Actually export the new options (#1825 )

* actually export the new options * bump version number, update changelog
Add an options data structure to allow fine-tuned control of what instances are generated for a route (#1819 )
2023-11-28 15:04:23 -07:00 · 2023-10-23 08:39:21 -06:00 · 2023-09-22 07:29:39 +03:00 · 2023-09-19 17:50:20 +03:00 · 2023-09-19 13:13:06 +00:00 · 2023-09-19 13:10:12 +00:00
283 changed files with 22236 additions and 43644 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -0,0 +1,29 @@
 <!---
 ### Bug Reports
 Reporting a bug? If relevant, we recommend including:
 * Your OS name and version
 * The versions of tools you're using (e.g. `stack`, `yesod` `ghc`).
 * The versions of dependencies you're using
 For your convenience, we recommend pasting this script into bash and uploading the output [as a gist](https://gist.github.com/).
 ```
 command -v sw_vers && sw_vers # OS X only
 command -v uname && uname -a # Kernel version
 command -v stack && stack --version
 command -v stack && stack ghc -- --version
 command -v stack && stack ls dependencies
 command -v yesod && yesod version
 ```
 * Also, is there anything custom or unusual about your setup? i.e. new or prerelease versions of GHC, stack, etc.
 * Finally, if possible, please reproduce the error in a small script, or if necessary create a new Github repo with the smallest possible reproducing case. [Stack's scripting support](https://docs.haskellstack.org/en/stable/GUIDE/#script-interpreter) might be useful for creating your reproduction example.
 ### Support
 Please direct support questions to [Stack Overflow](https://stackoverflow.com/questions/tagged/yesod+haskell) or the [Yesod Google Group](https://groups.google.com/forum/#!forum/yesodweb). If you don't get a response there, or you suspect there may be a bug in Yesod causing your problem, you're welcome to ask here.
 -->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -0,0 +1,14 @@
 Before submitting your PR, check that you've:
 - [ ] Bumped the version number
 - [ ] Documented new APIs with [Haddock markup](https://www.haskell.org/haddock/doc/html/index.html)
 - [ ] Added [`@since` declarations](http://haskell-haddock.readthedocs.io/en/latest/markup.html#since) to the Haddocks for new, public APIs
 After submitting your PR:
 - [ ] Update the Changelog.md file with a link to your PR
 - [ ] Check that CI passes (or if it fails, for reasons unrelated to your change, like CI timeouts)
 <!---Thanks so much for contributing! :)
 _If these checkboxes don't apply to your PR, you can delete them_-->
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@ -0,0 +1,56 @@
 name: Tests
 on:
    pull_request:
    push:
        branches:
        - master
 jobs:
  build:
    name: CI
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        args:
        #- "--resolver nightly"
        - "--resolver nightly-2022-02-11"
        - "--resolver lts-18"
        - "--resolver lts-16"
        - "--resolver lts-14"
        - "--resolver lts-12"
        - "--resolver lts-11"
        # Bugs in GHC make it crash too often to be worth running
        exclude:
          - os: windows-latest
            args: "--resolver nightly"
          - os: macos-latest
            args: "--resolver lts-16"
          - os: macos-latest
            args: "--resolver lts-14"
          - os: macos-latest
            args: "--resolver lts-12"
          - os: macos-latest
            args: "--resolver lts-11"
    steps:
      - name: Clone project
        uses: actions/checkout@v2
 # Getting weird OS X errors...
 #      - name: Cache dependencies
 #        uses: actions/cache@v1
 #        with:
 #          path: ~/.stack
 #          key: ${{ runner.os }}-${{ matrix.resolver }}-${{ hashFiles('stack.yaml') }}
 #          restore-keys: |
 #            ${{ runner.os }}-${{ matrix.resolver }}-
      - name: Build and run tests
        shell: bash
        run: |
            set -ex
            stack --version
            stack test --fast --no-terminal ${{ matrix.args }}
--- a/.gitignore
+++ b/.gitignore
@ -1,12 +1,29 @@
 *~
 *.o
 *.o_p
 *.hi
-dist
+dist/
 dist-stack/
 stack.yaml.lock
 .stack-work
 *.swp
 client_session_key.aes
 cabal-dev/
 yesod/foobar/
-.virthualenv
+.hsenv/
 .cabal-sandbox/
 cabal.sandbox.config
 /vendor/
-/.shelly/
+.shelly/
-/tarballs/
+tarballs/
 # useful when mounting into docker
 .cabal
 .ghc
 .stackage
 .bash_history
 # OS X
 .DS_Store
 *.yaml.lock
 dist-newstyle/
--- a/.gitmodules
+++ b/.gitmodules
@ -1,3 +0,0 @@
 [submodule "scripts"]
 	path = scripts
 	url = git://github.com/yesodweb/scripts.git
--- a/.travis.yml
+++ b/.travis.yml
@ -1,13 +0,0 @@
 language: haskell
 install:
    - cabal update
    - cabal install mega-sdist hspec cabal-meta cabal-src
    - git clone https://github.com/snoyberg/tagstream-conduit.git
    - cd tagstream-conduit
    - cabal-src-install --src-only
    - cd ..
    - cabal-meta install --force-reinstalls --enable-tests
 script:
    - echo Done
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -0,0 +1,74 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, gender identity and expression, level of experience,
 education, socio-economic status, nationality, personal appearance, race,
 religion, or sexual identity and orientation.
 ## Our Standards
 Examples of behavior that contributes to creating a positive environment
 include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
 * Gracefully accepting constructive criticism
 * Focusing on what is best for the community
 * Showing empathy towards other community members
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery and unwelcome sexual attention or
  advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or electronic
  address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
  professional setting
 ## Our Responsibilities
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
 Project maintainers have the right and responsibility to remove, edit, or
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct, or to ban temporarily or
 permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 ## Scope
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
 representing a project or community include using an official project e-mail
 address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by contacting the project team at `michael at snoyman dot com`. All
 complaints will be reviewed and investigated and will result in a response that
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
 Further details of specific enforcement policies may be posted separately.
 Project maintainers who do not follow or enforce the Code of Conduct in good
 faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 [homepage]: https://www.contributor-covenant.org
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -0,0 +1,95 @@
 # Contributing
 Thanks for your interest in contributing to Yesod! This file has some tips for developing Yesod and getting a pull request accepted.
 ## Development
 Yesod is a mega-repo that contains many Haskell packages, each in a different directory. All the subprojects can be developed with Stack, using `stack <command> <subproject>`, e.g.
 * `stack build yesod-form`
 * `stack test yesod-auth`
 * `stack haddock yesod-websockets`
 If you'd like to test your changes in a full-fledged Yesod app, you can use Stack to build against it, e.g.:
 ```
 packages:
 - '/path/to/this/repo/yesod-auth'
 ```
 ## Coding Guidelines
 ### Safety
 Avoid partial functions. Even if you know the partial function is safe in your instance, partial functions require more reasoning from the programmer and are not resilient to refactoring. For the rare cases where a partial function is appropriate, a custom `error` should be used.
 ### Style 
 Keep coding style consistent with the rest of the file, but don't worry about style too much otherwise. PRs changing code style are viewed skeptically.
 ### Dependencies
 Avoid adding unnecessary dependencies. If a dependency provides only a minor convenience for your implementation, it's probably better to skip it.
 If you do add a new dependency, try to support a wide range of versions of it.
 ### Backwards Compatibility
 Backwards incompatible changes are viewed skeptically—best to ask in an issue to see if a particular backwards incompatible change would be approved. If possible keep backwards compatibility by adding new APIs and deprecating old ones.
 Keep backwards compatibility with old versions of dependencies when possible.
 ## PR Guidelines
 ### PR Scope
 As much as possible, keep separate changes in separate PRs.
 ### Testing
 Tests are recommended, but not required.
 ### Documentation
 All public APIs must be documented. Documenting private functions is optional, but may be nice depending on their complexity. Example documentation:
 ```
 -- | Looks up the hidden input named "_token" and adds its value to the params.
 --
 -- ==== __Examples__
 --
 -- > request $ do
 -- >   addToken_ "#formID"
 --
 -- @since 1.5.4
 addToken_ :: Query -- ^ CSS selector that resolves to the @<form>@ containing the token.
 		  -> RequestBuilder site ()
 ```
 Examples are recommended, but not required, in documentation. Marking new APIs with `@since <version number>` is required.
 ### Versioning
 Yesod packages roughly follow the Haskell Package Versioning Policy style of A.B.C.[D] (MAJOR.MAJOR.MINOR.[PATCH])
 * A - Used for massive changes in the library. (Example: 1.2.3.4 becomes 2.0.0)
 * B - Used for smaller breaking changes, like removing, renaming, or changing behavior of existing public API. (Example: 1.2.3.4 becomes 1.3.0)
 * C - Used for new public APIs (Example: 1.2.3.4 becomes 1.2.4)
 * D - Used for bug fixes (Example: 1.2.3.4 becomes 1.2.3.5).
 	* D is optional in the version number, so 2.0.0 is a valid version.
 Documentation changes don't require a new version.
 If you feel there is ambiguity to a change (e.g. fixing a bug in a function, when people may be relying on the old broken behavior), you can ask in an issue or pull request.
 Unlike in the Package Versioning Policy, deprecations are not counted as MAJOR changes.
 In some cases, dropping compatibility with a major version of a dependency (e.g. changing from transformers >= 0.3 to transformers >= 0.4), is considered a breaking change.
 ### Changelog
 After you submit a PR, update the subproject's Changelog.md file with the new version number and a link to your PR. If your PR does not need to bump the version number, include the change in an "Unreleased" section at the top.
 ### Releases
 Releases should be done as soon as possible after a pull request is merged—don't be shy about reminding us to make a release if we forget.
--- a/36
+++ b/36
@ -0,0 +1,36 @@
 FROM haskell:7.10
 MAINTAINER Greg Weber
 # Intended as a development environment
 #
 #    docker build -t yesod .
 #    docker run --rm -i -t -v `pwd`:/home/haskell yesod /bin/bash
 #    stackage update
 #
 RUN apt-get update && apt-get install sudo \
    # ssl stuff that you may find useful
 && apt-get install -y libssl-dev ca-certificates libcurl4-openssl-dev \
    # stackage-cli uses git. authbind can be useful for exposing ports
 && apt-get install -y git authbind \
 && apt-get clean
 # run as a user named "haskell"
 RUN useradd -m -d /home/haskell -s /bin/bash haskell
 RUN mkdir -p /etc/sudoers.d && echo "haskell ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/haskell && chmod 0440 /etc/sudoers.d/haskell
 ENV HOME /home/haskell
 WORKDIR /home/haskell
 USER haskell
 ENV LANG   C.UTF-8
 ENV LC_ALL C.UTF-8
 # install stackage binaries to /opt/stackage
 RUN sudo mkdir -p /opt/stackage/bin
 ENV PATH /opt/stackage/bin:.cabal-sandbox/bin:.cabal/bin:$PATH:./
 RUN sudo chown haskell:haskell /opt/stackage/bin
 RUN cabal update \
 && cabal install stackage-update && stackage-update \
 && cabal install stackage-install \
 && stackage-install stackage-cli stackage-cabal stackage-sandbox stackage-upload \
 && mv /home/haskell/.cabal/bin/* /opt/stackage/bin/ \
 && rm -r /home/haskell/.cabal 
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-Copyright (c) 2012 Michael Snoyman, http://www.yesodweb.com/
+Copyright (c) 2012-2017 Michael Snoyman, http://www.yesodweb.com/
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
--- a/README.md
+++ b/README.md
@ -1,4 +1,6 @@
-# Yesod
+![Tests](https://github.com/yesodweb/yesod/workflows/Tests/badge.svg)
 # Yesod Web Framework
 An advanced web framework using the Haskell programming language. Featuring:
@ -9,123 +11,51 @@ An advanced web framework using the Haskell programming language. Featuring:
    * techniques for constant-space memory consumption
  * asynchronous IO
    * this is built in to the Haskell programming language (like Erlang)
    * handles a greater concurrent load than any other web application server
-# Learn more: http://yesodweb.com/
+## Getting Started
-## Install the latests stable Yesod: http://www.yesodweb.com/page/quickstart
+Learn more about Yesod on [its main website](http://www.yesodweb.com/). If you
 want to get started using Yesod, we strongly recommend the [quick start
 guide](http://www.yesodweb.com/page/quickstart), based on [the Haskell build
 tool stack](https://github.com/commercialhaskell/stack#readme).
-    cabal update && cabal install yesod
+Here's a minimal example!
-### Create a new project after installing
+```haskell
 {-# LANGUAGE OverloadedStrings, QuasiQuotes, TemplateHaskell, TypeFamilies #-}
-    yesod init
+import Yesod
-Your application is a cabal package and you use `cabal` to install its dependencies.
+data App = App -- Put your config, database connection pool, etc. in here.
-# Installing & isolation
+-- Derive routes and instances for App.
 mkYesod "App" [parseRoutes|
 / HomeR GET
 |]
-Install conflicts are unfortunately common in Haskell development.
+instance Yesod App -- Methods in here can be overridden as needed.
 If you are not using any sandbox tools, you may discover that some of the other haskell installs on your system are broken.
 You can prevent this by using sandbox tools: `cabal-dev` or `hsenv`.
-Isolating an entire project with a virtual machine is also a great idea, you just need some tools to help that process.
+-- The handler for the GET request at /, corresponds to HomeR.
-[Vagrant](http://vagrantup.com) is a great tool for that and there is a [Haskell Platform installer](https://bitbucket.org/puffnfresh/vagrant-haskell-heroku) for it.
+getHomeR :: Handler Html
 getHomeR = defaultLayout [whamlet|Hello World!|]
-## Using cabal-dev
+main :: IO ()
 main = warp 3000 App
 ```
-cabal-dev creates a sandboxed environment for an individual cabal package.
+To read about each of the concepts in use above (routing, handlers,
-Instead of using the `cabal` command, use the `cabal-dev` command which will use the sandbox.
+linking, JSON), in detail, visit
 [Basics in the Yesod book](https://www.yesodweb.com/book/basics#basics_routing).
-Use `yesod devel --dev` when developing your application.
+## Hacking on Yesod
 Yesod consists mostly of four repositories:
 ```bash
 git clone --recurse-submodules http://github.com/yesodweb/shakespeare
 git clone --recurse-submodules http://github.com/yesodweb/persistent
 git clone --recurse-submodules http://github.com/yesodweb/wai
 git clone --recurse-submodules http://github.com/yesodweb/yesod
 ```
-## Installing the latest development version from github for use with your application
+Each repository can be built with `stack build`.
    cabal update
    cabal install cabal-meta cabal-src
 In your application folder, create a `sources.txt` file with the following contents:
    ./
    https://github.com/yesodweb/yesod
    https://github.com/yesodweb/shakespeare
    https://github.com/yesodweb/persistent
    https://github.com/yesodweb/wai
 `./` means build your app. The yesod repos will be cloned and placed in a `vendor` repo.
 Now run: `cabal-meta install`. If you use `cabal-dev`, run `cabal-meta --dev install`
 This should work almost all of the time. You can read more on [cabal-meta](https://github.com/yesodweb/cabal-meta)
 If you aren't building from an application, remove the `./` and create a new directory for your sources.txt first.
 ## hsenv (Linux only)
 [hsenv](http://hackage.haskell.org/package/hsenv) prevents your custom build of Yesod from interfering with your currently installed cabal packages:
 * hsenv creates an isolated environment like cabal-dev
 * hsenv works at the shell level, so every shell must activate the hsenv
 * cabal-dev by default isolates a single cabal package, but hsenv isolates multiple packages together.
 * cabal-dev can isolate multiple packages together by using the -s sandbox argument
 ## cabal-src
 The cabal-src tool helps resolve dependency conflicts when installing local packages.
 This capability is already built in if you are using cabal-dev or cabal-meta. Otherwise install cabal-src with:
    cabal install cabal-src
 Whenever you would use `cabal install` to install a local package, use `cabal-src-install` instead.
 Our installer script now uses cabal-src-install when it is available.
 ## Cloning the repos
 The above instructions for building the latest should work well.
 But you can clone the repos without the help of cabal-meta:
 ~~~ { .bash }
 for repo in shakespeare persistent wai yesod; do
  git clone http://github.com/yesodweb/$repo
  (
    cd $repo
    git submodule update --init
  )
 done
 ~~~~
 ## Building your changes to Yesod
 Yesod is composed of 4 "mega-repos", each with multiple cabal packages. `./script/install` will run tests against each package and install each package.
