Stuce/sTodo
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

removed middleware

Browse source
This commit is contained in:
Stuce 2025-07-02 17:13:50 +01:00
parent 6b8781760c
commit c63309b9e8
4 changed files with 8 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/Foundation.hs
View file

@ -20,8 +20,6 @@ import Control.Monad.Logger (LogSource)
import Yesod.Default.Util (addStaticContentExternal)
import Yesod.Core.Types (Logger)
import qualified Yesod.Core.Unsafe as Unsafe
import qualified Data.CaseInsensitive as CI
import qualified Data.Text.Encoding as TE
-- | The foundation datatype for your application. This can be a good place to
-- keep settings and values requiring initialization before your application
@ -91,8 +89,8 @@ instance Yesod App where
-- b) Validates that incoming write requests include that token in either a header or POST parameter.
-- To add it, chain it together with the defaultMiddleware: yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
yesodMiddleware :: ToTypedContent res => Handler res -> Handler res
yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
-- yesodMiddleware :: ToTypedContent res => Handler res -> Handler res
-- yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
defaultLayout :: Widget -> Handler Html
defaultLayout widget = do
@ -111,13 +109,12 @@ instance Yesod App where
$(widgetFile "default-layout")
withUrlRenderer $(hamletFile "templates/default-layout-wrapper.hamlet")
isAuthorized
:: Route App -- ^ The route the user is visiting.
-> Bool -- ^ Whether or not this is a "write" request.
-> Handler AuthResult
-- Routes not requiring authentication.
-- TODO: check this bullshit if need to change it or not (prolly authelia problem)
isAuthorized _ _ = return Authorized
-- isAuthorized
-- :: Route App -- ^ The route the user is visiting.
-- -> Bool -- ^ Whether or not this is a "write" request.
-- -> Handler AuthResult
-- -- Routes not requiring authentication.
-- isAuthorized _ _ = return Authorized
-- This function creates static content files in the static folder
@ -208,7 +205,6 @@ getUserId = do
dbIfAuth :: GroupId -> ReaderT SqlBackend (HandlerFor App) b -> HandlerFor App b
dbIfAuth groupId action = do
-- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests
-- TODO: optimize the persist implementation anyway
user <- getUserId
result <- runDB $ selectFirst [GroupUserUser ==. user, GroupUserGroupId ==. groupId] []
if isNothing result then permissionDenied "you are not logged in or you dont have access to this group"

6
src/Handler/Group.hs
View file

@ -16,7 +16,6 @@ getGroupR :: Handler Html
getGroupR = do
userId <- getUserId
groups <- getGroups userId
mToken <- fmap reqToken getRequest
defaultLayout $ do
setTitle "Groups"
[whamlet|
@ -27,8 +26,6 @@ getGroupR = do
<a href=@{TodolistR $ entityKey group}>#{(groupGroup . entityVal) group}
<form action=@{AddGroupR} method="post">
<input type="text" name="group" placeholder="new group">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">add
<a href=@{EditGroupR}>Edit
|]
@ -48,7 +45,6 @@ getEditGroupR :: Handler Html
getEditGroupR = do
userId <- getUserId
groups <- getGroups userId
mToken <- fmap reqToken getRequest
defaultLayout $ do
let a e = pack $ show $ fromSqlKey $ entityKey e ::Text
setTitle "Groups"
@ -59,8 +55,6 @@ getEditGroupR = do
<li>
<input type="checkbox" name="ids" value="#{a group}">
<a href="">#{(groupGroup . entityVal) group}
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type=submit>Delete selected
<a href=@{GroupR}>Back
|]

8
src/Handler/Todolist.hs
View file

@ -23,7 +23,6 @@ postAddTodolistR groupId = do
getTodolistR :: GroupId -> Handler Html
getTodolistR groupId = do
lists <- dbIfAuth groupId (selectList [TodolistGroupId ==. groupId] [])
mToken <- fmap reqToken getRequest
defaultLayout $ do
let getTitle = todolistTitle . entityVal
setTitle "todolist"
@ -35,13 +34,9 @@ getTodolistR groupId = do
<a href=@{TodolistItemsR groupId (entityKey list)}>#{getTitle list}
<form action=@{AddTodolistR groupId} method="post">
<input type="text" name="list" placeholder="new list">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">add
<form action=@{AddUserR groupId} method="post">
<input type="text" name="user" placeholder="new user">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">share
<a href=@{EditTodolistR groupId}>Edit
|]
@ -50,7 +45,6 @@ getEditTodolistR :: GroupId -> Handler Html
getEditTodolistR groupId = do
lists <- runDB $
selectList [TodolistGroupId ==. groupId] [Asc TodolistTitle]
mToken <- fmap reqToken getRequest
defaultLayout $ do
let keyToText e = pack $ show $ fromSqlKey $ entityKey e ::Text
setTitle "Groups"
@ -61,8 +55,6 @@ getEditTodolistR groupId = do
<li>
<input type="checkbox" name="ids" value="#{keyToText list}">
<a href="">#{(todolistTitle . entityVal) list}
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type=submit>Delete selected
<a href=@{TodolistR groupId}>Back
|]

12
src/Handler/TodolistItem.hs
View file

@ -19,7 +19,6 @@ getTodolistItemsR groupId todolistId = do
(Just "value") -> dbIfAuth groupId (selectList [TodolistItemTodolistId ==. todolistId] [Desc TodolistItemValue, Asc TodolistItemId])
_ -> dbIfAuth groupId (selectList [TodolistItemTodolistId ==. todolistId] [Asc TodolistItemId])
mToken <- fmap reqToken getRequest
defaultLayout $ do
setTitle "items"
[whamlet|
@ -30,22 +29,14 @@ getTodolistItemsR groupId todolistId = do
$forall item <- items
<li>
<form action=@{CheckTodolistItemR groupId todolistId (entityKey item)} method="POST">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">#{getText item}
<form action=@{AddTodolistItemR groupId todolistId} method="post">
<form action=@{AddTodolistItemR groupId todolistId} method="post">
<input type="text" name="item" placeholder="new item">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">add
<form action=@{TrimTodolistItemsR groupId todolistId} method="post">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">trim
<form action=@{SortTodolistItemsR groupId todolistId} method="post">
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<button type="submit">sort
<a href=@{EditTodolistItemsR groupId todolistId}>Edit
|]
@ -66,7 +57,6 @@ postAddTodolistItemR groupId todolistId = do
getEditTodolistItemsR :: GroupId -> TodolistId -> Handler Html
getEditTodolistItemsR groupId todolistId = do
items <- dbIfAuth groupId (selectList [TodolistItemTodolistId ==. todolistId] [])
mToken <- fmap reqToken getRequest
let text = unlines $ map getText items
defaultLayout $ do
setTitle "edit"
@ -75,8 +65,6 @@ getEditTodolistItemsR groupId todolistId = do
<label for="edit text area">Edit todolist
<br>
<textarea id="edit text area" name=text rows=30 cols=50 placeholder="[x] wake up1&#10;[x] eat&#10;[ ] sleep&#10;[ ] repeat">#{text}
$maybe token <- mToken
<input type="hidden" name="_token" value="#{token}">
<br>
<button type="submit">edit
|]