module Web.Spock.SafeActions where
import Web.Scotty.Trans
import Web.Spock.Types
import Web.Spock.Monad
import qualified Data.Text as T
safeActionPath :: SafeAction a
=> a
-> SpockAction conn sess st T.Text
safeActionPath safeAction =
do mgr <- getSessMgr
hash <- (sm_addSafeAction mgr) (PackedSafeAction safeAction)
return $ T.concat [ "/h/", hash ]
hookSafeActions :: SpockM conn sess st ()
hookSafeActions =
do get "/h/:spock-csurf-protection" run
post "/h/:spock-csurf-protection" run
where
run :: SpockAction conn sess st ()
run =
do h <- param "spock-csurf-protection"
mgr <- getSessMgr
mAction <- (sm_lookupSafeAction mgr) h
case mAction of
Nothing ->
next
Just (PackedSafeAction action) ->
runSafeAction action