 ### install package in all repos
 ~~~ { .bash }
 for repo in shakespeare persistent wai yesod; do
    pushd $repo
    ./scripts/install
    popd
 done
 ~~~
 ### Clean build (sometimes necessary)
 ~~~ { .bash }
 ./scripts/install --clean
 ~~~
 ### Building individual packages
 ~~~ { .bash }
 # move to the individual package you are working on
 cd shakespeare-text
 # build and test the individual package
 cabal configure -ftest --enable-tests
 cabal build
 cabal test
 ~~~
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@ -1,5 +0,0 @@
 Release notes are maintained on the wiki.
 https://github.com/yesodweb/yesod/wiki/Changelog (high level features)
 https://github.com/yesodweb/yesod/wiki/Detailed-change-list (see for breaking changes)
--- a/cabal.project
+++ b/cabal.project
@ -0,0 +1,15 @@
 packages:
  yesod-core
  yesod-static
  yesod-persistent
  yesod-newsfeed
  yesod-form
  yesod-form-multi
  yesod-auth
  yesod-auth-oauth
  yesod-sitemap
  yesod-test
  yesod-bin
  yesod
  yesod-eventsource
  yesod-websockets
--- a/demo/auth/config/secrets.yaml
+++ b/demo/auth/config/secrets.yaml
@ -0,0 +1,2 @@
 accessKey: <your access key>
 secretKey: <your secret key>
--- a/demo/auth/email_auth_ses_mailer.hs
+++ b/demo/auth/email_auth_ses_mailer.hs
@ -0,0 +1,205 @@
 {-# LANGUAGE FlexibleContexts           #-}
 {-# LANGUAGE GADTs                      #-}
 {-# LANGUAGE GeneralizedNewtypeDeriving #-}
 {-# LANGUAGE MultiParamTypeClasses      #-}
 {-# LANGUAGE OverloadedStrings          #-}
 {-# LANGUAGE QuasiQuotes                #-}
 {-# LANGUAGE TemplateHaskell            #-}
 {-# LANGUAGE TypeFamilies               #-}
 {-# LANGUAGE OverloadedStrings          #-}
 import           Control.Monad (join)
 import           Control.Monad.Logger (runNoLoggingT)
 import           Data.Maybe (isJust)
 import           Data.Yaml
 import           Data.Text (Text)
 import qualified Data.Text.Encoding as TE
 import qualified Data.Text.Lazy.Encoding as LTE
 import           Database.Persist.Sqlite
 import           Database.Persist.TH
 import           Network.Mail.Mime
 import           Text.Blaze.Html.Renderer.Utf8 (renderHtml)
 import           Text.Shakespeare.Text (stext)
 import           Yesod
 import           Yesod.Auth
 import           Yesod.Auth.Email
 import           Network.Mail.Mime.SES
 import           Data.ByteString.Char8
 import           Control.Monad (mzero)
 import           Network.HTTP.Client.Conduit (Manager, newManager, HasHttpManager (getHttpManager))
 import           System.Exit (exitWith, ExitCode( ExitFailure ))
 share [mkPersist sqlSettings { mpsGeneric = False }, mkMigrate "migrateAll"] [persistLowerCase|
 User
    email Text
    password Text Maybe -- Password may not be set yet
    verkey Text Maybe -- Used for resetting passwords
    verified Bool
    UniqueUser email
 |]
 data App = App
    { sqlBackend     :: SqlBackend
    , appHttpManager :: Manager
    }
 instance HasHttpManager App where
  getHttpManager = appHttpManager
 mkYesod "App" [parseRoutes|
 / HomeR GET
 /auth AuthR Auth getAuth
 |]
 instance Yesod App where
    -- Emails will include links, so be sure to include an approot so that
    -- the links are valid!
    approot = ApprootStatic "http://localhost:3000"
 instance RenderMessage App FormMessage where
    renderMessage _ _ = defaultFormMessage
 -- Set up Persistent
 instance YesodPersist App where
    type YesodPersistBackend App = SqlBackend
    runDB f = do
        App conn _ <- getYesod
        runSqlConn f conn
 instance YesodAuth App where
    type AuthId App = UserId
    loginDest _ = HomeR
    logoutDest _ = HomeR
    authPlugins _ = [authEmail]
    -- Need to find the UserId for the given email address.
    getAuthId creds = runDB $ do
        x <- insertBy $ User (credsIdent creds) Nothing Nothing False
        return $ Just $
            case x of
                Left (Entity userid _) -> userid -- newly added user
                Right userid -> userid -- existing user
    authHttpManager = error "Email doesn't need an HTTP manager"
 instance YesodAuthPersist App
 -- Here's all of the email-specific code
 data SesKeys = SesKeys { accessKey :: !Text, secretKey :: !Text }
 instance FromJSON SesKeys where
  parseJSON (Object v) =
    SesKeys <$> v .: "accessKey"
            <*> v .: "secretKey"
  parseJSON _ = mzero
 instance YesodAuthEmail App where
    type AuthEmailId App = UserId
    afterPasswordRoute _ = HomeR
    addUnverified email verkey =
        runDB $ insert $ User email Nothing (Just verkey) False
    -- Send the verification email with your SES credentials located in config/secrets.yaml
    -- NOTE: The email address you're sending from will have to be verified on SES
    sendVerifyEmail email _ verurl = do
        h <- getYesod
        sesCreds <- liftIO $ getSESCredentials
        liftIO $ renderSendMailSES (getHttpManager h) sesCreds (emptyMail $ Address Nothing "noreply@example.com")
            { mailTo = [Address Nothing email]
            , mailHeaders =
                [ ("Subject", "Verify your email address")
                ]
            , mailParts = [[textPart, htmlPart]]
            }
      where
        getSESCredentials :: IO SES
        getSESCredentials = do
            key <- getsesAccessKey
            return SES {
                sesTo = [(TE.encodeUtf8 email)],
                sesFrom = "noreply@example.com",
                sesAccessKey =  TE.encodeUtf8 $ accessKey key,
                sesSecretKey =  TE.encodeUtf8 $ secretKey key,
                sesRegion = usWest2 }
        getsesAccessKey :: IO SesKeys
        getsesAccessKey = do
            ymlConfig <- Data.ByteString.Char8.readFile "config/secrets.yaml"
            case decode ymlConfig of
                Nothing -> do Data.ByteString.Char8.putStrLn "Error while parsing secrets.yaml"; System.Exit.exitWith (ExitFailure 1)
                Just c -> return c
        textPart = Part
            { partType = "text/plain; charset=utf-8"
            , partEncoding = None
            , partFilename = Nothing
            , partContent = LTE.encodeUtf8 $
                [stext|
                    Please confirm your email address by clicking on the link below.
                    #{verurl}
                    Thank you
                |]
            , partHeaders = []
            }
        htmlPart = Part
            { partType = "text/html; charset=utf-8"
            , partEncoding = None
            , partFilename = Nothing
            , partContent = renderHtml
                [shamlet|
                    <p>Please confirm your email address by clicking on the link below.
                    <p>
                        <a href=#{verurl}>#{verurl}
                    <p>Thank you
                |]
            , partHeaders = []
            }
    getVerifyKey = runDB . fmap (join . fmap userVerkey) . get
    setVerifyKey uid key = runDB $ update uid [UserVerkey =. Just key]
    verifyAccount uid = runDB $ do
        mu <- get uid
        case mu of
            Nothing -> return Nothing
            Just u -> do
                update uid [UserVerified =. True]
                return $ Just uid
    getPassword = runDB . fmap (join . fmap userPassword) . get
    setPassword uid pass = runDB $ update uid [UserPassword =. Just pass]
    getEmailCreds email = runDB $ do
        mu <- getBy $ UniqueUser email
        case mu of
            Nothing -> return Nothing
            Just (Entity uid u) -> return $ Just EmailCreds
                { emailCredsId = uid
                , emailCredsAuthId = Just uid
                , emailCredsStatus = isJust $ userPassword u
                , emailCredsVerkey = userVerkey u
                , emailCredsEmail = email
                }
    getEmail = runDB . fmap (fmap userEmail) . get
 getHomeR :: Handler Html
 getHomeR = do
    maid <- maybeAuthId
    defaultLayout
        [whamlet|
            <p>Your current auth ID: #{show maid}
            $maybe _ <- maid
                <p>
                    <a href=@{AuthR LogoutR}>Logout
            $nothing
                <p>
                    <a href=@{AuthR LoginR}>Go to the login page
        |]
 main :: IO ()
 main = runNoLoggingT $ withSqliteConn "email.db3" $ \conn -> liftIO $ do
    runSqlConn (runMigration migrateAll) conn
    httpManager <- newManager
    warp 3000 $ App conn httpManager
--- a/demo/subsite/WikiRoutes.hs
+++ b/demo/subsite/WikiRoutes.hs
@ -21,7 +21,7 @@ data Wiki = Wiki
    }
 -- | A typeclass that all master sites that want a Wiki must implement. A
-- master must be able to render form messages, as we use yesod-forms for
+-- master must be able to render form messages, as we use yesod-form for
 -- processing user input.
 class (RenderMessage master FormMessage, Yesod master) => YesodWiki master where
    -- | Write protection. By default, no protection.
--- a/package-list.sh
+++ b/package-list.sh
@ -1,15 +0,0 @@
 #!/bin/bash
 pkgs=(      ./yesod-routes
            ./yesod-core
            ./yesod-json
            ./crypto-conduit
            ./authenticate/authenticate
            ./yesod-static
            ./yesod-persistent
            ./yesod-newsfeed
            ./yesod-form
            ./yesod-auth
            ./yesod-sitemap
            ./yesod-default
            ./yesod )
--- a/1
+++ b/1
@ -1 +0,0 @@
 Subproject commit 9902ff808afbcb417c6ad125941343878e3afe11
--- a/sources.txt
+++ b/sources.txt
@ -1,11 +0,0 @@
 ./yesod-routes
 ./yesod-core
 ./yesod-static
 ./yesod-persistent
 ./yesod-newsfeed
 ./yesod-form
 ./yesod-auth
 ./yesod-sitemap
 ./yesod-test
 ./yesod-bin
 ./yesod
--- a/stack.yaml
+++ b/stack.yaml
@ -0,0 +1,19 @@
 resolver: lts-18.3
 packages:
 - ./yesod-core
 - ./yesod-static
 - ./yesod-persistent
 - ./yesod-newsfeed
 - ./yesod-form
 - ./yesod-form-multi
 - ./yesod-auth
 - ./yesod-auth-oauth
 - ./yesod-sitemap
 - ./yesod-test
 - ./yesod-bin
 - ./yesod
 - ./yesod-eventsource
 - ./yesod-websockets
 extra-deps:
 - attoparsec-aeson-2.1.0.0
--- a/stack.yaml.lock
+++ b/stack.yaml.lock
@ -0,0 +1,19 @@
 # This file was autogenerated by Stack.
 # You should not edit this file by hand.
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files
 packages:
 - completed:
    hackage: attoparsec-aeson-2.1.0.0@sha256:fa83aba43bfa58490de8f274d19b9d58b6403a207b12cac5f93922102b084c52,1154
    pantry-tree:
      sha256: 294c3a8a19a7ddad58097e18c624c6b34894b3c4a4cc490759cb31d842db242a
      size: 114
  original:
    hackage: attoparsec-aeson-2.1.0.0
 snapshots:
 - completed:
    sha256: 694573e96dca34db5636edb1fe6c96bb233ca0f9fb96c1ead1671cdfa9bd73e9
    size: 585603
    url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/18/3.yaml
  original: lts-18.3
--- a/yesod-auth-oauth/ChangeLog.md
+++ b/yesod-auth-oauth/ChangeLog.md
@ -0,0 +1,33 @@
 # ChangeLog for yesod-auth-oauth
 ## 1.6.1
 * Allow newer GHC
 ## 1.6.0.3
 * Allow yesod-form 1.7
 ## 1.6.0.2
 * Remove unnecessary deriving of Typeable
 ## 1.6.0.1
 * Compile with GHC 8.6 [#1561](https://github.com/yesodweb/yesod/pull/1561)
 ## 1.6.0
 * Upgrade to yesod-core 1.6.0
 ## 1.4.2
 * Fix warnings
 ## 1.4.1
 * change OAuth Twitter ID, screen_name → user_id [#1168](https://github.com/yesodweb/yesod/pull/1168)
 ## 1.4.0.2
 * Compile with GHC 7.10
--- a/yesod-auth-oauth/README.md
+++ b/yesod-auth-oauth/README.md
@ -0,0 +1,3 @@
 ## yesod-auth-oauth
 Oauth Authentication for Yesod.
--- a/yesod-auth-oauth/Yesod/Auth/OAuth.hs
+++ b/yesod-auth-oauth/Yesod/Auth/OAuth.hs
@ -1,16 +1,22 @@
-{-# LANGUAGE DeriveDataTypeable, OverloadedStrings, QuasiQuotes #-}
+{-# LANGUAGE OverloadedStrings, QuasiQuotes #-}
 {-# LANGUAGE FlexibleContexts #-}
 {-# LANGUAGE LambdaCase #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE GADTs #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 module Yesod.Auth.OAuth
    ( authOAuth
    , oauthUrl
    , authTwitter
    , authTwitterUsingUserId
    , twitterUrl
    , authTumblr
    , tumblrUrl
    , module Web.Authenticate.OAuth
    ) where
-import           Control.Applicative      ((<$>), (<*>))
+import           Control.Applicative      as A ((<$>), (<*>))
 import           Control.Arrow            ((***))
-import           Control.Exception.Lifted
+import           UnliftIO.Exception
 import           Control.Monad.IO.Class
 import           Data.ByteString          (ByteString)
 import           Data.Maybe
@ -18,7 +24,6 @@ import           Data.Text                (Text)
 import qualified Data.Text                as T
 import           Data.Text.Encoding       (decodeUtf8With, encodeUtf8)
 import           Data.Text.Encoding.Error (lenientDecode)
 import           Data.Typeable
 import           Web.Authenticate.OAuth
 import           Yesod.Auth
 import           Yesod.Form
@ -26,33 +31,42 @@ import           Yesod.Core
 data YesodOAuthException = CredentialError String Credential
                         | SessionError String
-                           deriving (Show, Typeable)
+                           deriving Show
 instance Exception YesodOAuthException
 oauthUrl :: Text -> AuthRoute
 oauthUrl name = PluginR name ["forward"]
-authOAuth :: YesodAuth m
+authOAuth :: forall master. YesodAuth master
          => OAuth                        -- ^ 'OAuth' data-type for signing.
-          -> (Credential -> IO (Creds m)) -- ^ How to extract ident.
+          -> (Credential -> IO (Creds master)) -- ^ How to extract ident.
-          -> AuthPlugin m
+          -> AuthPlugin master
 authOAuth oauth mkCreds = AuthPlugin name dispatch login
  where
    name = T.pack $ oauthServerName oauth
    url = PluginR name []
    lookupTokenSecret = bsToText . fromMaybe "" . lookup "oauth_token_secret" . unCredential
    oauthSessionName :: Text
    oauthSessionName = "__oauth_token_secret"
    dispatch
      :: Text
      -> [Text]
      -> AuthHandler master TypedContent
    dispatch "GET" ["forward"] = do
-        render <- lift getUrlRender
+        render <- getUrlRender
        tm <- getRouteToParent
        let oauth' = oauth { oauthCallback = Just $ encodeUtf8 $ render $ tm url }
-        master <- lift getYesod
+        manager <- authHttpManager
-        tok <- lift $ getTemporaryCredential oauth' (authHttpManager master)
+        tok <- getTemporaryCredential oauth' manager
        setSession oauthSessionName $ lookupTokenSecret tok
        redirect $ authorizeUrl oauth' tok
-    dispatch "GET" [] = lift $ do
+    dispatch "GET" [] = do
-      Just tokSec <- lookupSession oauthSessionName
+      tokSec <- lookupSession oauthSessionName >>= \case
        Just t -> return t
        Nothing -> liftIO $ fail "lookupSession could not find session"
      deleteSession oauthSessionName
      reqTok <-
        if oauthVersion oauth == OAuth10
@ -63,34 +77,36 @@ authOAuth oauth mkCreds = AuthPlugin name dispatch login
                                ]
          else do
            (verifier, oaTok) <-
-                runInputGet $ (,) <$> ireq textField "oauth_verifier"
+                runInputGet $ (,) A.<$> ireq textField "oauth_verifier"
-                                  <*> ireq textField "oauth_token"
+                                  A.<*> ireq textField "oauth_token"
            return $ Credential [ ("oauth_verifier", encodeUtf8 verifier)
                                , ("oauth_token", encodeUtf8 oaTok)
                                , ("oauth_token_secret", encodeUtf8 tokSec)
                                ]
-      master <- getYesod
+      manager <- authHttpManager
-      accTok <- getAccessToken oauth reqTok (authHttpManager master)
+      accTok <- getAccessToken oauth reqTok manager
      creds  <- liftIO $ mkCreds accTok
-      setCreds True creds
+      setCredsRedirect creds
    dispatch _ _ = notFound
    login tm = do
        render <- getUrlRender
        let oaUrl = render $ tm $ oauthUrl name
        [whamlet| <a href=#{oaUrl}>Login via #{name} |]
-mkExtractCreds :: YesodAuth m => Text -> String -> Credential -> IO (Creds m)
+mkExtractCreds :: Text -> String -> Credential -> IO (Creds m)
 mkExtractCreds name idName (Credential dic) = do
  let mcrId = decodeUtf8With lenientDecode <$> lookup (encodeUtf8 $ T.pack idName) dic
  case mcrId of
    Just crId -> return $ Creds name crId $ map (bsToText *** bsToText) dic
    Nothing -> throwIO $ CredentialError ("key not found: " ++ idName) (Credential dic)
-authTwitter :: YesodAuth m
+authTwitter' :: YesodAuth m
-            => ByteString -- ^ Consumer Key
+             => ByteString -- ^ Consumer Key
-            -> ByteString -- ^ Consumer Secret
+             -> ByteString -- ^ Consumer Secret
-            -> AuthPlugin m
+             -> String
-authTwitter key secret = authOAuth
+             -> AuthPlugin m
 authTwitter' key secret idName = authOAuth
                (newOAuth { oauthServerName      = "twitter"
                          , oauthRequestUri      = "https://api.twitter.com/oauth/request_token"
                          , oauthAccessTokenUri  = "https://api.twitter.com/oauth/access_token"
@ -100,7 +116,26 @@ authTwitter key secret = authOAuth
                          , oauthConsumerSecret  = secret
                          , oauthVersion         = OAuth10a
                          })
-                (mkExtractCreds "twitter" "screen_name")
+                (mkExtractCreds "twitter" idName)
 -- | This plugin uses Twitter's /screen_name/ as ID, which shouldn't be used for authentication because it is mutable.
 authTwitter :: YesodAuth m
            => ByteString -- ^ Consumer Key
            -> ByteString -- ^ Consumer Secret
            -> AuthPlugin m
 authTwitter key secret = authTwitter' key secret "screen_name"
 {-# DEPRECATED authTwitter "Use authTwitterUsingUserId instead" #-}
 -- | Twitter plugin which uses Twitter's /user_id/ as ID.
