-
Notifications
You must be signed in to change notification settings - Fork 23
Advanced configuration
Default authentication handler will throw 403 error when something
goes wrong. Writing custom handler is simple: you need to read cookies
by applying getSession to the request and handle exceptions of type
AuthCookieException.
Note that handler should return WithMetadata AuthCookieData instead
of plain AuthCookieData. It's a wrapper that is used to determine
whether to update cookies.
Encrypting cookies on one hand requires secure pseudo random number
generator. On the other hand securely generating every byte would be a
performance hit. To balance between these cases there is RandomSource
record with mkRandomSource function.
RandomSource consists of
- determenisic random generator (DRG) factory function
- threshold
- current DRG
Every time we ask for random bytes from RandomSource, it takes them
from it's current DRG. Once it takes more bytes than specified in the
threshold, it replaces DRG with new (securely generated) one.
Thus we combine secure random source with deterministic generator,
getting better performance trading off a little bit of security.
mkRandomSource arguments are DRG factory function and the
threshold. The factory function should return instance of
'Crypto.Random.DRG'. cryptonite package provides newDrg function
that is suitable here.