<      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ None$+0>CIKLNM     H  #      None!"357;>CILNCSafeActions are actions that need to be protected from csrf attacks/The body of the safe action. Either GET or POSTGive you access to a database connectin from the connection pool. The connection is released back to the pool once the function terminates.RRead the application's state. If you wish to have mutable state, you could use a  from the STM packge.Get the session manager%8Hook into the session manager to trigger custom behavior(%Configuration for the session manager*name of the client side cookie+$how long shoud a client session live,,entropy of the session id sent to the client-Nif this is true, every page reload will renew the session time to live counter.initial session for visitors/"persistence interface for sessions0Fhow often should the session manager check for dangeling dead sessions1hooks into the session manager2jYou can feed Spock with either a connection pool, or instructions on how to build a connection pool. See 66MThe ConnBuilder instructs Spock how to create or close a database connection.;fIf Spock should take care of connection pooling, you need to configure it depending on what you need.@Spock configuration, use H# and change single values if neededB initial application global stateCSee 2DSee (EMaximum request size in bytes. % means no limit. Defaults to 5 MB in defaultSpockCfg.FThe F is a specialisation of G with a '()' context.GThe G is the monad of all route-actions. You have access to the context of the request and database, session and state of your application.AInside the SpockAllM monad, you may define routes and middleware.H,Spock configuration with reasonable defaultsI.Session configuration with reasonable defaultsJNOP session hooks` !"#$%&'()*+,-./012 3456!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ789:;<Z !"#$%&'()*+,-./012 3456!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ  !"#$%&'()*+,-./012 3456!"#$%&'( )*+,-./0123456789:;<=>?@ABCDEFGHIJ789:;< None35>LKRead the heart of Spock. This is useful if you want to construct your own monads that work with runQuery and getState using "runSpockIO"LWRun an action inside of Spocks core monad. This allows you to use runQuery and getState=>?KL@AB=>?KL@=>?KL@ABNone4>LSCreate a new session vaultTLoad a sessionU0Store a session, overwriting any previous valuesVRemovea sessionWGet all sessions as listX3Remove all sessions that do not match the predicateYPerform action on all sessionsMNOPQRSTUVWXYZ MNOPQRSTUVWXYPQRZMNOSTUVWXY MNOPQRSTUVWXYZNone [\]^_`abc [\]^_`abc [\]^_`abc[\]^_`abcNone dSetting cookie expiratione0a point in time in UTC until the cookie is validf3a period (in seconds) for which the cookie is validg+the cookie expires with the browser sessionhCookie settingsjcookie expiration setting, see dka path for the cookiela domain for the cookie.  means no domain is setm,whether the cookie should be set as HttpOnlynAwhether the cookie should be marked secure (sent over HTTPS only)oDefault cookie settings, equals CookieSettings { cs_EOL = CookieValidForSession , cs_HTTPOnly = False , cs_secure = False , cs_domain = Nothing , cs_path = "/" }defghijklmnopqdefghijklmnopqhijklmnodefgpqdefghijklmnopq None$IN%r#Get the original Wai Request objects Read a headert+Read a header without converting it to textu;Read a cookie. The cookie value will already be urldecoded.vLTries to dected the preferred format of the response using the Accept headerw)Returns the current request method, e.g. xGet the raw request bodyyParse the request body as jsonzFParse the request body as json and fails with 400 status code on error{Get uploaded files|Get all request params}Read a request param. Spock looks in route captures first (in simple routing), then in POST variables and at last in GET variables~Like }., but outputs an error when a param is missingSet a response statusSet a response header. If the response header is allowed to occur multiple times (as in RFC 2616), it will be appended. Otherwise the previous value is overwritten. See C.CRINTERNAL: Set a response header that can occur multiple times. (eg: Cache-Control)DTINTERNAL: Unsafely set a header (no checking