 --
 -- For more information, see: https://github.com/yesodweb/yesod/pull/1168
 --
 -- @since 1.4.1
 authTwitterUsingUserId :: YesodAuth m
                  => ByteString -- ^ Consumer Key
                  -> ByteString -- ^ Consumer Secret
                  -> AuthPlugin m
 authTwitterUsingUserId key secret = authTwitter' key secret "user_id"
 twitterUrl :: AuthRoute
 twitterUrl = oauthUrl "twitter"
--- a/yesod-auth-oauth/yesod-auth-oauth.cabal
+++ b/yesod-auth-oauth/yesod-auth-oauth.cabal
@ -1,33 +1,28 @@
 cabal-version:   >= 1.10
 name:            yesod-auth-oauth
-version:         1.2.0
+version:         1.6.1
 license:         BSD3
 license-file:    LICENSE
 author:          Hiromi Ishii
-maintainer:      Hiromi Ishii
+maintainer:      Michael Litchard
 synopsis:        OAuth Authentication for Yesod.
 category:        Web, Yesod
 stability:       Stable
 cabal-version:   >= 1.6.0
 build-type:      Simple
 homepage:        http://www.yesodweb.com/
-description:     Oauth Authentication for Yesod.
+description:     API docs and the README are available at <http://www.stackage.org/package/yesod-auth-oauth>
-
+extra-source-files: README.md ChangeLog.md
 flag ghc7
 library
-    if flag(ghc7)
+    default-language: Haskell2010
-        build-depends:   base                >= 4.3      && < 5
+    build-depends:   authenticate-oauth      >= 1.5       && < 1.8
-        cpp-options:     -DGHC7
+                   , base                    >= 4.10      && < 5
    else
        build-depends:   base                >= 4         && < 4.3
    build-depends:   authenticate-oauth      >= 1.4       && < 1.5
                   , bytestring              >= 0.9.1.4
-                   , yesod-core              >= 1.2       && < 1.3
+                   , text                    >= 0.7
-                   , yesod-auth              >= 1.2       && < 1.3
+                   , unliftio
-                   , text                    >= 0.7       && < 0.12
+                   , yesod-auth              >= 1.6       && < 1.7
-                   , yesod-form              >= 1.3       && < 1.4
+                   , yesod-core              >= 1.6       && < 1.7
-                   , transformers            >= 0.2.2     && < 0.4
+                   , yesod-form              >= 1.6       && < 1.8
                   , lifted-base             >= 0.2       && < 0.3
    exposed-modules: Yesod.Auth.OAuth
    ghc-options:     -Wall
--- a/yesod-auth/ChangeLog.md
+++ b/yesod-auth/ChangeLog.md
@ -0,0 +1,225 @@
 # ChangeLog for yesod-auth
 ## 1.6.11.2
 * Add support for aeson 2.2 [#1820](https://github.com/yesodweb/yesod/pull/1820)
 ## 1.6.11.1
 * No star is type [#1797](https://github.com/yesodweb/yesod/pull/1797)
 ## 1.6.11
 * Add support for aeson 2
 ## 1.6.10.5
 * Fix German translations of AuthMessage [#1741](https://github.com/yesodweb/yesod/pull/1741)
 ## 1.6.10.4
 * Add support for GHC 9 [#1737](https://github.com/yesodweb/yesod/pull/1737)
 ## 1.6.10.3
 * Relax bounds for yesod-form 1.7
 ## 1.6.10.2
 * Relax bounds for persistent 2.12
 ## 1.6.10.1
 * Add support for Persistent 2.11 [#1701](https://github.com/yesodweb/yesod/pull/1701)
 ## 1.6.10
 * Updated `AuthMessage` data type in `Yesod.Auth.Message` to accommodate registration flow where password is supplied initially: deprecated `AddressVerified` and split into `EmailVerifiedChangePass` and `EmailVerified`
 * Fixed a bug in `getVerifyR` related to the above, where the incorrect message was displayed when password was set during registration
 * Added `sendForgotPasswordEmail` to `YesodAuthEmail` typeclass, allowing for different emails for account registration vs. forgot password
 * See pull request [#1662](https://github.com/yesodweb/yesod/pull/1662)
 ## 1.6.9
 * Added `registerHelper` and `passwordResetHelper` methods to the `YesodAuthEmail` class, allowing for customizing behavior for user registration and forgot password requests [#1660](https://github.com/yesodweb/yesod/pull/1660)
 * Exposed `defaultRegisterHelper` as default implementation for the above methods
 ## 1.6.8.1
 * Email: Fix typo in `defaultEmailLoginHandler` template [#1605](https://github.com/yesodweb/yesod/pull/1605)
 * Remove unnecessary deriving of Typeable
 ## 1.6.8
 * Dummy: Add support for JSON submissions [#1619](https://github.com/yesodweb/yesod/pull/1619)
 ## 1.6.7
 * Redirect behavior of `clearCreds` depends on request type [#1598](https://github.com/yesodweb/yesod/pull/1598)
 ## 1.6.6
 * Deprecated `Yesod.Auth.GoogleEmail2`, see [#1579](https://github.com/yesodweb/yesod/issues/1579) and [migration blog post](https://pbrisbin.com/posts/googleemail2_deprecation/)
 ## 1.6.5
 * Add support for persistent 2.9 [#1516](https://github.com/yesodweb/yesod/pull/1516), [#1561](https://github.com/yesodweb/yesod/pull/1561)
 ## 1.6.4.1
 * Email: Fix forgot-password endpoint [#1537](https://github.com/yesodweb/yesod/pull/1537)
 ## 1.6.4
 * Make `registerHelper` configurable [#1524](https://github.com/yesodweb/yesod/issues/1524)
 * Email: Immediately register with a password [#1389](https://github.com/yesodweb/yesod/issues/1389)
 To configure this new functionality:
  1. Define `addUnverifiedWithPass`, e.g:
  ```
  addUnverified email verkey = liftHandler $ runDB $ do
    void $ insert $ UserLogin email Nothing (Just verkey) False
    return email
  addUnverifiedWithPass email verkey pass = liftHandler $ runDB $ do
    void $ insert $ UserLogin email (Just pass) (Just verkey) False
    return email
  ```
  2. Add a `password` field to your client forms.
 ## 1.6.3
 * Generalize GoogleEmail2.getPerson [#1501](https://github.com/yesodweb/yesod/pull/1501)
 ## 1.6.2
 * Remove MINIMAL praggma for authHttpManager [#1489](https://github.com/yesodweb/yesod/issues/1489)
 ## 1.6.1
 * Relax a number of type signatures [#1488](https://github.com/yesodweb/yesod/issues/1488)
 ## 1.6.0
 * Upgrade to yesod-core 1.6.0
 ## 1.4.21
 * Add redirectToCurrent to Yesod.Auth module for controlling setUltDestCurrent in redirectLogin [#1461](https://github.com/yesodweb/yesod/pull/1461)
 ## 1.4.20
 * Extend `YesodAuthEmail` to support extensible password hashing via
  `hashAndSaltPassword` and `verifyPassword` functions
 ## 1.4.19
 * Adjust English localization to distinguish between "log in" (verb) and "login" (noun)
 ## 1.4.18
 * Expose Yesod.Auth.Util.PasswordStore
 ## 1.4.17.3
 * Some translation fixes
 ## 1.4.17.2
 * Move to cryptonite from cryptohash
 ## 1.4.17.1
 * Some translation fixes
 ## 1.4.17
 * Add Show instance for user credentials `Creds`
 * Export pid type for identifying plugin
 * Fix warnings
 * Allow for a custom Email Login DOM with `emailLoginHandler`
 ## 1.4.16
 * Fix email provider [#1330](https://github.com/yesodweb/yesod/issues/1330)
 * Document JSON endpoints of Yesod.Auth.Email
 ## 1.4.15
 * Add JSON endpoints to Yesod.Auth.Email module
 * Export croatianMessage from Message module
 * Minor Haddock rendering fixes at Auth.Email module
 ## 1.4.14
 * Remove Google OpenID link [#1309](https://github.com/yesodweb/yesod/pull/1309)
 * Add CSRF Security check in `registerHelperFunction` [#1302](https://github.com/yesodweb/yesod/pull/1302)
 ## 1.4.13.5
 * Translation fix
 ## 1.4.13.4
 * Improved translations
 * peristent 2.6
 ## 1.4.13.3
 * Doc update (and a warning)
 ## 1.4.13.1
 * Add CSRF token to login form from `Yesod.Auth.Dummy` [#1205](https://github.com/yesodweb/yesod/pull/1205)
 ## 1.4.13
 * Add a CSRF token to the login form from `Yesod.Auth.Hardcoded`, making it compatible with the CSRF middleware [#1161](https://github.com/yesodweb/yesod/pull/1161)
 * Multiple session messages. [#1187](https://github.com/yesodweb/yesod/pull/1187)
 ## 1.4.12
 * Deprecated Yesod.Auth.GoogleEmail
 ## 1.4.11
 Add Yesod.Auth.Hardcoded
 ## 1.4.9
 * Expose defaultLoginHandler
 ## 1.4.8
 * GoogleEmail2: proper error message when permission denied
 ## 1.4.7
 * add a runHttpRequest function for handling HTTP errors
 ## 1.4.6
 * Use nonce package to generate verification keys and CSRF tokens [#1011](https://github.com/yesodweb/yesod/pull/1011)
 ## 1.4.5
 * Adds export of email verify route [#980](https://github.com/yesodweb/yesod/pull/980)
 ## 1.4.4
 * Add AuthenticationResult and authenticate function [#959](https://github.com/yesodweb/yesod/pull/959)
 ## 1.4.3
 * Added means to fetch user's Google profile [#936](https://github.com/yesodweb/yesod/pull/936)
 ## 1.4.2
 * Perform `onLogout` before session cleaning [#923](https://github.com/yesodweb/yesod/pull/923)
 ## 1.4.1.3
 [Updated french translation of Yesod.Auth.Message. #904](https://github.com/yesodweb/yesod/pull/904)
 ## 1.4.1
 Dutch translation added.
--- a/yesod-auth/README
+++ b/yesod-auth/README
--- a/yesod-auth/README.md
+++ b/yesod-auth/README.md
@ -0,0 +1,12 @@
 ## yesod-auth
 This package provides a pluggable mechanism for allowing users to authenticate
 with your site. It comes with a number of common plugins, such as OpenID,
 BrowserID (a.k.a., Mozilla Persona), and email. Other packages are available
 from Hackage as well. If you've written such an add-on, please notify me so
 that it can be added to this description.
 * [yesod-auth-oauth2](https://hackage.haskell.org/package/yesod-auth-oauth2): Library to authenticate with OAuth 2.0.
 * [yesod-auth-account](http://hackage.haskell.org/package/yesod-auth-account): An account authentication plugin for Yesod
 * [yesod-auth-hashdb](http://www.stackage.org/package/yesod-auth-hashdb): The HashDB module previously packaged in yesod-auth, now with stronger, but compatible, security.
 * [yesod-auth-bcrypt](https://hackage.haskell.org/package/yesod-auth-bcrypt): An alternative to the HashDB module.
--- a/yesod-auth/Yesod/Auth.hs
+++ b/yesod-auth/Yesod/Auth.hs
@ -1,4 +1,5 @@
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE ViewPatterns #-}
 {-# LANGUAGE ConstraintKinds #-}
 {-# LANGUAGE DefaultSignatures #-}
 {-# LANGUAGE QuasiQuotes, TypeFamilies, TemplateHaskell #-}
@ -7,7 +8,7 @@
 {-# LANGUAGE MultiParamTypeClasses #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE UndecidableInstances #-}
 {-# OPTIONS_GHC -fno-warn-orphans #-}
 module Yesod.Auth
    ( -- * Subsite
@ -17,40 +18,50 @@ module Yesod.Auth
    , AuthPlugin (..)
    , getAuth
    , YesodAuth (..)
-    , YesodAuthPersist
+    , YesodAuthPersist (..)
    , AuthEntity
      -- * Plugin interface
    , Creds (..)
    , setCreds
    , setCredsRedirect
    , clearCreds
    , loginErrorMessage
    , loginErrorMessageI
      -- * User functions
    , AuthenticationResult (..)
    , defaultMaybeAuthId
    , defaultLoginHandler
    , maybeAuthPair
    , maybeAuth
    , requireAuthId
    , requireAuthPair
    , requireAuth
      -- * Exception
    , AuthException (..)
      -- * Helper
    , MonadAuthHandler
    , AuthHandler
      -- * Internal
    , credsKey
    , provideJsonMessage
    , messageJson401
    , asHtml
    ) where
 import Control.Monad                 (when)
 import Control.Monad.Trans.Maybe
 import UnliftIO                      (withRunInIO, MonadUnliftIO)
 import Yesod.Auth.Routes
 import Data.Aeson
 import Data.Text.Encoding (decodeUtf8With)
 import Data.Text.Encoding.Error (lenientDecode)
 import           Data.Text (Text)
 import qualified Data.Text as T
 import qualified Data.HashMap.Lazy as Map
 import Data.Monoid (Endo)
-import Network.HTTP.Conduit (Manager)
+import Network.HTTP.Client (Manager, Request, withResponse, Response, BodyReader)
 import Network.HTTP.Client.TLS (getGlobalManager)
 import qualified Network.Wai as W
 import Text.Hamlet (shamlet)
 import Yesod.Core
 import Yesod.Persist
@ -59,21 +70,31 @@ import qualified Yesod.Auth.Message as Msg
 import Yesod.Form (FormMessage)
 import Data.Typeable (Typeable)
 import Control.Exception (Exception)
-import Network.HTTP.Types          (unauthorized401)
+import Network.HTTP.Types (Status, internalServerError500, unauthorized401)
 import Control.Monad.Trans.Resource (MonadResourceBase)
 import qualified Control.Monad.Trans.Writer    as Writer
 import Control.Monad (void)
 import Data.Kind (Type)
 type AuthRoute = Route Auth
-type AuthHandler master a = YesodAuth master => HandlerT Auth (HandlerT master IO) a
+type MonadAuthHandler master m = (MonadHandler m, YesodAuth master, master ~ HandlerSite m, Auth ~ SubHandlerSite m, MonadUnliftIO m)
 type AuthHandler master a = forall m. MonadAuthHandler master m => m a
 type Method = Text
 type Piece = Text
 -- | The result of an authentication based on credentials
 --
 -- @since 1.4.4
 data AuthenticationResult master
    = Authenticated (AuthId master) -- ^ Authenticated successfully
    | UserError AuthMessage         -- ^ Invalid credentials provided by user
    | ServerError Text              -- ^ Some other error
 data AuthPlugin master = AuthPlugin
    { apName :: Text
-    , apDispatch :: Method -> [Piece] -> AuthHandler master ()
+    , apDispatch :: Method -> [Piece] -> AuthHandler master TypedContent
-    , apLogin :: (Route Auth -> Route master) -> WidgetT master IO ()
+    , apLogin :: (Route Auth -> Route master) -> WidgetFor master ()
    }
 getAuth :: a -> Auth
@ -84,11 +105,15 @@ data Creds master = Creds
    { credsPlugin :: Text -- ^ How the user was authenticated
    , credsIdent :: Text -- ^ Identifier. Exact meaning depends on plugin.
    , credsExtra :: [(Text, Text)]
-    }
+    } deriving (Show)
 class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage) => YesodAuth master where
    type AuthId master
    -- | specify the layout. Uses defaultLayout by default
    authLayout :: (MonadHandler m, HandlerSite m ~ master) => WidgetFor master () -> m Html
    authLayout = liftHandler . defaultLayout
    -- | Default destination on successful login, if no other
    -- destination exists.
    loginDest :: master -> Route master
@ -97,20 +122,53 @@ class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage
    -- destination exists.
    logoutDest :: master -> Route master
    -- | Perform authentication based on the given credentials.
    --
    -- Default implementation is in terms of @'getAuthId'@
    --
    -- @since: 1.4.4
    authenticate :: (MonadHandler m, HandlerSite m ~ master) => Creds master -> m (AuthenticationResult master)
    authenticate creds = do
        muid <- getAuthId creds
        return $ maybe (UserError Msg.InvalidLogin) Authenticated muid
    -- | Determine the ID associated with the set of credentials.
-    getAuthId :: Creds master -> HandlerT master IO (Maybe (AuthId master))
+    --
    -- Default implementation is in terms of @'authenticate'@
    --
    getAuthId :: (MonadHandler m, HandlerSite m ~ master) => Creds master -> m (Maybe (AuthId master))
    getAuthId creds = do
        auth <- authenticate creds
        return $ case auth of
            Authenticated auid -> Just auid
            _ -> Nothing
    -- | Which authentication backends to use.
    authPlugins :: master -> [AuthPlugin master]
    -- | What to show on the login page.
