: "https://localhost:8080"
 endpoint: "webauthn"
 authorisedKeys:
   fumieval:
+  - aaguid: '0000000000000000000000000000'
     credentialId: "0IMo2OFRmM903AGEP5/1u5eVGlcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="
     publicKey: "pQECAyYgASFYICJwKPYkRYKWH6OIAjp+IDghFnl06S0iSGjxn/arBp0OIlggoJmTH1ZaVWCrn3A2b+wZx4/mVePRFowKujU5xXmafJY="
 ```
 
+`authorisedKeys` is a map from identifiers to a list of public keys.
+
 lib.js
 ----
 This middleware exposes a JavaScript library in `/lib.js`:
@@ -71,8 +74,5 @@ WebAuthnProxy : HostName -> Endpoint ->
   }
 ```
 
-Authorization
-----
-
-Whenever it receives a request containing `Authentication: XXX`, it checks if `XXX` is a valid token generated by `verify`.
+Whenever it receives a request containing `Authorization: XXX`, it checks if `XXX` is a valid token generated by `verify`.
 It replaces `XXX` by the associated identifier which can be extracted by `requestIdentifier :: Request -> Maybe Identifier`.
diff --git a/wai-middleware-webauthn/src/Network/Wai/Middleware/WebAuthn.hs b/wai-middleware-webauthn/src/Network/Wai/Middleware/WebAuthn.hs
@@ -90,6 +90,7 @@ responseJSON val = responseLBS status200 ((hContentType, "application/json") : h
 -- If it receives a request containing an Authorization: TOKEN header, it checks
 -- if TOKEN is valid. If so, replaces TOKEN by the corresponding 'Identifier'.
 -- Otherwise, returns 403.
+--
 mkMiddleware :: Config Handler -> IO Middleware
 mkMiddleware Config{..} = do
   vTokens <- newIORef HM.empty