if the header can occur multiple times)ETINTERNAL: Unsafely set a header (no checking if the header can occur multiple times)AAbort the current action and jump the next one matching the routeRedirect to a given urlIf the Spock application is used as a middleware, you can use this to pass request handling to the underlying application. If Spock is not uses as a middleware, or there is no underlying application this will result in 404 error.EModify the vault (useful for sharing data between middleware and app)Query the vault Use a custom F generator as response body.Send a  ByteString$ as response body. Provide your own  Content-Type Send a lazy  ByteString$ as response body. Provide your own  Content-Type?Send text as a response body. Content-Type will be "text/plain">Send a text as response body. Content-Type will be "text/html"Send a file as response>Send json as response. Content-Type will be "application/json"Use a G to generate a response.Convenience Basic authentification provide a title for the prompt and a function to validate user and password. Usage example: get ("auth" <//> var <//> var) $ \user pass -> let checker user' pass' = unless (user == user' && pass == pass') $ do setStatus status401 text "err" in requireBasicAuth "Foo" checker $ \() -> text "ok"{"Lower level" basic authentification handeling. Does not set any headers that will promt browser users, only looks for an  AuthorizationU header in the request and breaks it into username and passwort component if present&Get the context of the current request$Run an Action in a different context2Set a cookie. The cookie value will be urlencoded.Delete a cookie'rstuvwxyz{|}~HCIDE;[\]^_`defghijklmnorstuvwxyz{|}~I'rstuvwxyz{|}~HCIDE None$4INJKLMNOPQRSTUVWXYZ[\]^_ !"#$%&'JKJKLMNOPQRSTUVWXYZ[\]^_None !"$(4IN 9Run a Spock application. Basically just a wrapper aroung `.Like K, but does not display the banner "Spock is running on port XXX" on stdout.WConvert a middleware to an application. All failing requests will result in a 404 pageRegenerate the users sessionId. This preserves all stored data. Call this prior to logging in a user to prevent session fixation attacks.}Get the current users sessionId. Note that this ID should only be shown to it's owner as otherwise sessions can be hijacked.Write to the current session. Note that all data is stored on the server. The user only reciedes a sessionId to be identified.Modify the stored session,Modify the stored session and return a valueEModify the stored session and return the new value after modificationRead the stored sessionnGlobally delete all existing sessions. This is useful for example if you want to require all users to reloginnApply a transformation to all sessions. Be careful with this, as this may cause many STM transaction retries.ASimple session persisting configuration. DO NOT USE IN PRODUCTION } !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL[\]^_`defghijklmnorstuvwxyz{|}~}FGrstuwv[\]^_`xyz{|}~hijklmnodefg@ABCDEH23456789:;<=>?I()*+,-./01J%&'!"#$KL None !"$>ILNaRun a spock application using the warp server, a given db storageLayer and an initial state. Spock works with database libraries that already implement connection pooling and with those that don't come with it out of the box. For more see the 2 type.beRun a raw spock server on a defined port. If you don't need a custom base monad you can just supply c as lift function.abdefgababNone !"$4CINCreate a spock application using a given db storageLayer and an initial state. Spock works with database libraries that already implement connection pooling and with those that don't come with it out of the box. For more see the 2 type. Use runSpock to run the app or  spockAsApp to create a Wai.ApplicationACreate a raw spock application with custom underlying monad Use runSpock to run the app or  spockAsApp to create a Wai.Application.Like spockT@, but the first argument is request size limit in bytes. Set to  to disable.