-    loginHandler :: AuthHandler master RepHtml
+    --
-    loginHandler = do
+    -- By default this calls 'defaultLoginHandler', which concatenates
-        tp <- getRouteToParent
+    -- plugin widgets and wraps the result in 'authLayout'. Override if
-        lift $ defaultLayout $ do
+    -- you need fancy widget containers, additional functionality, or an
-            setTitleI Msg.LoginTitle
+    -- entirely custom page.  For example, in some applications you may
-            master <- getYesod
+    -- want to prevent the login page being displayed for a user who is
-            mapM_ (flip apLogin tp) (authPlugins master)
+    -- already logged in, even if the URL is visited explicitly; this can
    -- be done by overriding 'loginHandler' in your instance declaration
    -- with something like:
    --
    -- > instance YesodAuth App where
    -- >     ...
    -- >     loginHandler = do
    -- >         ma <- lift maybeAuthId
    -- >         when (isJust ma) $
    -- >             lift $ redirect HomeR   -- or any other Handler code you want
    -- >         defaultLoginHandler
    --
    loginHandler :: AuthHandler master Html
    loginHandler = defaultLoginHandler
    -- | Used for i18n of messages provided by this package.
    renderAuthMessage :: master
@ -124,19 +182,27 @@ class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage
    redirectToReferer :: master -> Bool
    redirectToReferer _ = False
    -- | When being redirected to the login page should the current page
    -- be set to redirect back to. Default is 'True'.
    --
    -- @since 1.4.21
    redirectToCurrent :: master -> Bool
    redirectToCurrent _ = True
    -- | Return an HTTP connection manager that is stored in the foundation
    -- type. This allows backends to reuse persistent connections. If none of
    -- the backends you're using use HTTP connections, you can safely return
    -- @error \"authHttpManager\"@ here.
-    authHttpManager :: master -> Manager
+    authHttpManager :: (MonadHandler m, HandlerSite m ~ master) => m Manager
    authHttpManager = liftIO getGlobalManager
    -- | Called on a successful login. By default, calls
-    -- @setMessageI NowLoggedIn@.
+    -- @addMessageI "success" NowLoggedIn@.
-    onLogin :: HandlerT master IO ()
+    onLogin :: (MonadHandler m, master ~ HandlerSite m) => m ()
-    onLogin = setMessageI Msg.NowLoggedIn
+    onLogin = addMessageI "success" Msg.NowLoggedIn
    -- | Called on logout. By default, does nothing
-    onLogout :: HandlerT master IO ()
+    onLogout :: (MonadHandler m, master ~ HandlerSite m) => m ()
    onLogout = return ()
    -- | Retrieves user credentials, if user is authenticated.
@ -147,153 +213,232 @@ class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage
    -- especially useful for creating an API to be accessed via some means
    -- other than a browser.
    --
-    -- Since 1.2.0
+    -- @since 1.2.0
-    maybeAuthId :: HandlerT master IO (Maybe (AuthId master))
+    maybeAuthId :: (MonadHandler m, master ~ HandlerSite m) => m (Maybe (AuthId master))
    default maybeAuthId
-        :: ( YesodAuth master
+        :: (MonadHandler m, master ~ HandlerSite m, YesodAuthPersist master, Typeable (AuthEntity master))
-           , PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val
+        => m (Maybe (AuthId master))
           , b ~ YesodPersistBackend master
           , Key val ~ AuthId master
           , PersistStore (b (HandlerT master IO))
           , PersistEntity val
           , YesodPersist master
           , Typeable val
           )
        => HandlerT master IO (Maybe (AuthId master))
    maybeAuthId = defaultMaybeAuthId
    -- | Called on login error for HTTP requests. By default, calls
    -- @addMessage@ with "error" as status and redirects to @dest@.
    onErrorHtml :: (MonadHandler m, HandlerSite m ~ master) => Route master -> Text -> m Html
    onErrorHtml dest msg = do
        addMessage "error" $ toHtml msg
        fmap asHtml $ redirect dest
    -- | runHttpRequest gives you a chance to handle an HttpException and retry
    --  The default behavior is to simply execute the request which will throw an exception on failure
    --
    --  The HTTP 'Request' is given in case it is useful to change behavior based on inspecting the request.
    --  This is an experimental API that is not broadly used throughout the yesod-auth code base
    runHttpRequest
      :: (MonadHandler m, HandlerSite m ~ master, MonadUnliftIO m)
      => Request
      -> (Response BodyReader -> m a)
      -> m a
    runHttpRequest req inner = do
      man <- authHttpManager
      withRunInIO $ \run -> withResponse req man $ run . inner
    {-# MINIMAL loginDest, logoutDest, (authenticate | getAuthId), authPlugins #-}
 {-# DEPRECATED getAuthId "Define 'authenticate' instead; 'getAuthId' will be removed in the next major version" #-}
 -- | Internal session key used to hold the authentication information.
 --
 -- @since 1.2.3
 credsKey :: Text
 credsKey = "_ID"
 -- | Retrieves user credentials from the session, if user is authenticated.
 --
 -- This function does /not/ confirm that the credentials are valid, see
-- 'maybeAuthIdRaw' for more information.
+-- 'maybeAuthIdRaw' for more information. The first call in a request
 -- does a database request to make sure that the account is still in the database.
 --
-- Since 1.1.2
+-- @since 1.1.2
 defaultMaybeAuthId
-          :: ( YesodAuth master
+    :: (MonadHandler m, HandlerSite m ~ master, YesodAuthPersist master, Typeable (AuthEntity master))
-             , PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val
+    => m (Maybe (AuthId master))
-             , b ~ YesodPersistBackend master
+defaultMaybeAuthId = runMaybeT $ do
-             , Key val ~ AuthId master
+    s   <- MaybeT $ lookupSession credsKey
-             , PersistStore (b (HandlerT master IO))
+    aid <- MaybeT $ return $ fromPathPiece s
-             , PersistEntity val
+    _   <- MaybeT $ cachedAuth aid
-             , YesodPersist master
+    return aid
             , Typeable val
             ) => HandlerT master IO (Maybe (AuthId master))
 defaultMaybeAuthId = do
    ms <- lookupSession credsKey
    case ms of
        Nothing -> return Nothing
        Just s ->
            case fromPathPiece s of
                Nothing -> return Nothing
                Just aid -> fmap (fmap entityKey) $ cachedAuth aid
-cachedAuth :: ( YesodAuth master
+cachedAuth
-             , PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val
+    :: ( MonadHandler m
-             , b ~ YesodPersistBackend master
+       , YesodAuthPersist master
-             , Key val ~ AuthId master
+       , Typeable (AuthEntity master)
-             , PersistStore (b (HandlerT master IO))
+       , HandlerSite m ~ master
-             , PersistEntity val
+       )
-             , YesodPersist master
+    => AuthId master
-             , Typeable val
+    -> m (Maybe (AuthEntity master))
-             ) => AuthId master -> HandlerT master IO (Maybe (Entity val))
+cachedAuth
-cachedAuth aid = runMaybeT $ do
+    = fmap unCachedMaybeAuth
-    a <- MaybeT $ fmap unCachedMaybeAuth
+    . cached
-                $ cached
+    . fmap CachedMaybeAuth
-                $ fmap CachedMaybeAuth
+    . getAuthEntity
                $ runDB
                $ get aid
    return $ Entity aid a
-loginErrorMessageI :: (MonadResourceBase m, YesodAuth master)
+-- | Default handler to show the login page.
-                   => Route child
+--
-                   -> AuthMessage
+-- This is the default 'loginHandler'.  It concatenates plugin widgets and
-                   -> HandlerT child (HandlerT master m) a
+-- wraps the result in 'authLayout'.  See 'loginHandler' for more details.
 --
 -- @since 1.4.9
 defaultLoginHandler :: AuthHandler master Html
 defaultLoginHandler = do
    tp <- getRouteToParent
    authLayout $ do
        setTitleI Msg.LoginTitle
        master <- getYesod
        mapM_ (flip apLogin tp) (authPlugins master)
 loginErrorMessageI
  :: Route Auth
  -> AuthMessage
  -> AuthHandler master TypedContent
 loginErrorMessageI dest msg = do
  toParent <- getRouteToParent
-  lift $ loginErrorMessageMasterI (toParent dest) msg
+  loginErrorMessageMasterI (toParent dest) msg
-loginErrorMessageMasterI :: (YesodAuth master, MonadResourceBase m, RenderMessage master AuthMessage)
+loginErrorMessageMasterI
-         => Route master
+  :: (MonadHandler m, HandlerSite m ~ master, YesodAuth master)
-         -> AuthMessage
+  => Route master
-         -> HandlerT master m a
+  -> AuthMessage
  -> m TypedContent
 loginErrorMessageMasterI dest msg = do
  mr <- getMessageRender
  loginErrorMessage dest (mr msg)
 -- | For HTML, set the message and redirect to the route.
 -- For JSON, send the message and a 401 status
-loginErrorMessage :: MonadResourceBase m
+loginErrorMessage
-         => Route site
+         :: (MonadHandler m, YesodAuth (HandlerSite m))
         => Route (HandlerSite m)
         -> Text
-         -> HandlerT site m a
+         -> m TypedContent
-loginErrorMessage dest msg =
+loginErrorMessage dest msg = messageJson401 msg (onErrorHtml dest msg)
-  sendResponseStatus unauthorized401 =<< (
+
-    selectRep $ do
+messageJson401
-      provideRep $ do
+  :: MonadHandler m
-          setMessage $ toHtml msg
+  => Text
-          fmap asHtml $ redirect dest
+  -> m Html
-      provideJsonMessage msg
+  -> m TypedContent
-  )
+messageJson401 = messageJsonStatus unauthorized401
-  where
+
-    asHtml :: Html -> Html
+messageJson500 :: MonadHandler m => Text -> m Html -> m TypedContent
-    asHtml = id
+messageJson500 = messageJsonStatus internalServerError500
 messageJsonStatus
  :: MonadHandler m
  => Status
  -> Text
  -> m Html
  -> m TypedContent
 messageJsonStatus status msg html = selectRep $ do
    provideRep html
    provideRep $ do
        let obj = object ["message" .= msg]
        void $ sendResponseStatus status obj
        return obj
 provideJsonMessage :: Monad m => Text -> Writer.Writer (Endo [ProvidedRep m]) ()
 provideJsonMessage msg = provideRep $ return $ object ["message" .= msg]
-- | Sets user credentials for the session after checking them with authentication backends.
+setCredsRedirect
-setCreds :: YesodAuth master
+  :: (MonadHandler m, YesodAuth (HandlerSite m))
-         => Bool         -- ^ if HTTP redirects should be done
+  => Creds (HandlerSite m) -- ^ new credentials
-         -> Creds master -- ^ new credentials
+  -> m TypedContent
-         -> HandlerT master IO ()
+setCredsRedirect creds = do
 setCreds doRedirects creds = do
    y    <- getYesod
-    maid <- getAuthId creds
+    auth <- authenticate creds
-    case maid of
+    case auth of
-        Nothing -> when doRedirects $ do
+        Authenticated aid -> do
            setSession credsKey $ toPathPiece aid
            onLogin
            res <- selectRep $ do
                provideRepType typeHtml $
                    fmap asHtml $ redirectUltDest $ loginDest y
                provideJsonMessage "Login Successful"
            sendResponse res
        UserError msg ->
            case authRoute y of
                Nothing -> do
-                    sendResponseStatus unauthorized401 =<< (
+                    msg' <- renderMessage' msg
-                      selectRep $ do
+                    messageJson401 msg' $ authLayout $ -- TODO
-                        provideRep $ defaultLayout $ toWidget [shamlet|<h1>Invalid login|]
+                        toWidget [whamlet|<h1>_{msg}|]
-                        provideJsonMessage "Invalid Login"
+                Just ar -> loginErrorMessageMasterI ar msg
-                      )
+
-                Just ar -> loginErrorMessageMasterI ar Msg.InvalidLogin
+        ServerError msg -> do
-        Just aid -> do
+            $(logError) msg
-            setSession credsKey $ toPathPiece aid
+
-            when doRedirects $ do
+            case authRoute y of
-              onLogin
+                Nothing -> do
-              res <- selectRep $ do
+                    msg' <- renderMessage' Msg.AuthError
-                  provideRepType typeHtml $ do
+                    messageJson500 msg' $ authLayout $
-                      _ <- redirectUltDest $ loginDest y
+                        toWidget [whamlet|<h1>_{Msg.AuthError}|]
-                      return ()
+                Just ar -> loginErrorMessageMasterI ar Msg.AuthError
-                  provideJsonMessage "Login Successful"
+
-              sendResponse res
+  where
    renderMessage' msg = do
        langs <- languages
        master <- getYesod
        return $ renderAuthMessage master langs msg
 -- | Sets user credentials for the session after checking them with authentication backends.
 setCreds :: (MonadHandler m, YesodAuth (HandlerSite m))
         => Bool                  -- ^ if HTTP redirects should be done
         -> Creds (HandlerSite m) -- ^ new credentials
         -> m ()
 setCreds doRedirects creds =
    if doRedirects
      then void $ setCredsRedirect creds
      else do auth <- authenticate creds
              case auth of
                  Authenticated aid -> setSession credsKey $ toPathPiece aid
                  _ -> return ()
 -- | same as defaultLayoutJson, but uses authLayout
 authLayoutJson
  :: (ToJSON j, MonadAuthHandler master m)
  => WidgetFor master ()  -- ^ HTML
  -> m j  -- ^ JSON
  -> m TypedContent
 authLayoutJson w json = selectRep $ do
    provideRep $ authLayout w
    provideRep $ fmap toJSON json
 -- | Clears current user credentials for the session.
 --
-- Since 1.1.7
+-- @since 1.1.7
-clearCreds :: YesodAuth master
+clearCreds :: (MonadHandler m, YesodAuth (HandlerSite m))
-           => Bool -- ^ if HTTP redirect to 'logoutDest' should be done
+           => Bool -- ^ if HTTP, redirect to 'logoutDest'
-           -> HandlerT master IO ()
+           -> m ()
 clearCreds doRedirects = do
-    y <- getYesod
+    onLogout
    deleteSession credsKey
-    when doRedirects $ do
+    y  <- getYesod
-        onLogout
+    aj <- acceptsJson
-        redirectUltDest $ logoutDest y
+    case (aj, doRedirects) of
      (True, _)               -> sendResponse successfulLogout
      (False, True)           -> redirectUltDest (logoutDest y)
      _                       -> return ()
    where successfulLogout = object ["message" .= msg]
          msg :: Text
          msg = "Logged out successfully!"
 getCheckR :: AuthHandler master TypedContent
-getCheckR = lift $ do
+getCheckR = do
    creds <- maybeAuthId
-    defaultLayoutJson (do
+    authLayoutJson (do
        setTitle "Authentication Status"
        toWidget $ html' creds) (return $ jsonCreds creds)
  where
@ -307,89 +452,151 @@ $nothing
    <p>Not logged in.
 |]
    jsonCreds creds =
-        Object $ Map.fromList
+        toJSON $ Map.fromList
            [ (T.pack "logged_in", Bool $ maybe False (const True) creds)
            ]
-setUltDestReferer' :: AuthHandler master ()
+setUltDestReferer' :: (MonadHandler m, YesodAuth (HandlerSite m)) => m ()
-setUltDestReferer' = lift $ do
+setUltDestReferer' = do
    master <- getYesod
    when (redirectToReferer master) setUltDestReferer
-getLoginR :: AuthHandler master RepHtml
+getLoginR :: AuthHandler master Html
 getLoginR = setUltDestReferer' >> loginHandler
 getLogoutR :: AuthHandler master ()
-getLogoutR = setUltDestReferer' >> redirectToPost LogoutR
+getLogoutR = do
  tp <- getRouteToParent
  setUltDestReferer' >> redirectToPost (tp LogoutR)
 postLogoutR :: AuthHandler master ()
-postLogoutR = lift $ clearCreds True
+postLogoutR = clearCreds True
-handlePluginR :: Text -> [Text] -> AuthHandler master ()
+handlePluginR :: Text -> [Text] -> AuthHandler master TypedContent
 handlePluginR plugin pieces = do
-    master <- lift getYesod
+    master <- getYesod
    env <- waiRequest
    let method = decodeUtf8With lenientDecode $ W.requestMethod env
    case filter (\x -> apName x == plugin) (authPlugins master) of
        [] -> notFound
        ap:_ -> apDispatch ap method pieces
-maybeAuth :: ( YesodAuth master
+-- | Similar to 'maybeAuthId', but additionally look up the value associated
-             , PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val
+-- with the user\'s database identifier to get the value in the database. This
-             , b ~ YesodPersistBackend master
+-- assumes that you are using a Persistent database.
 --
 -- @since 1.1.0
 maybeAuth :: ( YesodAuthPersist master
             , val ~ AuthEntity master
             , Key val ~ AuthId master
             , PersistStore (b (HandlerT master IO))
             , PersistEntity val
             , YesodPersist master
             , Typeable val
-             ) => HandlerT master IO (Maybe (Entity val))
+             , MonadHandler m
-maybeAuth = runMaybeT $ do
+             , HandlerSite m ~ master
             ) => m (Maybe (Entity val))
 maybeAuth = fmap (fmap (uncurry Entity)) maybeAuthPair
 -- | Similar to 'maybeAuth', but doesn’t assume that you are using a
 -- Persistent database.
