From c63309b9e86e50c45e99fce09b4dec816d9b74c1 Mon Sep 17 00:00:00 2001
From: Stuce <lefabricesaucy@outlook.com>
Date: Wed, 2 Jul 2025 17:13:50 +0100
Subject: [PATCH] removed middleware

---
 src/Foundation.hs           | 20 ++++++++------------
 src/Handler/Group.hs        |  6 ------
 src/Handler/Todolist.hs     |  8 --------
 src/Handler/TodolistItem.hs | 12 ------------
 4 files changed, 8 insertions(+), 38 deletions(-)

diff --git a/src/Foundation.hs b/src/Foundation.hs
index ffb4191..39678d4 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -20,8 +20,6 @@ import Control.Monad.Logger (LogSource)
 import Yesod.Default.Util   (addStaticContentExternal)
 import Yesod.Core.Types     (Logger)
 import qualified Yesod.Core.Unsafe as Unsafe
-import qualified Data.CaseInsensitive as CI
-import qualified Data.Text.Encoding as TE
 
 -- | The foundation datatype for your application. This can be a good place to
 -- keep settings and values requiring initialization before your application
@@ -91,8 +89,8 @@ instance Yesod App where
     --   b) Validates that incoming write requests include that token in either a header or POST parameter.
     -- To add it, chain it together with the defaultMiddleware: yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
     -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
-    yesodMiddleware :: ToTypedContent res => Handler res -> Handler res
-    yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
+    -- yesodMiddleware :: ToTypedContent res => Handler res -> Handler res
+    -- yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
 
     defaultLayout :: Widget -> Handler Html
     defaultLayout widget = do
@@ -111,13 +109,12 @@ instance Yesod App where
             $(widgetFile "default-layout")
         withUrlRenderer $(hamletFile "templates/default-layout-wrapper.hamlet")
 
-    isAuthorized
-        :: Route App  -- ^ The route the user is visiting.
-        -> Bool       -- ^ Whether or not this is a "write" request.
-        -> Handler AuthResult
-    -- Routes not requiring authentication.
-    -- TODO: check this bullshit if need to change it or not (prolly authelia problem)
-    isAuthorized _ _ = return Authorized
+    -- isAuthorized
+    --     :: Route App  -- ^ The route the user is visiting.
+    --     -> Bool       -- ^ Whether or not this is a "write" request.
+    --     -> Handler AuthResult
+    -- -- Routes not requiring authentication.
+    -- isAuthorized _ _ = return Authorized
 