#Combine two route components safely"/foo" <//> "/bar" "/foo/bar""foo" <//> "bar" "/foo/bar""foo <//> "/bar" "/foo/bar"6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  'GET'/'POST' and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route matchMSpecify an action that will be run when a HTTP verb and the given route matchSpecify an action that will be run when a HTTP verb matches but no defined route matches. The full path is passed as an argument%Define a subcomponent. Usage example: subcomponent "site" $ do get "home" homeHandler get ("misc" <//> ":param") $ -- ... subcomponent "/admin" $ get "home" adminHomeHandlertThe request /site/home will be routed to homeHandler and the request /admin/home will be routed to adminHomeHandlerHook wai middleware into SpocknWire up a safe action: Safe actions are actions that are protected from csrf attacks. Here's a usage example: newtype DeleteUser = DeleteUser Int deriving (Hashable, Typeable, Eq) instance SafeAction Connection () () DeleteUser where runSafeAction (DeleteUser i) = do runQuery $ deleteUserFromDb i redirect "/user-list" get ("user-details" <//> ":userId") $ do userId <- param' "userId" deleteUrl <- safeActionPath (DeleteUser userId) html $ "Click <a href='" <> deleteUrl <> "'>here</a> to delete user!"CNote that safeActions currently only support GET and POST requests.hijklmn  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL[\]^_`defghijklmnorstuvwxyz{|}~ hijklmnNone !"$(4CINCreate a spock application using a given db storageLayer and an initial state. Spock works with database libraries that already implement connection pooling and with those that don't come with it out of the box. For more see the 2 type. Use runSpock to run the app or  spockAsApp to create a Wai.ApplicationACreate a raw spock application with custom underlying monad Use runSpock to run the app or  spockAsApp to create a Wai.Application< The first argument is request size limit in bytes. Set to  to disable.Like spockT<, but first argument is request size limit in bytes. Set to  to disable.6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  'GET'/'POST' and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route match6Specify an action that will be run when the HTTP verb  and the given route matchcSpecify an action that will be run before all subroutes. It can modify the requests current contextMSpecify an action that will be run when a HTTP verb and the given route matchSpecify an action that will be run when a HTTP verb matches but no defined route matches. The full path is passed as an argument%Define a subcomponent. Usage example: subcomponent "site" $ do get "home" homeHandler get ("misc" <//> var) $ -- ... subcomponent "admin" $ do get "home" adminHomeHandlertThe request /site/home will be routed to homeHandler and the request /admin/home will be routed to adminHomeHandlerHook wai middleware into SpocknWire up a safe action: Safe actions are actions that are protected from csrf attacks. Here's a usage example: newtype DeleteUser = DeleteUser Int deriving (Hashable, Typeable, Eq) instance SafeAction Connection () () DeleteUser where runSafeAction (DeleteUser i) = do runQuery $ deleteUserFromDb i redirect "/user-list" get ("user-details" <//> var) $ \userId -> do deleteUrl <- safeActionPath (DeleteUser userId) html $ "Click <a href='" <> deleteUrl <> "'>here</a> to delete user!"CNote that safeActions currently only support GET and POST requests.Combine two path components#Render a route applying path piecesopqrstuvw  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL[\]^_`defghijklmnorstuvwxyz{|}~'  opqrstuvw None  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL[\]^_`defghijklmnorstuvwxyz{|}~x !"##$%&'()*+,-./0122345567789:;<=>?@ABCDDEFGHHIJKLLMNOPQRSTU V WXXYZ[\]^_`abcdefghijklmnopqrrstuvwxyz { | } ~  !       !1"#$%&'()* + , - . / 0 1 2 3456457 8 9 : ; < = > ? @ A B C D E F G H I J K L M N OPQR S TUVVVVWXYZ[X\\]^_Y`aSpock_9WlguxnpoaCDaPQzwcm1DyWeb.Spock.SimpleWeb.Spock.SafeWeb.Spock.SharedWeb.Spock.Internal.SessionVaultWeb.Spock.Internal.UtilWeb.Spock.Internal.CookiesWeb.Spock.Internal.WireWeb.Spock.Internal.TypesWeb.Spock.Internal.MonadWeb.Spock.Internal.CoreAction!Web.Spock.Internal.SessionManagerWeb.Spock.Internal.Core Web.Spockhttpt_K1GcYiiEBxaBOQVfjX52vaNetwork.HTTP.Types.MethodPATCHOPTIONSCONNECTTRACEDELETEPUTHEADPOSTGET StdMethodrerou_0PhQXlk3Eqq8z0DDZ2WGzcWeb.Routing.SafeRoutingrootstaticvarPathVar ActionCtxTActionT