 --
 -- @since 1.4.0
 maybeAuthPair
  :: ( YesodAuthPersist master
     , Typeable (AuthEntity master)
     , MonadHandler m
     , HandlerSite m ~ master
     )
  => m (Maybe (AuthId master, AuthEntity master))
 maybeAuthPair = runMaybeT $ do
    aid <- MaybeT maybeAuthId
-    MaybeT $ cachedAuth aid
+    ae  <- MaybeT $ cachedAuth aid
    return (aid, ae)
 newtype CachedMaybeAuth val = CachedMaybeAuth { unCachedMaybeAuth :: Maybe val }
    deriving Typeable
-- | Constraint which states that the given site is an instance of @YesodAuth@
+-- | Class which states that the given site is an instance of @YesodAuth@
-- and that its @AuthId@ is in fact a persistent @Key@ for the given value.
+-- and that its @AuthId@ is a lookup key for the full user information in
-- This is the common case in Yesod, and means that you can easily look up the
+-- a @YesodPersist@ database.
 -- full informatin on a given user.
 --
-- Since 1.2.0
+-- The default implementation of @getAuthEntity@ assumes that the @AuthId@
-type YesodAuthPersist master =
+-- for the @YesodAuth@ superclass is in fact a persistent @Key@ for the
-    ( YesodAuth master
+-- given value.  This is the common case in Yesod, and means that you can
-    , PersistMonadBackend (YesodPersistBackend master (HandlerT master IO))
+-- easily look up the full information on a given user.
-        ~ PersistEntityBackend (AuthEntity master)
+--
-    , Key (AuthEntity master) ~ AuthId master
+-- @since 1.4.0
-    , PersistStore (YesodPersistBackend master (HandlerT master IO))
+class (YesodAuth master, YesodPersist master) => YesodAuthPersist master where
-    , PersistEntity (AuthEntity master)
+    -- | If the @AuthId@ for a given site is a persistent ID, this will give the
-    , YesodPersist master
+    -- value for that entity. E.g.:
-    , Typeable (AuthEntity master)
+    --
-    )
+    -- > type AuthId MySite = UserId
    -- > AuthEntity MySite ~ User
    --
    -- @since 1.2.0
    type AuthEntity master :: Type
    type AuthEntity master = KeyEntity (AuthId master)
-- | If the @AuthId@ for a given site is a persistent ID, this will give the
+    getAuthEntity :: (MonadHandler m, HandlerSite m ~ master)
-- value for that entity. E.g.:
+                  => AuthId master -> m (Maybe (AuthEntity master))
--
+
-- > type AuthId MySite = UserId
+    default getAuthEntity
-- > AuthEntity MySite ~ User
+        :: ( YesodPersistBackend master ~ backend
--
+           , PersistRecordBackend (AuthEntity master) backend
-- Since 1.2.0
+           , Key (AuthEntity master) ~ AuthId master
-type AuthEntity master = KeyEntity (AuthId master)
+           , PersistStore backend
           , MonadHandler m
           , HandlerSite m ~ master
           )
        => AuthId master -> m (Maybe (AuthEntity master))
    getAuthEntity = liftHandler . runDB . get
 type family KeyEntity key
 type instance KeyEntity (Key x) = x
 -- | Similar to 'maybeAuthId', but redirects to a login page if user is not
-- authenticated.
+-- authenticated or responds with error 401 if this is an API client (expecting JSON).
 --
-- Since 1.1.0
+-- @since 1.1.0
-requireAuthId :: YesodAuthPersist master => HandlerT master IO (AuthId master)
+requireAuthId :: (MonadHandler m, YesodAuth (HandlerSite m)) => m (AuthId (HandlerSite m))
-requireAuthId = maybeAuthId >>= maybe redirectLogin return
+requireAuthId = maybeAuthId >>= maybe handleAuthLack return
-requireAuth :: YesodAuthPersist master => HandlerT master IO (Entity (AuthEntity master))
+-- | Similar to 'maybeAuth', but redirects to a login page if user is not
-requireAuth = maybeAuth >>= maybe redirectLogin return
+-- authenticated or responds with error 401 if this is an API client (expecting JSON).
 --
 -- @since 1.1.0
 requireAuth :: ( YesodAuthPersist master
               , val ~ AuthEntity master
               , Key val ~ AuthId master
               , PersistEntity val
               , Typeable val
               , MonadHandler m
               , HandlerSite m ~ master
               ) => m (Entity val)
 requireAuth = maybeAuth >>= maybe handleAuthLack return
-redirectLogin :: Yesod master => HandlerT master IO a
+-- | Similar to 'requireAuth', but not tied to Persistent's 'Entity' type.
 -- Instead, the 'AuthId' and 'AuthEntity' are returned in a tuple.
 --
 -- @since 1.4.0
 requireAuthPair
  :: ( YesodAuthPersist master
     , Typeable (AuthEntity master)
     , MonadHandler m
     , HandlerSite m ~ master
     )
  => m (AuthId master, AuthEntity master)
 requireAuthPair = maybeAuthPair >>= maybe handleAuthLack return
 handleAuthLack :: (YesodAuth (HandlerSite m), MonadHandler m) => m a
 handleAuthLack = do
    aj <- acceptsJson
    if aj then notAuthenticated else redirectLogin
 redirectLogin :: (YesodAuth (HandlerSite m), MonadHandler m) => m a
 redirectLogin = do
    y <- getYesod
-    setUltDestCurrent
+    when (redirectToCurrent y) setUltDestCurrent
    case authRoute y of
        Just z -> redirect z
        Nothing -> permissionDenied "Please configure authRoute"
@ -398,8 +605,11 @@ instance YesodAuth master => RenderMessage master AuthMessage where
    renderMessage = renderAuthMessage
 data AuthException = InvalidFacebookResponse
-    deriving (Show, Typeable)
+    deriving Show
 instance Exception AuthException
-instance YesodAuth master => YesodSubDispatch Auth (HandlerT master IO) where
+instance YesodAuth master => YesodSubDispatch Auth master where
    yesodSubDispatch = $(mkYesodSubDispatch resourcesAuth)
 asHtml :: Html -> Html
 asHtml = id
--- a/yesod-auth/Yesod/Auth/BrowserId.hs
+++ b/yesod-auth/Yesod/Auth/BrowserId.hs
@ -2,24 +2,27 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE TemplateHaskell #-}
 {-# LANGUAGE RecordWildCards #-}
 -- | NOTE: Mozilla Persona will be shut down by the end of 2016, therefore this
 -- module is no longer recommended for use.
 module Yesod.Auth.BrowserId
    {-# DEPRECATED "Mozilla Persona will be shut down by the end of 2016" #-}
    ( authBrowserId
-    , createOnClick
+    , createOnClick, createOnClickOverride
    , def
    , BrowserIdSettings
    , bisAudience
    , bisLazyLoad
    , forwardUrl
    ) where
 import Yesod.Auth
 import Web.Authenticate.BrowserId
 import Data.Text (Text)
 import Yesod.Core
 import Text.Hamlet (hamlet)
 import qualified Data.Text as T
 import Data.Maybe (fromMaybe)
 import Control.Monad (when, unless)
-import Text.Julius (julius, rawJS)
+import Text.Julius (rawJS)
 import Network.URI (uriPath, parseURI)
 import Data.FileEmbed (embedFile)
 import Data.ByteString (ByteString)
@ -28,8 +31,11 @@ import Data.Default
 pid :: Text
 pid = "browserid"
-complete :: Route Auth
+forwardUrl :: AuthRoute
-complete = PluginR pid []
+forwardUrl = PluginR pid []
 complete :: AuthRoute
 complete = forwardUrl
 -- | A settings type for various configuration options relevant to BrowserID.
 --
@ -64,19 +70,21 @@ authBrowserId bis@BrowserIdSettings {..} = AuthPlugin
    , apDispatch = \m ps ->
        case (m, ps) of
            ("GET", [assertion]) -> do
                master <- lift getYesod
                audience <-
                    case bisAudience of
                        Just a -> return a
                        Nothing -> do
                            r <- getUrlRender
-                            return $ T.takeWhile (/= '/') $ stripScheme $ r LoginR
+                            tm <- getRouteToParent
-                memail <- lift $ checkAssertion audience assertion (authHttpManager master)
+                            return $ T.takeWhile (/= '/') $ stripScheme $ r $ tm LoginR
                manager <- authHttpManager
                memail <- checkAssertion audience assertion manager
                case memail of
                    Nothing -> do
                      $logErrorS "yesod-auth" "BrowserID assertion failure"
-                      loginErrorMessage LoginR "BrowserID login error."
+                      tm <- getRouteToParent
-                    Just email -> lift $ setCreds True Creds
+                      loginErrorMessage (tm LoginR) "BrowserID login error."
                    Just email -> setCredsRedirect Creds
                        { credsPlugin = pid
                        , credsIdent = email
                        , credsExtra = []
@ -106,14 +114,16 @@ $newline never
 -- | Generates a function to handle on-click events, and returns that function
 -- name.
-createOnClick :: BrowserIdSettings
+createOnClickOverride :: BrowserIdSettings
              -> (Route Auth -> Route master)
-              -> WidgetT master IO Text
+              -> Maybe (Route master)
-createOnClick BrowserIdSettings {..} toMaster = do
+              -> WidgetFor master Text
 createOnClickOverride BrowserIdSettings {..} toMaster mOnRegistration = do
    unless bisLazyLoad $ addScriptRemote browserIdJs
    onclick <- newIdent
    render <- getUrlRender
-    let login = toJSON $ getPath $ render (toMaster LoginR)
+    let login = toJSON $ getPath $ render loginRoute -- (toMaster LoginR)
        loginRoute = maybe (toMaster LoginR) id mOnRegistration
    toWidget [julius|
        function #{rawJS onclick}() {
            if (navigator.id) {
@ -151,3 +161,10 @@ createOnClick BrowserIdSettings {..} toMaster = do
    getPath t = fromMaybe t $ do
        uri <- parseURI $ T.unpack t
        return $ T.pack $ uriPath uri
 -- | Generates a function to handle on-click events, and returns that function
 -- name.
 createOnClick :: BrowserIdSettings
              -> (Route Auth -> Route master)
              -> WidgetFor master Text
 createOnClick bidSettings toMaster = createOnClickOverride bidSettings toMaster Nothing
--- a/yesod-auth/Yesod/Auth/Dummy.hs
+++ b/yesod-auth/Yesod/Auth/Dummy.hs
@ -1,30 +1,76 @@
-{-# LANGUAGE QuasiQuotes #-}
+{-# LANGUAGE FlexibleContexts    #-}
-{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE OverloadedStrings   #-}
 {-# LANGUAGE QuasiQuotes         #-}
 {-# LANGUAGE RankNTypes          #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 {-# LANGUAGE TypeFamilies        #-}
 -- | Provides a dummy authentication module that simply lets a user specify
-- his/her identifier. This is not intended for real world use, just for
+-- their identifier. This is not intended for real world use, just for
-- testing.
+-- testing. This plugin supports form submissions via JSON (since 1.6.8).
 --
 -- = Using the JSON Login Endpoint
 --
 -- We are assuming that you have declared `authRoute` as follows
 --
 -- @
 --       Just $ AuthR LoginR
 -- @
 --
 -- If you are using a different one, then you have to adjust the
 -- endpoint accordingly.
 --
 -- @
 --       Endpoint: \/auth\/page\/dummy
 --       Method: POST
 --       JSON Data: {
 --                      "ident": "my identifier"
 --                  }
 -- @
 --
 -- Remember to add the following headers:
 --
 --     - Accept: application\/json
 --     - Content-Type: application\/json
 module Yesod.Auth.Dummy
    ( authDummy
    ) where
-import Yesod.Auth
+import           Data.Aeson.Types (Parser, Result (..))
-import Yesod.Form (runInputPost, textField, ireq)
+import qualified Data.Aeson.Types as A (parseEither, withObject)
-import Text.Hamlet (hamlet)
+import           Data.Text        (Text)
-import Yesod.Core
+import           Yesod.Auth
 import           Yesod.Core
 import           Yesod.Form       (ireq, runInputPost, textField)
 identParser :: Value -> Parser Text
 identParser = A.withObject "Ident" (.: "ident")
 authDummy :: YesodAuth m => AuthPlugin m
 authDummy =
    AuthPlugin "dummy" dispatch login
  where
    dispatch :: Text -> [Text] -> AuthHandler m TypedContent
    dispatch "POST" [] = do
-        ident <- lift $ runInputPost $ ireq textField "ident"
+        (jsonResult :: Result Value) <- parseCheckJsonBody
-        lift $ setCreds True $ Creds "dummy" ident []
+        eIdent <- case jsonResult of
            Success val -> return $ A.parseEither identParser val
            Error   err -> return $ Left err
        case eIdent of
            Right ident ->
                setCredsRedirect $ Creds "dummy" ident []
            Left  _     -> do
                ident <- runInputPost $ ireq textField "ident"
                setCredsRedirect $ Creds "dummy" ident []
    dispatch _ _ = notFound
    url = PluginR "dummy" []
-    login authToMaster =
+    login authToMaster = do
        request <- getRequest
        toWidget [hamlet|
 $newline never
 <form method="post" action="@{authToMaster url}">
    $maybe t <- reqToken request
        <input type=hidden name=#{defaultCsrfParamName} value=#{t}>
    Your new identifier is: #
    <input type="text" name="ident">
    <input type="submit" value="Dummy Login">
--- a/yesod-auth/Yesod/Auth/Email.hs
+++ b/yesod-auth/Yesod/Auth/Email.hs
--- a/yesod-auth/Yesod/Auth/GoogleEmail.hs
+++ b/yesod-auth/Yesod/Auth/GoogleEmail.hs
@ -1,83 +0,0 @@
 {-# LANGUAGE QuasiQuotes #-}
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE RankNTypes #-}
 -- | Use an email address as an identifier via Google's OpenID login system.
 --
 -- This backend will not use the OpenID identifier at all. It only uses OpenID
 -- as a login system. By using this plugin, you are trusting Google to validate
 -- an email address, and requiring users to have a Google account. On the plus
 -- side, you get to use email addresses as the identifier, many users have
 -- existing Google accounts, the login system has been long tested (as opposed
 -- to BrowserID), and it requires no credential managing or setup (as opposed
 -- to Email).
 module Yesod.Auth.GoogleEmail
    ( authGoogleEmail
    , forwardUrl
    ) where
 import Yesod.Auth
 import qualified Web.Authenticate.OpenId as OpenId
 import Yesod.Core
 import Data.Text (Text)
 import qualified Yesod.Auth.Message as Msg
 import qualified Data.Text as T
 import Control.Exception.Lifted (try, SomeException)
 pid :: Text
 pid = "googleemail"
 forwardUrl :: AuthRoute
 forwardUrl = PluginR pid ["forward"]
 googleIdent :: Text
 googleIdent = "https://www.google.com/accounts/o8/id"
 authGoogleEmail :: YesodAuth m => AuthPlugin m
 authGoogleEmail =
    AuthPlugin pid dispatch login
  where
    complete = PluginR pid ["complete"]
    login tm =
        [whamlet|<a href=@{tm forwardUrl}>_{Msg.LoginGoogle}|]
    dispatch "GET" ["forward"] = do
        render <- getUrlRender
        let complete' = render complete
        master <- lift getYesod
        eres <- lift $ try $ OpenId.getForwardUrl googleIdent complete' Nothing
            [ ("openid.ax.type.email", "http://schema.openid.net/contact/email")
            , ("openid.ns.ax", "http://openid.net/srv/ax/1.0")
            , ("openid.ns.ax.required", "email")
            , ("openid.ax.mode", "fetch_request")
            , ("openid.ax.required", "email")
            , ("openid.ui.icon", "true")
            ] (authHttpManager master)
        either
          (\err -> loginErrorMessage LoginR $ T.pack $ show (err :: SomeException))
          redirect
          eres
    dispatch "GET" ["complete", ""] = dispatch "GET" ["complete"] -- compatibility issues
    dispatch "GET" ["complete"] = do
        rr <- getRequest
        completeHelper $ reqGetParams rr
    dispatch "POST" ["complete", ""] = dispatch "POST" ["complete"] -- compatibility issues
    dispatch "POST" ["complete"] = do
        (posts, _) <- runRequestBody
        completeHelper posts
    dispatch _ _ = notFound
 completeHelper :: YesodAuth master => [(Text, Text)] -> AuthHandler master ()
 completeHelper gets' = do
      master <- lift getYesod
      eres <- lift $ try $ OpenId.authenticateClaimed gets' (authHttpManager master)
      either onFailure onSuccess eres
    where
      onFailure err = loginErrorMessage LoginR $ T.pack $ show (err :: SomeException)
      onSuccess oir = do
              let OpenId.Identifier ident = OpenId.oirOpLocal oir
              memail <- lookupGetParam "openid.ext1.value.email"
              case (memail, "https://www.google.com/accounts/o8/id" `T.isPrefixOf` ident) of
                  (Just email, True) -> lift $ setCreds True $ Creds pid email []
                  (_, False)   -> loginErrorMessage LoginR "Only Google login is supported"
                  (Nothing, _) -> loginErrorMessage LoginR "No email address provided"
--- a/yesod-auth/Yesod/Auth/GoogleEmail2.hs
+++ b/yesod-auth/Yesod/Auth/GoogleEmail2.hs
@ -0,0 +1,616 @@
 {-# LANGUAGE CPP               #-}
 {-# LANGUAGE FlexibleContexts  #-}
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE QuasiQuotes       #-}
 {-# LANGUAGE RankNTypes        #-}
 {-# LANGUAGE TypeFamilies      #-}
 -- | Use an email address as an identifier via Google's login system.