 
     -- This function creates static content files in the static folder
@@ -208,7 +205,6 @@ getUserId = do
 dbIfAuth :: GroupId -> ReaderT SqlBackend (HandlerFor App) b -> HandlerFor App b
 dbIfAuth groupId action = do
     -- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests
-    -- TODO: optimize the persist implementation anyway
     user <- getUserId
     result <- runDB $ selectFirst [GroupUserUser ==. user, GroupUserGroupId ==. groupId] []
     if isNothing result then permissionDenied "you are not logged in or you dont have access to this group"
diff --git a/src/Handler/Group.hs b/src/Handler/Group.hs
index c2f4bb5..287cedd 100644
--- a/src/Handler/Group.hs
+++ b/src/Handler/Group.hs
@@ -16,7 +16,6 @@ getGroupR :: Handler Html
 getGroupR = do
     userId <- getUserId
     groups <- getGroups userId
-    mToken <- fmap reqToken getRequest
     defaultLayout $ do
         setTitle "Groups"
         [whamlet|
@@ -27,8 +26,6 @@ getGroupR = do
                         <a href=@{TodolistR $ entityKey group}>#{(groupGroup . entityVal) group}
             <form action=@{AddGroupR} method="post">
                 <input type="text" name="group" placeholder="new group">
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type="submit">add
             <a href=@{EditGroupR}>Edit
         |]
@@ -48,7 +45,6 @@ getEditGroupR :: Handler Html
 getEditGroupR = do
     userId <- getUserId
     groups <- getGroups userId
-    mToken <- fmap reqToken getRequest
     defaultLayout $ do
         let a e = pack $ show $ fromSqlKey $ entityKey e ::Text
         setTitle "Groups"
@@ -59,8 +55,6 @@ getEditGroupR = do
                         <li>
                             <input type="checkbox" name="ids" value="#{a group}">
                             <a href="">#{(groupGroup . entityVal) group}
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type=submit>Delete selected 
             <a href=@{GroupR}>Back
         |]
diff --git a/src/Handler/Todolist.hs b/src/Handler/Todolist.hs
index 56e5056..3af9235 100644
--- a/src/Handler/Todolist.hs
+++ b/src/Handler/Todolist.hs
@@ -23,7 +23,6 @@ postAddTodolistR groupId = do
 getTodolistR :: GroupId -> Handler Html
 getTodolistR groupId = do
     lists <- dbIfAuth groupId (selectList [TodolistGroupId ==. groupId] [])
-    mToken <- fmap reqToken getRequest
     defaultLayout $ do
         let getTitle = todolistTitle . entityVal
         setTitle "todolist"
@@ -35,13 +34,9 @@ getTodolistR groupId = do
                             <a href=@{TodolistItemsR groupId (entityKey list)}>#{getTitle list}
             <form action=@{AddTodolistR groupId} method="post">
                 <input type="text" name="list" placeholder="new list">
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type="submit">add
             <form action=@{AddUserR groupId} method="post">
                 <input type="text" name="user" placeholder="new user">
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type="submit">share
             <a href=@{EditTodolistR groupId}>Edit
         |]
@@ -50,7 +45,6 @@ getEditTodolistR :: GroupId -> Handler Html
 getEditTodolistR groupId = do
     lists <- runDB $
         selectList [TodolistGroupId ==. groupId] [Asc TodolistTitle]
-    mToken <- fmap reqToken getRequest
     defaultLayout $ do
         let keyToText e = pack $ show $ fromSqlKey $ entityKey e ::Text
         setTitle "Groups"
@@ -61,8 +55,6 @@ getEditTodolistR groupId = do
                         <li>
                             <input type="checkbox" name="ids" value="#{keyToText list}">
                             <a href="">#{(todolistTitle . entityVal) list}
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type=submit>Delete selected
             <a href=@{TodolistR groupId}>Back
         |]
diff --git a/src/Handler/TodolistItem.hs b/src/Handler/TodolistItem.hs
index 3311784..2866730 100644
--- a/src/Handler/TodolistItem.hs
+++ b/src/Handler/TodolistItem.hs
@@ -19,7 +19,6 @@ getTodolistItemsR groupId todolistId = do
         (Just "value") -> dbIfAuth groupId  (selectList [TodolistItemTodolistId ==. todolistId] [Desc TodolistItemValue, Asc TodolistItemId])
         _ -> dbIfAuth groupId  (selectList [TodolistItemTodolistId ==. todolistId] [Asc TodolistItemId])
 
-    mToken <- fmap reqToken getRequest
     defaultLayout $ do
         setTitle "items"
         [whamlet|
@@ -30,22 +29,14 @@ getTodolistItemsR groupId todolistId = do
                 $forall item <- items
                     <li>
                         <form action=@{CheckTodolistItemR groupId todolistId (entityKey item)} method="POST">
-                             $maybe token <- mToken
-                                 <input type="hidden" name="_token" value="#{token}">
                              <button type="submit">#{getText item}
                             <form action=@{AddTodolistItemR groupId todolistId} method="post">
             <form action=@{AddTodolistItemR groupId todolistId} method="post">
                 <input type="text" name="item" placeholder="new item">
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type="submit">add
             <form action=@{TrimTodolistItemsR groupId todolistId} method="post">
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type="submit">trim
             <form action=@{SortTodolistItemsR groupId todolistId} method="post">
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <button type="submit">sort
             <a href=@{EditTodolistItemsR groupId todolistId}>Edit
         |]
@@ -66,7 +57,6 @@ postAddTodolistItemR groupId todolistId = do
 getEditTodolistItemsR :: GroupId -> TodolistId -> Handler Html
 getEditTodolistItemsR groupId todolistId = do
     items <- dbIfAuth groupId (selectList [TodolistItemTodolistId ==. todolistId] [])
-    mToken <- fmap reqToken getRequest
     let text = unlines $ map getText items
     defaultLayout $ do
         setTitle "edit"
@@ -75,8 +65,6 @@ getEditTodolistItemsR groupId todolistId = do
                 <label for="edit text area">Edit todolist
                 <br>
                 <textarea id="edit text area" name=text rows=30 cols=50 placeholder="[x] wake up1&#10;[x] eat&#10;[ ] sleep&#10;[ ] repeat">#{text}
-                $maybe token <- mToken
-                    <input type="hidden" name="_token" value="#{token}">
                 <br>
                 <button type="submit">edit
         |]