UploadedFileuf_nameuf_contentTypeuf_tempLocation SessionId WebStateM SafeAction runSafeActionHasSpock SpockConn SpockState SpockSessionrunQuerygetStateWebStateSessionPersistCfgspc_load spc_store SessionHooks sh_removed SessionCfg sc_cookieName sc_sessionTTLsc_sessionIdEntropysc_sessionExpandTTLsc_emptySession sc_persistCfgsc_housekeepingIntervalsc_hooks PoolOrConnPCPoolPCConn PCNoDatabase ConnBuilder cb_createConncb_destroyConncb_poolConfigurationPoolCfg pc_stripespc_resPerStripepc_keepOpenTimeSpockCfgspc_initialState spc_databasespc_sessionCfgspc_maxRequestSize SpockActionSpockActionCtxdefaultSpockCfgdefaultSessionCfgdefaultSessionHooks getSpockHeart runSpockIO SessionVaultunSessionVault IsSession SessionKey getSessionKeynewSessionVault loadSession storeSession deleteSessiontoListfilterSessions mapSessions$fIsSessionSessionClientPreferredFormatPrefJSONPrefXMLPrefHTMLPrefText PrefUnknown mimeMappingdetectPreferredFormat mapReqHeaders CookieEOLCookieValidUntilCookieValidForCookieValidForSessionCookieSettingscs_EOLcs_path cs_domain cs_HTTPOnly cs_securedefaultCookieSettingsgenerateCookieHeaderString parseCookiesrequestheader rawHeadercookiepreferredFormat reqMethodbodyjsonBody jsonBody'filesparamsparamparam' setStatus setHeaderjumpNextredirectmiddlewarePass modifyVault queryVaultresponsebytes lazyBytestexthtmlfilejsonstreamrequireBasicAuthwithBasicAuthData getContext runInContext setCookie deleteCookierunSpockrunSpockNoBanner spockAsAppsessionRegenerateId getSessionId writeSession modifySessionmodifySession'modifyReadSession readSessionclearAllSessionsmapAllSessionsreadShowSessionPersist SpockRouteSpockTSpockMspockspockT spockLimTgetpostgetpostheadputdeletepatch hookRoutehookAny subcomponent middlewaresafeActionPath SpockCtxT SpockCtxMprehook renderRoute SizeException SpockAllT runActionCtxTErrorTActionInteruptActionRedirect ActionTryNext ActionError ActionDoneActionMiddlewarePass ResponseStaters_responseHeadersrs_multiResponseHeaders rs_statusrs_responseBody MultiHeaderMultiHeaderCacheControlMultiHeaderConnectionMultiHeaderContentEncodingMultiHeaderContentLanguageMultiHeaderPragmaMultiHeaderProxyAuthenticateMultiHeaderTrailerMultiHeaderTransferEncodingMultiHeaderUpgradeMultiHeaderViaMultiHeaderWarningMultiHeaderWWWAuthMultiHeaderSetCookie ResponseBody RequestInfo ri_method ri_request ri_paramsri_queryParamsri_files ri_vaultIf ri_contextVaultIfvi_modifyVault vi_lookupKey multiHeaderCImultiHeaderMap runErrorTrespStateToResponse errorResponse defResponsenotFound invalidReq serverError sizeErrormiddlewareToAppmakeActionEnvironmentremoveUploadedFiles applyAction handleRequesthandleRequest'requestSizeCheckbuildMiddleware$fExceptionSizeException$fMonadTransActionCtxT$fMonoidActionInterupt$fHashableMultiHeader$fHashableStdMethodbase GHC.Conc.SyncTVar getSessMgrGHC.BaseNothing SpockAllMSessionManagersm_getSessionIdsm_regenerateSessionIdsm_readSessionsm_writeSessionsm_modifySessionsm_mapSessionssm_clearAllSessions sm_middlewaresm_addSafeActionsm_lookupSafeActionsm_removeSafeActionsm_closeSessionManagerSessionsess_idsess_validUntil sess_datasess_safeActions WebStateT runWebStateTSafeActionHashSafeActionStore sas_forward sas_reversePackedSafeActionunpackSafeAction web_dbConnweb_sessionMgr web_state $fShowSession$fMonadBaseControlbWebStateT$fMonadTransControlWebStateT$fMonadBasebWebStateT$fEqPackedSafeAction$fHashablePackedSafeActionwebM runQueryImpl getStateImplgetSessMgrImpl$fHasSpockWebStateT $fHasSpocktsetMultiHeadersetHeaderUnsafesetRawHeaderUnsafewai_8DqQbyMjV0W9hrmBvP33zANetwork.Wai.InternalResponse StreamingBody setRawHeadersetRawMultiHeaderwithSessionManagercreateSessionManagerregenerateSessionIdImplgetSessionIdImplmodifySessionBasereadSessionBaseaddSafeActionImpllookupSafeActionImplremoveSafeActionImplreadSessionImplwriteSessionImplmodifySessionImplmakeSessionIdCookiesessionMiddlewarenewSessionImplloadSessionImpldeleteSessionImplclearAllSessionsImplmapAllSessionsImplhousekeepSessions createSession randomHashwarp_6BWaLIsOjYk6Qky3fNeoFDNetwork.Wai.Handler.Warp.RunrunspockAll spockAllTidWeb.Routing.AbstractRouter _unSpockRoute runSpockThookSafeActions$fIsStringSpockRoute$fMonadTransSpockT LiftHooked unLiftHooked injectHook baseAppHook$fMonadTransSpockCtxT