 --
 -- Note that this is a replacement for "Yesod.Auth.GoogleEmail", which depends
 -- on Google's now deprecated OpenID system. For more information, see
 -- <https://developers.google.com/+/api/auth-migration>.
 --
 -- By using this plugin, you are trusting Google to validate an email address,
 -- and requiring users to have a Google account. On the plus side, you get to
 -- use email addresses as the identifier, many users have existing Google
 -- accounts, the login system has been long tested (as opposed to BrowserID),
 -- and it requires no credential managing or setup (as opposed to Email).
 --
 -- In order to use this plugin:
 --
 -- * Create an application on the Google Developer Console <https://console.developers.google.com/>
 --
 -- * Create OAuth credentials. The redirect URI will be <http://yourdomain/auth/page/googleemail2/complete>. (If you have your authentication subsite at a different root than \/auth\/, please adjust accordingly.)
 --
 -- * Enable the Google+ API.
 --
 -- @since 1.3.1
 module Yesod.Auth.GoogleEmail2
    {-# DEPRECATED "Google+ is being shut down, please migrate to Google Sign-in https://pbrisbin.com/posts/googleemail2_deprecation/" #-}
    ( -- * Authentication handlers
      authGoogleEmail
    , authGoogleEmailSaveToken
    , forwardUrl
    -- * User authentication token
    , Token(..)
    , getUserAccessToken
    -- * Person
    , getPerson
    , Person(..)
    , Name(..)
    , Gender(..)
    , PersonImage(..)
    , resizePersonImage
    , RelationshipStatus(..)
    , PersonURI(..)
    , PersonURIType(..)
    , Organization(..)
    , OrganizationType(..)
    , Place(..)
    , Email(..)
    , EmailType(..)
    -- * Other functions
    , pid
    ) where
 import           Yesod.Auth                  (Auth, AuthHandler,
                                              AuthPlugin (AuthPlugin),
                                              AuthRoute, Creds (Creds),
                                              Route (PluginR), YesodAuth,
                                              logoutDest, runHttpRequest,
                                              setCredsRedirect)
 import qualified Yesod.Auth.Message          as Msg
 import           Yesod.Core                  (HandlerSite, MonadHandler,
                                              TypedContent, addMessage,
                                              getRouteToParent, getUrlRender,
                                              getYesod, invalidArgs, liftIO,
                                              liftSubHandler, lookupGetParam,
                                              lookupSession, notFound, redirect,
                                              setSession, toHtml, whamlet, (.:))
 import           Blaze.ByteString.Builder    (fromByteString, toByteString)
 import           Control.Applicative         ((<$>), (<*>))
 import           Control.Arrow               (second)
 import           Control.Monad               (unless, when)
 import           Control.Monad.IO.Class      (MonadIO)
 import qualified Crypto.Nonce                as Nonce
 import           Data.Aeson                  ((.:?))
 import qualified Data.Aeson                  as A
 #if MIN_VERSION_aeson(1,0,0)
 import qualified Data.Aeson.Text             as A
 #else
 import qualified Data.Aeson.Encode           as A
 #endif
 import           Data.Aeson.Parser           (json')
 import           Data.Aeson.Types            (FromJSON (parseJSON), parseEither,
                                              parseMaybe, withObject, withText)
 import           Data.Conduit
 import           Data.Conduit.Attoparsec     (sinkParser)
 import           Data.Maybe                  (fromMaybe)
 import           Data.Monoid                 (mappend)
 import           Data.Text                   (Text)
 import qualified Data.Text                   as T
 import           Data.Text.Encoding          (decodeUtf8, encodeUtf8)
 import qualified Data.Text.Lazy              as TL
 import qualified Data.Text.Lazy.Builder      as TL
 import           Network.HTTP.Client         (Manager, requestHeaders,
                                              responseBody, urlEncodedBody)
 import qualified Network.HTTP.Client         as HTTP
 import           Network.HTTP.Client.Conduit (Request, bodyReaderSource)
 import           Network.HTTP.Conduit        (http)
 import           Network.HTTP.Types          (renderQueryText)
 import           System.IO.Unsafe            (unsafePerformIO)
 #if MIN_VERSION_aeson(2, 0, 0)
 import qualified Data.Aeson.Key
 import qualified Data.Aeson.KeyMap
 #else
 import qualified Data.HashMap.Strict         as M
 #endif
 -- | Plugin identifier. This is used to identify the plugin used for
 -- authentication. The 'credsPlugin' will contain this value when this
 -- plugin is used for authentication.
 -- @since 1.4.17
 pid :: Text
 pid = "googleemail2"
 forwardUrl :: AuthRoute
 forwardUrl = PluginR pid ["forward"]
 csrfKey :: Text
 csrfKey = "_GOOGLE_CSRF_TOKEN"
 getCsrfToken :: MonadHandler m => m (Maybe Text)
 getCsrfToken = lookupSession csrfKey
 accessTokenKey :: Text
 accessTokenKey = "_GOOGLE_ACCESS_TOKEN"
 -- | Get user's access token from the session. Returns Nothing if it's not found
 --   (probably because the user is not logged in via 'Yesod.Auth.GoogleEmail2'
 --   or you are not using 'authGoogleEmailSaveToken')
 getUserAccessToken :: MonadHandler m => m (Maybe Token)
 getUserAccessToken = fmap (\t -> Token t "Bearer") <$> lookupSession accessTokenKey
 getCreateCsrfToken :: MonadHandler m => m Text
 getCreateCsrfToken = do
    mtoken <- getCsrfToken
    case mtoken of
        Just token -> return token
        Nothing -> do
            token <- Nonce.nonce128urlT defaultNonceGen
            setSession csrfKey token
            return token
 authGoogleEmail :: YesodAuth m
                => Text -- ^ client ID
                -> Text -- ^ client secret
                -> AuthPlugin m
 authGoogleEmail = authPlugin False
 -- | An alternative version which stores user access token in the session
 --   variable. Use it if you want to request user's profile from your app.
 --
 -- @since 1.4.3
 authGoogleEmailSaveToken :: YesodAuth m
                         => Text -- ^ client ID
                         -> Text -- ^ client secret
                         -> AuthPlugin m
 authGoogleEmailSaveToken = authPlugin True
 authPlugin :: YesodAuth m
           => Bool -- ^ if the token should be stored
           -> Text -- ^ client ID
           -> Text -- ^ client secret
           -> AuthPlugin m
 authPlugin storeToken clientID clientSecret =
    AuthPlugin pid dispatch login
  where
    complete = PluginR pid ["complete"]
    getDest :: MonadHandler m
            => (Route Auth -> Route (HandlerSite m))
            -> m Text
    getDest tm = do
        csrf <- getCreateCsrfToken
        render <- getUrlRender
        let qs = map (second Just)
                [ ("scope", "email profile")
                , ("state", csrf)
                , ("redirect_uri", render $ tm complete)
                , ("response_type", "code")
                , ("client_id", clientID)
                , ("access_type", "offline")
                ]
        return $ decodeUtf8
               $ toByteString
               $ fromByteString "https://accounts.google.com/o/oauth2/auth"
                    `Data.Monoid.mappend` renderQueryText True qs
    login tm = do
        [whamlet|<a href=@{tm forwardUrl}>_{Msg.LoginGoogle}|]
    dispatch :: YesodAuth site
             => Text
             -> [Text]
             -> AuthHandler site TypedContent
    dispatch "GET" ["forward"] = do
        tm <- getRouteToParent
        getDest tm >>= redirect
    dispatch "GET" ["complete"] = do
        mstate <- lookupGetParam "state"
        case mstate of
            Nothing -> invalidArgs ["CSRF state from Google is missing"]
            Just state -> do
                mtoken <- getCsrfToken
                unless (Just state == mtoken) $ invalidArgs ["Invalid CSRF token from Google"]
        mcode <- lookupGetParam "code"
        code <-
            case mcode of
                Nothing -> do
                    merr <- lookupGetParam "error"
                    case merr of
                        Nothing -> invalidArgs ["Missing code paramter"]
                        Just err -> do
                            master <- getYesod
                            let msg =
                                    case err of
                                        "access_denied" -> "Access denied"
                                        _ -> "Unknown error occurred: " `T.append` err
                            addMessage "error" $ toHtml msg
                            redirect $ logoutDest master
                Just c -> return c
        render <- getUrlRender
        tm <- getRouteToParent
        req' <- liftIO $
            HTTP.parseUrlThrow
            "https://accounts.google.com/o/oauth2/token" -- FIXME don't hardcode, use: https://accounts.google.com/.well-known/openid-configuration
        let req =
                urlEncodedBody
                    [ ("code", encodeUtf8 code)
                    , ("client_id", encodeUtf8 clientID)
                    , ("client_secret", encodeUtf8 clientSecret)
                    , ("redirect_uri", encodeUtf8 $ render $ tm complete)
                    , ("grant_type", "authorization_code")
                    ]
                    req'
                        { requestHeaders = []
                        }
        value <- makeHttpRequest req
        token@(Token accessToken' tokenType') <-
            case parseEither parseJSON value of
                Left e  -> error e
                Right t -> return t
        unless (tokenType' == "Bearer") $ error $ "Unknown token type: " ++ show tokenType'
        -- User's access token is saved for further access to API
        when storeToken $ setSession accessTokenKey accessToken'
        personValReq <- personValueRequest token
        personValue <- makeHttpRequest personValReq
        person <- case parseEither parseJSON personValue of
                Left e  -> error e
                Right x -> return x
        email <-
            case map emailValue $ filter (\e -> emailType e == EmailAccount) $ personEmails person of
                [e] -> return e
                []  -> error "No account email"
                x   -> error $ "Too many account emails: " ++ show x
        setCredsRedirect $ Creds pid email $ allPersonInfo personValue
    dispatch _ _ = notFound
 makeHttpRequest :: Request -> AuthHandler site A.Value
 makeHttpRequest req =
    liftSubHandler $ runHttpRequest req $ \res ->
    runConduit $ bodyReaderSource (responseBody res) .| sinkParser json'
 -- | Allows to fetch information about a user from Google's API.
 --   In case of parsing error returns 'Nothing'.
 --   Will throw 'HttpException' in case of network problems or error response code.
 --
 -- @since 1.4.3
 getPerson :: MonadHandler m => Manager -> Token -> m (Maybe Person)
 getPerson manager token = liftSubHandler $ parseMaybe parseJSON <$> (do
    req <- personValueRequest token
    res <- http req manager
    runConduit $ responseBody res .| sinkParser json'
  )
 personValueRequest :: MonadIO m => Token -> m Request
 personValueRequest token = do
    req2' <- liftIO
           $ HTTP.parseUrlThrow "https://www.googleapis.com/plus/v1/people/me"
    return req2'
            { requestHeaders =
                [ ("Authorization", encodeUtf8 $ "Bearer " `mappend` accessToken token)
                ]
            }
 --------------------------------------------------------------------------------
 -- | An authentication token which was acquired from OAuth callback.
 --   The token gets saved into the session storage only if you use
 --   'authGoogleEmailSaveToken'.
 --   You can acquire saved token with 'getUserAccessToken'.
 --
 -- @since 1.4.3
 data Token = Token { accessToken :: Text
                   , tokenType   :: Text
                   } deriving (Show, Eq)
 instance FromJSON Token where
    parseJSON = withObject "Tokens" $ \o -> Token
        Control.Applicative.<$> o .: "access_token"
        Control.Applicative.<*> o .: "token_type"
 --------------------------------------------------------------------------------
 -- | Gender of the person
 --
 -- @since 1.4.3
 data Gender = Male | Female | OtherGender deriving (Show, Eq)
 instance FromJSON Gender where
    parseJSON = withText "Gender" $ \t -> return $ case t of
                                                "male"   -> Male
                                                "female" -> Female
                                                _        -> OtherGender
 --------------------------------------------------------------------------------
 -- | URIs specified in the person's profile
 --
 -- @since 1.4.3
 data PersonURI =
    PersonURI { uriLabel :: Maybe Text
              , uriValue :: Maybe Text
              , uriType  :: Maybe PersonURIType
              } deriving (Show, Eq)
 instance FromJSON PersonURI where
    parseJSON = withObject "PersonURI" $ \o -> PersonURI <$> o .:? "label"
                                                         <*> o .:? "value"
                                                         <*> o .:? "type"
 --------------------------------------------------------------------------------
 -- | The type of URI
 --
 -- @since 1.4.3
 data PersonURIType = OtherProfile       -- ^ URI for another profile
                   | Contributor        -- ^ URI to a site for which this person is a contributor
                   | Website            -- ^ URI for this Google+ Page's primary website
                   | OtherURI           -- ^ Other URL
                   | PersonURIType Text -- ^ Something else
                   deriving (Show, Eq)
 instance FromJSON PersonURIType where
    parseJSON = withText "PersonURIType" $ \t -> return $ case t of
            "otherProfile" -> OtherProfile
            "contributor"  -> Contributor
            "website"      -> Website
            "other"        -> OtherURI
            _              -> PersonURIType t
 --------------------------------------------------------------------------------
 -- | Current or past organizations with which this person is associated
 --
 -- @since 1.4.3
 data Organization =
    Organization { orgName      :: Maybe Text
                   -- ^ The person's job title or role within the organization
                 , orgTitle     :: Maybe Text
                 , orgType      :: Maybe OrganizationType
                   -- ^ The date that the person joined this organization.
                 , orgStartDate :: Maybe Text
                   -- ^ The date that the person left this organization.
                 , orgEndDate   :: Maybe Text
                   -- ^ If @True@, indicates this organization is the person's
                   -- ^ primary one, which is typically interpreted as the current one.
                 , orgPrimary   :: Maybe Bool
                 } deriving (Show, Eq)
 instance FromJSON Organization where
    parseJSON = withObject "Organization" $ \o ->
        Organization <$> o .:? "name"
                     <*> o .:? "title"
                     <*> o .:? "type"
                     <*> o .:? "startDate"
                     <*> o .:? "endDate"
                     <*> o .:? "primary"
 --------------------------------------------------------------------------------
 -- | The type of an organization
 --
 -- @since 1.4.3
 data OrganizationType = Work
                      | School
                      | OrganizationType Text -- ^ Something else
                      deriving (Show, Eq)
 instance FromJSON OrganizationType where
    parseJSON = withText "OrganizationType" $ \t -> return $ case t of
                                                "work"   -> Work
                                                "school" -> School
                                                _        -> OrganizationType t
 --------------------------------------------------------------------------------
 -- | A place where the person has lived or is living at the moment.
 --
 -- @since 1.4.3
 data Place =
    Place { -- | A place where this person has lived. For example: "Seattle, WA", "Near Toronto".
            placeValue   :: Maybe Text
            -- | If @True@, this place of residence is this person's primary residence.
          , placePrimary :: Maybe Bool
          } deriving (Show, Eq)
 instance FromJSON Place where
    parseJSON = withObject "Place" $ \o -> Place <$> (o .:? "value") <*> (o .:? "primary")
 --------------------------------------------------------------------------------
 -- | Individual components of a name
 --
 -- @since 1.4.3
 data Name =
    Name { -- | The full name of this person, including middle names, suffixes, etc
           nameFormatted       :: Maybe Text
           -- | The family name (last name) of this person
         , nameFamily          :: Maybe Text
           -- | The given name (first name) of this person
         , nameGiven           :: Maybe Text
           -- | The middle name of this person.
         , nameMiddle          :: Maybe Text
           -- | The honorific prefixes (such as "Dr." or "Mrs.") for this person
         , nameHonorificPrefix :: Maybe Text
           -- | The honorific suffixes (such as "Jr.") for this person
         , nameHonorificSuffix :: Maybe Text
         } deriving (Show, Eq)
 instance FromJSON Name where
    parseJSON = withObject "Name" $ \o -> Name <$> o .:? "formatted"
                                               <*> o .:? "familyName"
                                               <*> o .:? "givenName"
                                               <*> o .:? "middleName"
                                               <*> o .:? "honorificPrefix"
                                               <*> o .:? "honorificSuffix"
 --------------------------------------------------------------------------------
 -- | The person's relationship status.
 --
 -- @since 1.4.3
 data RelationshipStatus = Single              -- ^ Person is single
                        | InRelationship      -- ^ Person is in a relationship
                        | Engaged             -- ^ Person is engaged
                        | Married             -- ^ Person is married
                        | Complicated         -- ^ The relationship is complicated
                        | OpenRelationship    -- ^ Person is in an open relationship
                        | Widowed             -- ^ Person is widowed
                        | DomesticPartnership -- ^ Person is in a domestic partnership
                        | CivilUnion          -- ^ Person is in a civil union
                        | RelationshipStatus Text -- ^ Something else
                        deriving (Show, Eq)
 instance FromJSON RelationshipStatus where
    parseJSON = withText "RelationshipStatus" $ \t -> return $ case t of
                  "single"                  -> Single
                  "in_a_relationship"       -> InRelationship
                  "engaged"                 -> Engaged
                  "married"                 -> Married
                  "its_complicated"         -> Complicated
                  "open_relationship"       -> OpenRelationship
                  "widowed"                 -> Widowed
                  "in_domestic_partnership" -> DomesticPartnership
                  "in_civil_union"          -> CivilUnion
                  _                         -> RelationshipStatus t
 --------------------------------------------------------------------------------
 -- | The URI of the person's profile photo.
