19:34:15 <McManiaC> stepcut: how exactly do these new bodypolycies work?
19:35:09 <McManiaC> if I want to accept only query-data I would define a bodypolicy "defaultBodyPolicy "" 0 1024 0" ?
19:44:51 <stepcut> McManiaC: yeah
19:45:29 <stepcut> well..
19:46:15 <stepcut> if query-data means the stuff in the URL-only, then that should be fine. The policy is only used to decode PUT/POST data in the Request body
19:46:21 <stepcut> so setting it all to 0 should be fine
19:46:40 <McManiaC> stepcut: all? ok
19:46:49 <stepcut> yeah
19:47:12 <stepcut> there is still some roughness in the API there that could be eliminated I think
19:50:42 <McManiaC> ok
20:14:39 <McManiaC> stepcut: a style question
20:15:35 <McManiaC> might there be a reason to export the "Update/Query Foo a" data constructors rather than wrapping them into the "query/update" functions and export them as "MonadIO m => m a" functions?
20:16:29 <McManiaC> other than it is a bit more coding on the library part of course :)
22:06:59 <McManiaC> http://n-sch.de/hdocs/happstack-auth/Happstack-Auth.html (new) vs http://n-sch.de/hdocs/happstack-auth-old/Happstack-Auth.html (old)
22:07:02 <McManiaC> :)
22:08:45 <stepcut> cool
22:09:06 <McManiaC> not done yet :>
22:09:19 <stepcut> it would be nice if someone to pull the auth code out of hackage and combine it all into one epic auth module
22:09:46 <McManiaC> theres more on hackage?
22:11:24 <McManiaC> ah you're talking about facebook & co?
22:17:16 <McManiaC> btw, got another handy version of "look": lookMaybe s = (Just `fmap` look s) `mplus` return Nothing
22:18:54 <stepcut> can't you just do, optional $ look "foo" ?
22:19:00 <stepcut> http://www.haskell.org/ghc/docs/6.12.2/html/libraries/base-
22:22:54 <McManiaC> oh :)
22:23:48 <stepcut> :p
22:23:57 <stepcut> that is nice because you can use it with many variations of look*
22:25:38 <McManiaC> yup indeed
22:26:34 <stepcut> i would kind of like to get rid of some of things like, lookRead and maybe make them into 'predicates' like that
22:28:52 <stepcut> McManiaC: not facebook and co. The new hackage server source code has some auth stuff that uses the browser based auth mechanism (that login/password dialog that the browser itself sometimes popsup)
22:29:23 <stepcut> though ultimately it would be nice to also supposed openid, and perhaps facebook connect
22:30:14 <McManiaC> ah ok
22:32:36 <stepcut> there are a number of happstack auth modules out there, and they all look nearly identical -- so I think it is clearly a place where we should provide a core library with most of the functionality
22:32:51 <stepcut> the actually html for the login/password forms, etc, is app specific
22:33:00 <stepcut> but there is a ton of common functionality
22:33:05 <McManiaC> yes
22:33:17 <stepcut> like salting and hashing passwords
22:33:28 <stepcut> better to have it done once, and right, than 10 times and wrong ;)
22:34:23 <McManiaC> I think after my overhaul this happstack-auth is ready for hackage :>
22:34:43 <stepcut> nice
22:35:50 <McManiaC> probably gonna talk with mighty first tho :>
22:35:55 <McManiaC> since its actually his project :P
22:37:15 <stepcut> what's the license on it ?
22:38:25 <McManiaC> BSD
22:38:30 <stepcut> sweet!
22:38:42 <McManiaC> jup :)
22:40:52 <stepcut> in loginHandler, the links to username and password are bad
22:49:42 <McManiaC> uhm
22:49:56 <McManiaC> I just uploaded a new version, still bad?
22:50:01 <McManiaC> just reload the page
22:51:06 <stepcut> fixed
22:51:34 <McManiaC> k :)
22:51:59 <McManiaC> yeh, mighty had another function like this for user registration
22:52:19 <McManiaC> but I think thats a bit to special and always depends on your app
22:54:03 <McManiaC> but I wooooonder
22:54:10 <McManiaC> where you get the SessionKey lol
22:54:23 <McManiaC> hmmmmmmmmmm
22:54:24 <McManiaC> :D
22:56:28 <stepcut> depends on your app I guess ?
22:57:04 <stepcut> oh.. from newSession ?
22:58:07 <McManiaC> yes thats the only function which currently returns a SessionKey
22:58:11 <McManiaC> :>
22:58:28 <McManiaC> but you dont always want to create a new session when you want to know your sessionkey :)
22:59:45 <stepcut> we you have to start by creating a newSession, and then you are responsible for deciding how other parts of your code know what the session key is
23:00:38 <stepcut> perhaps your code already has a Reader monad that stores an environment, and you can stick it in there or something.. it's pretty application specific
23:01:59 <McManiaC> then you wouldnt need a session :P
23:02:29 <stepcut> well, I think sessions are overrated ;)
23:02:54 <stepcut> but, sessions are a bit different
23:02:55 <McManiaC> hehe
23:03:12 <stepcut> that environment would only exist during the process of a single Request, and then it is destroyed
23:03:34 <stepcut> in theory, sessions are supposed to persist across multiple requests, and then later be destroyed if they have not been accessed in a while
23:03:58 <stepcut> though, I think in many cases you can design your apps to not use sessions at all..
23:04:43 <stepcut> if the user has an account, then you can just store persistent data in their account -- no need to have a second storage place for session data..
23:05:06 <stepcut> if the user does not have an account, then it depends on what your are trying to store in the session..
23:05:34 <stepcut> but in the case of authentication, you are clearly talking about users with accounts
23:07:50 <stepcut> if you are using happstack-state, then I don't see a lot of point of copying data out of the user account component and into the session component.. just use the data directly from the user account component and be done with it ?
23:09:30 <McManiaC> stepcut: if you dont have a sessioncookie/url-parameter you wont know who the user is if you reload the page/go to another page
23:10:11 <stepcut> McManiaC: you need a cookie, but a cookie is not a sesison
23:10:11 <McManiaC> its just a very small number which is used to lookup the session data in the "session-database"
23:10:27 <McManiaC> yes, but I've been talking about just that number :)
23:11:28 <stepcut> perhaps it needs a different name.. like authentication token
23:12:19 <McManiaC> maybe
23:22:37 <McManiaC> http://n-sch.de/hdocs/happstack-auth/index.html I think my work is done :)
23:30:01 <stepcut> nice
23:31:40 <McManiaC> I didn't even know the old happstack-auth had all these functions
23:31:42 <McManiaC> =D
23:31:51 <McManiaC> like loginGate etc
23:37:03 <McManiaC> Showing 11 changed files with 612 additions and 238 deletions.
23:37:06 <McManiaC> :>
23:37:25 <McManiaC> the main Auth.hs file only has 491 lines :D
23:37:27 <stepcut> heh
23:39:12 <McManiaC> even less
23:39:20 <McManiaC> the original file only has 324 lines
23:39:21 <McManiaC> :D
23:39:24 <stepcut> :)