search

agocorona / MFlow

(Haskell) Web application server with stateful, type safe user interactions and widget combinators
http://mflowdemo.herokuapp.com
Other
100 stars 12 forks source link

Encrypted cookies. #14

Closed sheganinans closed 10 years ago

sheganinans commented 10 years ago

Here is a new pull request just for encrypted cookies.

sheganinans commented 10 years ago

There are a couple of areas that could have some definite improvement.

The first is more docs. I'll whip them up pretty soon.

Second is that I'm not a big fan of the current interface. Expecting keys is not how I want it working exactly, I'll be adding a check and wrapping it in an Maybe monad to handle it with nicer errors.

Third is that I don't like that it assumes that there will only ever be 4 fields in the cookie. I think that probably the best solution would be to have it generate keys automatically. So that even if we do change the the internal workings of the cookies, the interface will be decoupled from the implementation. However, the newKey function is right now tucked away as a local function in Mr. Snoyman's clientsession. I extracted the function and made it publicly available, and sent him a pull request here, but I have not heard from him yet nor has he accepted it upstream. I'm hoping he eventually does, since I would like to avoid using a patched version as a dependency for this library.

agocorona commented 10 years ago

Done!.

sheganinans commented 10 years ago

Awesome! Thanks!

On Mon, Jan 27, 2014 at 9:06 AM, agocorona notifications@github.com wrote:

Done!.

Reply to this email directly or view it on GitHubhttps://github.com/agocorona/MFlow/pull/14#issuecomment-33396746 .

sheganinans commented 10 years ago

Oh also. As for the unsafePerformIO bit. This part soothed my nerves a bit: http://stackoverflow.com/a/19375054

agocorona commented 10 years ago

Thanks a lot Aisitis.

The cookie module in MFlow was a dirty hack that i did in order to have cookies running . It was inspired in a module that Eric Meijer did in the yer 2005 or so, one of the first Web developments in haskell .

I didn't pay much attention to it. Maybe we have to substitute it by something in hackage. I don´t know.

2014-01-27 Aistis Raulinaitis notifications@github.com

There are a couple of areas that could have some definite improvement.

The first is more docs. I'll whip them up pretty soon.

Second is that I'm not a big fan of the current interface. Expecting keys is not how I want it working exactly, I'll be adding a a check and an error if the keys don't exist. Although that may be overkill, since I'm not sure how how any check will affect runtime performance. I guess a little bit of poking around and testing should answer that.

Third is that I don't like that it assumes that there will only ever be 4 fields in the cookie. I think that probably the best solution would be to have it generate keys automatically. So that even if we do change the the internal workings of the cookies, the interface will be decoupled from the implementation. However, the newKey function is right now tucked away as a local function in Mr. Snoyman's clientsession. I extracted the function and made it publicly available, and sent him a pull request herehttps://github.com/yesodweb/clientsession/pull/22, but I have not heard from him yet nor has he accepted it upstream. I'm hoping he eventually does, since I would like to avoid using a patched version as a dependency for this library.

Reply to this email directly or view it on GitHubhttps://github.com/agocorona/MFlow/pull/14#issuecomment-33366875 .

Alberto.