 --
 -- @since 1.4.3
 newtype PersonImage = PersonImage { imageUri :: Text } deriving (Show, Eq)
 instance FromJSON PersonImage where
    parseJSON = withObject "PersonImage" $ \o -> PersonImage <$> o .: "url"
 -- | @resizePersonImage img 30@ would set query part to @?sz=30@ which would resize
 --   the image under the URI. If for some reason you need to modify the query
 --   part, you should do it after resizing.
 --
 -- @since 1.4.3
 resizePersonImage :: PersonImage -> Int -> PersonImage
 resizePersonImage (PersonImage uri) size =
    PersonImage $ uri `mappend` "?sz=" `mappend` T.pack (show size)
 --------------------------------------------------------------------------------
 -- | Information about the user
 --   Full description of the resource https://developers.google.com/+/api/latest/people
 --
 -- @since 1.4.3
 data Person = Person
    { personId                 :: Text
      -- | The name of this person, which is suitable for display
    , personDisplayName        :: Maybe Text
    , personName               :: Maybe Name
    , personNickname           :: Maybe Text
    , personBirthday           :: Maybe Text -- ^ Birthday formatted as YYYY-MM-DD
    , personGender             :: Maybe Gender
    , personProfileUri         :: Maybe Text -- ^ The URI of this person's profile
    , personImage              :: Maybe PersonImage
    , personAboutMe            :: Maybe Text -- ^ A short biography for this person
    , personRelationshipStatus :: Maybe RelationshipStatus
    , personUris               :: [PersonURI]
    , personOrganizations      :: [Organization]
    , personPlacesLived        :: [Place]
    -- | The brief description of this person
    , personTagline            :: Maybe Text
    -- | Whether this user has signed up for Google+
    , personIsPlusUser         :: Maybe Bool
    -- | The "bragging rights" line of this person
    , personBraggingRights     :: Maybe Text
    -- | if a Google+ page, the number of people who have +1'd this page
    , personPlusOneCount       :: Maybe Int
    -- | For followers who are visible, the number of people who have added
    --   this person or page to a circle.
    , personCircledByCount     :: Maybe Int
    -- | Whether the person or Google+ Page has been verified. This is used only
    --   for pages with a higher risk of being impersonated or similar. This
    --   flag will not be present on most profiles.
    , personVerified           :: Maybe Bool
    -- | The user's preferred language for rendering.
    , personLanguage           :: Maybe Text
    , personEmails             :: [Email]
    , personDomain             :: Maybe Text
    , personOccupation         :: Maybe Text -- ^ The occupation of this person
    , personSkills             :: Maybe Text -- ^ The person's skills
    } deriving (Show, Eq)
 instance FromJSON Person where
    parseJSON = withObject "Person" $ \o ->
        Person <$> o .:  "id"
               <*> o .:  "displayName"
               <*> o .:? "name"
               <*> o .:? "nickname"
               <*> o .:? "birthday"
               <*> o .:? "gender"
               <*> (o .:? "url")
               <*> o .:? "image"
               <*> o .:? "aboutMe"
               <*> o .:? "relationshipStatus"
               <*> ((fromMaybe []) <$> (o .:? "urls"))
               <*> ((fromMaybe []) <$> (o .:? "organizations"))
               <*> ((fromMaybe []) <$> (o .:? "placesLived"))
               <*> o .:? "tagline"
               <*> o .:? "isPlusUser"
               <*> o .:? "braggingRights"
               <*> o .:? "plusOneCount"
               <*> o .:? "circledByCount"
               <*> o .:? "verified"
               <*> o .:? "language"
               <*> ((fromMaybe []) <$> (o .:? "emails"))
               <*> o .:? "domain"
               <*> o .:? "occupation"
               <*> o .:? "skills"
 --------------------------------------------------------------------------------
 -- | Person's email
 --
 -- @since 1.4.3
 data Email = Email
    { emailValue :: Text
    , emailType  :: EmailType
    }
    deriving (Show, Eq)
 instance FromJSON Email where
    parseJSON = withObject "Email" $ \o -> Email
        <$> o .: "value"
        <*> o .: "type"
 --------------------------------------------------------------------------------
 -- | Type of email
 --
 -- @since 1.4.3
 data EmailType = EmailAccount   -- ^ Google account email address
               | EmailHome      -- ^ Home email address
               | EmailWork      -- ^ Work email adress
               | EmailOther     -- ^ Other email address
               | EmailType Text -- ^ Something else
               deriving (Show, Eq)
 instance FromJSON EmailType where
    parseJSON = withText "EmailType" $ \t -> return $ case t of
        "account" -> EmailAccount
        "home"    -> EmailHome
        "work"    -> EmailWork
        "other"   -> EmailOther
        _         -> EmailType t
 allPersonInfo :: A.Value -> [(Text, Text)]
 allPersonInfo (A.Object o) = map enc $ mapToList o
  where
    enc (key, A.String s) = (keyToText key, s)
    enc (key, v) = (keyToText key, TL.toStrict $ TL.toLazyText $ A.encodeToTextBuilder v)
 #if MIN_VERSION_aeson(2, 0, 0)
    keyToText = Data.Aeson.Key.toText
    mapToList = Data.Aeson.KeyMap.toList
 #else
    keyToText = id
    mapToList = M.toList
 #endif
 allPersonInfo _ = []
 -- See https://github.com/yesodweb/yesod/issues/1245 for discussion on this
 -- use of unsafePerformIO.
 defaultNonceGen :: Nonce.Generator
 defaultNonceGen = unsafePerformIO (Nonce.new)
 {-# NOINLINE defaultNonceGen #-}
--- a/yesod-auth/Yesod/Auth/Hardcoded.hs
+++ b/yesod-auth/Yesod/Auth/Hardcoded.hs
@ -0,0 +1,199 @@
 {-# LANGUAGE FlexibleContexts      #-}
 {-# LANGUAGE MultiParamTypeClasses #-}
 {-# LANGUAGE OverloadedStrings     #-}
 {-# LANGUAGE QuasiQuotes           #-}
 {-# LANGUAGE RankNTypes            #-}
 {-# LANGUAGE TemplateHaskell       #-}
 {-# LANGUAGE TypeFamilies          #-}
 {-|
 Module      : Yesod.Auth.Hardcoded
 Description : Very simple auth plugin for hardcoded auth pairs.
 Copyright   : (c) Arthur Fayzrakhmanov, 2015
 License     : MIT
 Maintainer  : heraldhoi@gmail.com
 Stability   : experimental
 Sometimes you may want to have some hardcoded set of users (e.g. site managers)
 that allowed to log in and visit some specific sections of your website without
 ability to register new managers.  This simple plugin is designed exactly for
 this purpose.
 Here is a quick usage example.
 == Define hardcoded users representation
 Let's assume, that we want to have some hardcoded managers with normal site
 users.  Let's define hardcoded user representation:
@
 data SiteManager = SiteManager
  { manUserName :: Text
  , manPassWord :: Text }
  deriving Show
 siteManagers :: [SiteManager]
 siteManagers = [SiteManager "content editor" "top secret"]
@
 == Describe 'YesodAuth' instance
 Now we need to have some convenient 'AuthId' type representing both
 cases:
@
 instance YesodAuth App where
  type AuthId App = Either UserId Text
@
 Here, right @Text@ value will present hardcoded user name (which obviously must
 be unique).
 'AuthId' must have an instance of 'PathPiece' class, this is needed to store
 user identifier in session (this happens in 'setCreds' and 'setCredsRedirect'
 actions) and to read that identifier from session (this happens in
 `defaultMaybeAuthId` action).  So we have to define it:
@
 import Text.Read (readMaybe)
 instance PathPiece (Either UserId Text) where
  fromPathPiece = readMaybe . unpack
  toPathPiece = pack . show
@
 Quiet simple so far.  Now let's add plugin to 'authPlugins' list, and define
 'authenticate' method, it should return user identifier for given credentials,
 for normal users it is usually persistent key, for hardcoded users we will
 return user name again.
@
 instance YesodAuth App where
  -- ..
  authPlugins _ = [authHardcoded]
  authenticate Creds{..} =
    return
      (case credsPlugin of
         "hardcoded" ->
           case lookupUser credsIdent of
             Nothing -> UserError InvalidLogin
             Just m  -> Authenticated (Right (manUserName m)))
@
 Here @lookupUser@ is just a helper function to lookup hardcoded users by name:
@
 lookupUser :: Text -> Maybe SiteManager
 lookupUser username = find (\\m -> manUserName m == username) siteManagers
@
 == Describe an 'YesodAuthPersist' instance
 Now we need to manually define 'YesodAuthPersist' instance.
 > instance YesodAuthPersist App where
 >   type AuthEntity App = Either User SiteManager
 >
 >   getAuthEntity (Left uid) =
 >     do x <- runDB (get uid)
 >        return (Left <$> x)
 >   getAuthEntity (Right username) = return (Right <$> lookupUser username)
 == Define 'YesodAuthHardcoded' instance
 Finally, let's define an plugin instance
@
 instance YesodAuthHardcoded App where
  validatePassword u = return . validPassword u
  doesUserNameExist  = return . isJust . lookupUser
 validPassword :: Text -> Text -> Bool
 validPassword u p =
  case find (\\m -> manUserName m == u && manPassWord m == p) siteManagers of
    Just _ -> True
    _      -> False
@
 == Conclusion
 Now we can use 'maybeAuthId', 'maybeAuthPair', 'requireAuthId', and
 'requireAuthPair', moreover, the returned value makes possible to distinguish
 normal users and site managers.
 -}
 module Yesod.Auth.Hardcoded
  ( YesodAuthHardcoded(..)
  , authHardcoded
  , loginR )
  where
 import           Yesod.Auth          (AuthHandler, AuthPlugin (..), AuthRoute,
                                      Creds (..), Route (..), YesodAuth,
                                      loginErrorMessageI, setCredsRedirect)
 import qualified Yesod.Auth.Message  as Msg
 import           Yesod.Core
 import           Yesod.Form          (ireq, runInputPost, textField)
 import           Control.Applicative ((<$>), (<*>))
 import           Data.Text           (Text)
 loginR :: AuthRoute
 loginR = PluginR "hardcoded" ["login"]
 class (YesodAuth site) => YesodAuthHardcoded site where
  -- | Check whether given user name exists among hardcoded names.
  doesUserNameExist :: Text -> AuthHandler site Bool
  -- | Validate given user name with given password.
  validatePassword :: Text -> Text -> AuthHandler site Bool
 authHardcoded :: YesodAuthHardcoded m => AuthPlugin m
 authHardcoded =
  AuthPlugin "hardcoded" dispatch loginWidget
  where
    dispatch :: YesodAuthHardcoded m => Text -> [Text] -> AuthHandler m TypedContent
    dispatch "POST" ["login"] = postLoginR >>= sendResponse
    dispatch _ _              = notFound
    loginWidget toMaster = do
      request <- getRequest
      [whamlet|
        $newline never
        <form method="post" action="@{toMaster loginR}">
          $maybe t <- reqToken request
            <input type=hidden name=#{defaultCsrfParamName} value=#{t}>
          <table>
            <tr>
              <th>_{Msg.UserName}
              <td>
                 <input type="text" name="username" required>
            <tr>
              <th>_{Msg.Password}
              <td>
                 <input type="password" name="password" required>
            <tr>
              <td colspan="2">
                 <button type="submit" .btn .btn-success>_{Msg.LoginTitle}
        |]
 postLoginR :: YesodAuthHardcoded site
           => AuthHandler site TypedContent
 postLoginR =
  do (username, password) <- runInputPost
       ((,) Control.Applicative.<$> ireq textField "username"
            Control.Applicative.<*> ireq textField "password")
     isValid <- validatePassword username password
     if isValid
        then setCredsRedirect (Creds "hardcoded" username [])
        else do isExists <- doesUserNameExist username
                loginErrorMessageI LoginR
                                   (if isExists
                                       then Msg.InvalidUsernamePass
                                       else Msg.IdentifierNotFound username)
--- a/yesod-auth/Yesod/Auth/HashDB.hs
+++ b/yesod-auth/Yesod/Auth/HashDB.hs
@ -1,268 +0,0 @@
 {-# LANGUAGE QuasiQuotes                #-}
 {-# LANGUAGE ConstraintKinds            #-}
 {-# LANGUAGE FlexibleContexts           #-}
 {-# LANGUAGE TypeFamilies               #-}
 {-# LANGUAGE GeneralizedNewtypeDeriving #-}
 {-# LANGUAGE TemplateHaskell            #-}
 {-# LANGUAGE OverloadedStrings          #-}
 {-# LANGUAGE GADTs                      #-}
 {-# LANGUAGE CPP                        #-}
 -------------------------------------------------------------------------------
 -- |
 -- Module      :  Yesod.Auth.HashDB
 -- Copyright   :  (c) Patrick Brisbin 2010 
 -- License     :  as-is
 --
 -- Maintainer  :  pbrisbin@gmail.com
 -- Stability   :  Stable
 -- Portability :  Portable
 --
 -- A yesod-auth AuthPlugin designed to look users up in Persist where
 -- their user id's and a salted SHA1 hash of their password is stored.
 --
 -- Example usage:
 --
 -- > -- import the function
 -- > import Auth.HashDB
 -- >
 -- > -- make sure you have an auth route
 -- > mkYesodData "MyApp" [$parseRoutes|
 -- > / RootR GET
 -- > /auth AuthR Auth getAuth
 -- > |]
 -- >
 -- >
 -- > -- make your app an instance of YesodAuth using this plugin
 -- > instance YesodAuth MyApp where
 -- >    type AuthId MyApp = UserId
 -- >
 -- >    loginDest _  = RootR
 -- >    logoutDest _ = RootR
 -- >    getAuthId    = getAuthIdHashDB AuthR (Just . UniqueUser)
 -- >    authPlugins  = [authHashDB (Just . UniqueUser)]
 -- >
 -- >
 -- > -- include the migration function in site startup
 -- > withServer :: (Application -> IO a) -> IO a
 -- > withServer f = withConnectionPool $ \p -> do
 -- >     runSqlPool (runMigration migrateUsers) p
 -- >     let h = DevSite p
 --
 -- Note that function which converts username to unique identifier must be same.
 --
 -- Your app must be an instance of YesodPersist. and the username,
 -- salt and hashed-passwords should be added to the database.
 --
 -- > echo -n 'MySaltMyPassword' | sha1sum
 --
 -- can be used to get the hash from the commandline.
 --
 -------------------------------------------------------------------------------
 module Yesod.Auth.HashDB
    ( HashDBUser(..)
    , Unique (..)
    , setPassword
      -- * Authentification
    , validateUser
    , authHashDB
    , getAuthIdHashDB
      -- * Predefined data type
    , User
    , UserGeneric (..)
    , UserId
    , EntityField (..)
    , migrateUsers
    ) where
 import Yesod.Persist
 import Yesod.Form
 import Yesod.Auth
 import Yesod.Core
 import Text.Hamlet (hamlet)
 import Control.Applicative         ((<$>), (<*>))
 import Control.Monad               (replicateM,liftM)
 import qualified Data.ByteString.Lazy.Char8 as BS (pack)
 import Data.Digest.Pure.SHA        (sha1, showDigest)
 import Data.Text                   (Text, pack, unpack, append)
 import Data.Maybe                  (fromMaybe)
 import System.Random               (randomRIO)
 -- | Interface for data type which holds user info. It's just a
 --   collection of getters and setters
 class HashDBUser user where
  -- | Retrieve password hash from user data
  userPasswordHash :: user -> Maybe Text
  -- | Retrieve salt for password
  userPasswordSalt :: user -> Maybe Text
  -- | Deprecated for the better named setSaltAndPasswordHash 
  setUserHashAndSalt :: Text    -- ^ Salt
                     -> Text    -- ^ Password hash
                     -> user -> user
  setUserHashAndSalt = setSaltAndPasswordHash
  -- | a callback for setPassword
  setSaltAndPasswordHash :: Text    -- ^ Salt
                     -> Text    -- ^ Password hash
                     -> user -> user
  setSaltAndPasswordHash = setUserHashAndSalt
 -- | Generate random salt. Length of 8 is chosen arbitrarily
 randomSalt :: MonadIO m => m Text
 randomSalt = pack `liftM` liftIO (replicateM 8 (randomRIO ('0','z')))
 -- | Calculate salted hash using SHA1.
 saltedHash :: Text              -- ^ Salt
           -> Text              -- ^ Password
           -> Text
 saltedHash salt = 
  pack . showDigest . sha1 . BS.pack . unpack . append salt
 -- | Set password for user. This function should be used for setting
 --   passwords. It generates random salt and calculates proper hashes.
 setPassword :: (MonadIO m, HashDBUser user) => Text -> user -> m user
 setPassword pwd u = do salt <- randomSalt
                       return $ setSaltAndPasswordHash salt (saltedHash salt pwd) u
 ----------------------------------------------------------------
 -- Authentification
 ----------------------------------------------------------------
 -- | Given a user ID and password in plaintext, validate them against
 --   the database values.
 validateUser :: ( YesodPersist yesod
                , b ~ YesodPersistBackend yesod
                , PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend user
                , PersistUnique (b (HandlerT yesod IO))
                , PersistEntity user
                , HashDBUser    user
                ) => 
                Unique user     -- ^ User unique identifier
             -> Text            -- ^ Password in plaint-text
             -> HandlerT yesod IO Bool
 validateUser userID passwd = do
  -- Checks that hash and password match
  let validate u = do hash <- userPasswordHash u
                      salt <- userPasswordSalt u
                      return $ hash == saltedHash salt passwd
  -- Get user data
  user <- runDB $ getBy userID
  return $ fromMaybe False $ validate . entityVal =<< user
 login :: AuthRoute
 login = PluginR "hashdb" ["login"]
 -- | Handle the login form. First parameter is function which maps
 --   username (whatever it might be) to unique user ID.
 postLoginR :: ( YesodAuth y, YesodPersist y
              , HashDBUser user, PersistEntity user
              , b ~ YesodPersistBackend y
              , PersistMonadBackend (b (HandlerT y IO)) ~ PersistEntityBackend user
              , PersistUnique (b (HandlerT y IO))
              )
           => (Text -> Maybe (Unique user))
           -> HandlerT Auth (HandlerT y IO) ()
 postLoginR uniq = do
    (mu,mp) <- lift $ runInputPost $ (,)
        <$> iopt textField "username"
        <*> iopt textField "password"
    isValid <- lift $ fromMaybe (return False) 
                 (validateUser <$> (uniq =<< mu) <*> mp)
    if isValid 
       then lift $ setCreds True $ Creds "hashdb" (fromMaybe "" mu) []
       else loginErrorMessage LoginR "Invalid username/password"
 -- | A drop in for the getAuthId method of your YesodAuth instance which
 --   can be used if authHashDB is the only plugin in use.
 getAuthIdHashDB :: ( YesodAuth master, YesodPersist master
                   , HashDBUser user, PersistEntity user
                   , Key user ~ AuthId master
                   , b ~ YesodPersistBackend master
                   , PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend user
                   , PersistUnique (b (HandlerT master IO))
                   )
                => (AuthRoute -> Route master)   -- ^ your site's Auth Route
                -> (Text -> Maybe (Unique user)) -- ^ gets user ID
                -> Creds master                  -- ^ the creds argument
                -> HandlerT master IO (Maybe (AuthId master))
 getAuthIdHashDB authR uniq creds = do
    muid <- maybeAuthId
    case muid of
        -- user already authenticated
        Just uid -> return $ Just uid
        Nothing       -> do
            x <- case uniq (credsIdent creds) of
                   Nothing -> return Nothing
                   Just u  -> runDB (getBy u)
            case x of
                -- user exists
                Just (Entity uid _) -> return $ Just uid
                Nothing       -> loginErrorMessage (authR LoginR) "User not found"
 -- | Prompt for username and password, validate that against a database
 --   which holds the username and a hash of the password
 authHashDB :: ( YesodAuth m, YesodPersist m
              , HashDBUser user
              , PersistEntity user
              , b ~ YesodPersistBackend m
              , PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend user
              , PersistUnique (b (HandlerT m IO)))
           => (Text -> Maybe (Unique user)) -> AuthPlugin m
 authHashDB uniq = AuthPlugin "hashdb" dispatch $ \tm -> toWidget [hamlet|
 $newline never
    <div id="header">
        <h1>Login
    <div id="login">
        <form method="post" action="@{tm login}">
            <table>
                <tr>
                    <th>Username:
                    <td>
                        <input id="x" name="username" autofocus="" required>
                <tr>
                    <th>Password:
                    <td>
                        <input type="password" name="password" required>
                <tr>
                    <td>&nbsp;
                    <td>
                        <input type="submit" value="Login">
            <script>
                if (!("autofocus" in document.createElement("input"))) {
                    document.getElementById("x").focus();
                }
 |]
    where
        dispatch "POST" ["login"] = postLoginR uniq >>= sendResponse
        dispatch _ _              = notFound
 ----------------------------------------------------------------
 -- Predefined datatype
 ----------------------------------------------------------------
 -- | Generate data base instances for a valid user
 share [mkPersist sqlSettings, mkMigrate "migrateUsers"]
         [persistUpperCase|
 User
    username Text Eq
    password Text
    salt     Text
    UniqueUser username
 |]
 instance HashDBUser (UserGeneric backend) where
  userPasswordHash = Just . userPassword
  userPasswordSalt = Just . userSalt
  setSaltAndPasswordHash s h u = u { userSalt     = s
                               , userPassword = h
                               }
--- a/yesod-auth/Yesod/Auth/Message.hs
+++ b/yesod-auth/Yesod/Auth/Message.hs
@ -13,11 +13,17 @@ module Yesod.Auth.Message
    , japaneseMessage
    , finnishMessage
    , chineseMessage
    , croatianMessage
    , spanishMessage
    , czechMessage
    , russianMessage
    , dutchMessage
    , danishMessage
    , koreanMessage
    ) where
-import Data.Monoid (mappend)
+import           Data.Monoid (mappend, (<>))
-import Data.Text (Text)
+import           Data.Text   (Text)
 data AuthMessage =
      NoOpenID
@ -25,6 +31,8 @@ data AuthMessage =
    | LoginGoogle
    | LoginYahoo
    | Email
    | UserName
    | IdentifierNotFound Text
    | Password
    | Register
    | RegisterLong
@ -32,6 +40,8 @@ data AuthMessage =
    | ConfirmationEmailSentTitle
    | ConfirmationEmailSent Text
    | AddressVerified
    | EmailVerifiedChangePass
    | EmailVerified
    | InvalidKeyTitle
    | InvalidKey
    | InvalidEmailPass
@ -55,7 +65,13 @@ data AuthMessage =
    | ProvideIdentifier
    | SendPasswordResetEmail
    | PasswordResetPrompt
    | CurrentPassword
    | InvalidUsernamePass
    | Logout
    | LogoutTitle
    | AuthError
 {-# DEPRECATED Logout "Please, use LogoutTitle instead." #-}
 {-# DEPRECATED AddressVerified "Please, use EmailVerifiedChangePass instead." #-}
 -- | Defaults to 'englishMessage'.
 defaultMessage :: AuthMessage -> Text
@ -63,20 +79,24 @@ defaultMessage = englishMessage
 englishMessage :: AuthMessage -> Text
 englishMessage NoOpenID = "No OpenID identifier found"
-englishMessage LoginOpenID = "Login via OpenID"
+englishMessage LoginOpenID = "Log in via OpenID"
-englishMessage LoginGoogle = "Login via Google"
+englishMessage LoginGoogle = "Log in via Google"
-englishMessage LoginYahoo = "Login via Yahoo"
+englishMessage LoginYahoo = "Log in via Yahoo"
 englishMessage Email = "Email"
 englishMessage UserName = "User name"
 englishMessage Password = "Password"
 englishMessage CurrentPassword = "Current Password"
 englishMessage Register = "Register"
 englishMessage RegisterLong = "Register a new account"
 englishMessage EnterEmail = "Enter your e-mail address below, and a confirmation e-mail will be sent to you."
 englishMessage ConfirmationEmailSentTitle = "Confirmation e-mail sent"
 englishMessage (ConfirmationEmailSent email) =
-    "A confirmation e-mail has been sent to " `mappend`
+    "A confirmation e-mail has been sent to " `Data.Monoid.mappend`
    email `mappend`
    "."
-englishMessage AddressVerified = "Address verified, please set a new password"
+englishMessage AddressVerified = "Email address verified, please set a new password"
 englishMessage EmailVerifiedChangePass = "Email address verified, please set a new password"
 englishMessage EmailVerified = "Email address verified"
 englishMessage InvalidKeyTitle = "Invalid verification key"
 englishMessage InvalidKey = "I'm sorry, but that was an invalid verification key."
 englishMessage InvalidEmailPass = "Invalid email/password combination"
@ -87,11 +107,11 @@ englishMessage NewPass = "New password"
 englishMessage ConfirmPass = "Confirm"
 englishMessage PassMismatch = "Passwords did not match, please try again"
 englishMessage PassUpdated = "Password updated"
-englishMessage Facebook = "Login with Facebook"
+englishMessage Facebook = "Log in with Facebook"
-englishMessage LoginViaEmail = "Login via email"
+englishMessage LoginViaEmail = "Log in via email"
 englishMessage InvalidLogin = "Invalid login"
 englishMessage NowLoggedIn = "You are now logged in"
-englishMessage LoginTitle = "Login"
+englishMessage LoginTitle = "Log In"
 englishMessage PleaseProvideUsername = "Please fill in your username"
 englishMessage PleaseProvidePassword = "Please fill in your password"
 englishMessage NoIdentifierProvided = "No email/username provided"
@ -101,6 +121,10 @@ englishMessage ProvideIdentifier = "Email or Username"
 englishMessage SendPasswordResetEmail = "Send password reset email"
 englishMessage PasswordResetPrompt = "Enter your e-mail address or username below, and a password reset e-mail will be sent to you."
 englishMessage InvalidUsernamePass = "Invalid username/password combination"
 englishMessage (IdentifierNotFound ident) = "Login not found: " `mappend` ident
 englishMessage Logout = "Log Out"
 englishMessage LogoutTitle = "Log Out"
 englishMessage AuthError = "Authentication Error" -- FIXME by Google Translate
 portugueseMessage :: AuthMessage -> Text
 portugueseMessage NoOpenID = "Nenhum identificador OpenID encontrado"
@ -108,7 +132,9 @@ portugueseMessage LoginOpenID = "Entrar via OpenID"
 portugueseMessage LoginGoogle = "Entrar via Google"
 portugueseMessage LoginYahoo = "Entrar via Yahoo"
 portugueseMessage Email = "E-mail"
 portugueseMessage UserName = "Nome de usuário" -- FIXME by Google Translate "user name"
 portugueseMessage Password = "Senha"
 portugueseMessage CurrentPassword = "Palavra de passe"
 portugueseMessage Register = "Registrar"
 portugueseMessage RegisterLong = "Registrar uma nova conta"
 portugueseMessage EnterEmail = "Por favor digite seu endereço de e-mail abaixo e um e-mail de confirmação será enviado para você."
@ -118,6 +144,8 @@ portugueseMessage (ConfirmationEmailSent email) =
    email `mappend`
    "."
 portugueseMessage AddressVerified = "Endereço verificado, por favor entre com uma nova senha"
 portugueseMessage EmailVerifiedChangePass = "Endereço verificado, por favor entre com uma nova senha"
 portugueseMessage EmailVerified = "Endereço verificado"
 portugueseMessage InvalidKeyTitle = "Chave de verificação inválida"
 portugueseMessage InvalidKey = "Por favor nos desculpe, mas essa é uma chave de verificação inválida."
 portugueseMessage InvalidEmailPass = "E-mail e/ou senha inválidos"
@ -142,6 +170,11 @@ portugueseMessage ProvideIdentifier = "E-mail ou nome de usuário"
 portugueseMessage SendPasswordResetEmail = "Enviar e-mail para resetar senha"
 portugueseMessage PasswordResetPrompt = "Insira seu endereço de e-mail ou nome de usuário abaixo.  Um e-mail para resetar sua senha será enviado para você."
 portugueseMessage InvalidUsernamePass = "Nome de usuário ou senha inválidos"
 -- TODO
 portugueseMessage i@(IdentifierNotFound _) = englishMessage i
 portugueseMessage Logout = "Sair" -- FIXME by Google Translate
 portugueseMessage LogoutTitle = "Sair" -- FIXME by Google Translate
 portugueseMessage AuthError = "Erro de autenticação" -- FIXME by Google Translate
 spanishMessage :: AuthMessage -> Text
 spanishMessage NoOpenID = "No se encuentra el identificador OpenID"
@ -149,7 +182,9 @@ spanishMessage LoginOpenID = "Entrar utilizando OpenID"
 spanishMessage LoginGoogle = "Entrar utilizando Google"
 spanishMessage LoginYahoo = "Entrar utilizando Yahoo"
 spanishMessage Email = "Correo electrónico"
 spanishMessage UserName = "Nombre de Usuario"
 spanishMessage Password = "Contraseña"
 spanishMessage CurrentPassword = "Contraseña actual"
 spanishMessage Register = "Registrarse"
 spanishMessage RegisterLong = "Registrar una nueva cuenta"
 spanishMessage EnterEmail = "Coloque su dirección de correo electrónico, y un correo de confirmación le será enviado a su cuenta."
@ -159,6 +194,8 @@ spanishMessage (ConfirmationEmailSent email) =
    email `mappend`
    "."
 spanishMessage AddressVerified = "Dirección verificada, por favor introduzca una contraseña"
 spanishMessage EmailVerifiedChangePass = "Dirección verificada, por favor introduzca una contraseña"
 spanishMessage EmailVerified = "Dirección verificada"
 spanishMessage InvalidKeyTitle = "Clave de verificación invalida"
 spanishMessage InvalidKey = "Lo sentimos, pero esa clave de verificación es inválida."
 spanishMessage InvalidEmailPass = "La combinación cuenta de correo/contraseña es inválida"
@ -173,16 +210,21 @@ spanishMessage Facebook = "Entrar mediante Facebook"
 spanishMessage LoginViaEmail = "Entrar mediante una cuenta de correo"
 spanishMessage InvalidLogin = "Login inválido"
 spanishMessage NowLoggedIn = "Usted ha ingresado al sitio"
-spanishMessage LoginTitle = "Login"
+spanishMessage LoginTitle = "Log In"
 spanishMessage PleaseProvideUsername = "Por favor escriba su nombre de usuario"
 spanishMessage PleaseProvidePassword = "Por favor escriba su contraseña"
 spanishMessage NoIdentifierProvided = "No ha indicado una cuenta de correo/nombre de usuario"
 spanishMessage InvalidEmailAddress = "La cuenta de correo es inválida"
-spanishMessage PasswordResetTitle = "Contraseña actualizada"
+spanishMessage PasswordResetTitle = "Actualización de contraseña"
 spanishMessage ProvideIdentifier = "Cuenta de correo o nombre de usuario"
-spanishMessage SendPasswordResetEmail = "Correo de actualización de contraseña enviado"
+spanishMessage SendPasswordResetEmail = "Enviar correo de actualización de contraseña"
 spanishMessage PasswordResetPrompt = "Escriba su cuenta de correo o nombre de usuario, y una confirmación de actualización de contraseña será enviada a su cuenta de correo."
 spanishMessage InvalidUsernamePass = "Combinación de nombre de usuario/contraseña invalida"
 -- TODO
 spanishMessage i@(IdentifierNotFound _) = englishMessage i
 spanishMessage Logout = "Finalizar la sesión" -- FIXME by Google Translate
 spanishMessage LogoutTitle = "Finalizar la sesión" -- FIXME by Google Translate
 spanishMessage AuthError = "Error de autenticación" -- FIXME by Google Translate
 swedishMessage :: AuthMessage -> Text
 swedishMessage NoOpenID = "Fann ej OpenID identifierare"
@ -190,7 +232,9 @@ swedishMessage LoginOpenID = "Logga in via OpenID"
 swedishMessage LoginGoogle = "Logga in via Google"
 swedishMessage LoginYahoo = "Logga in via Yahoo"
 swedishMessage Email = "Epost"
 swedishMessage UserName = "Användarnamn"  -- FIXME by Google Translate "user name"
 swedishMessage Password = "Lösenord"
 swedishMessage CurrentPassword = "Current password"
 swedishMessage Register = "Registrera"
 swedishMessage RegisterLong = "Registrera ett nytt konto"
 swedishMessage EnterEmail = "Skriv in din epost nedan så kommer ett konfirmationsmail skickas till adressen."
@ -200,6 +244,8 @@ swedishMessage (ConfirmationEmailSent email) =
    email `mappend`
    "."
 swedishMessage AddressVerified = "Adress verifierad, vänligen välj nytt lösenord"
 swedishMessage EmailVerifiedChangePass = "Adress verifierad, vänligen välj nytt lösenord"
 swedishMessage EmailVerified = "Adress verifierad"
 swedishMessage InvalidKeyTitle = "Ogiltig verifikationsnyckel"
 swedishMessage InvalidKey = "Tyvärr, du angav en ogiltig verifimationsnyckel."
 swedishMessage InvalidEmailPass = "Ogiltig epost/lösenord kombination"
@ -225,23 +271,32 @@ swedishMessage SendPasswordResetEmail = "Skicka email för återställning av l
 swedishMessage PasswordResetPrompt = "Skriv in din emailadress eller användarnamn nedan och " `mappend`
                                     "ett email för återställning av lösenord kommmer att skickas till dig."
 swedishMessage InvalidUsernamePass = "Ogiltig kombination av användarnamn och lösenord"
 -- TODO
 swedishMessage i@(IdentifierNotFound _) = englishMessage i
 swedishMessage Logout = "Loggar ut" -- FIXME by Google Translate
 swedishMessage LogoutTitle = "Loggar ut" -- FIXME by Google Translate
 swedishMessage AuthError = "Autentisering Fel" -- FIXME by Google Translate
 germanMessage :: AuthMessage -> Text
 germanMessage NoOpenID = "Kein OpenID-Identifier gefunden"
 germanMessage LoginOpenID = "Login via OpenID"
 germanMessage LoginGoogle = "Login via Google"
 germanMessage LoginYahoo = "Login via Yahoo"
-germanMessage Email = "Email"
+germanMessage Email = "E-Mail"
 germanMessage UserName = "Benutzername"
 germanMessage Password = "Passwort"
 germanMessage CurrentPassword = "Aktuelles Passwort"
 germanMessage Register = "Registrieren"
 germanMessage RegisterLong = "Neuen Account registrieren"
-germanMessage EnterEmail = "Bitte die e-Mail Adresse angeben, eine Bestätigungsmail wird verschickt."
+germanMessage EnterEmail = "Bitte die E-Mail Adresse angeben, eine Bestätigungsmail wird verschickt."
 germanMessage ConfirmationEmailSentTitle = "Bestätigung verschickt."
 germanMessage (ConfirmationEmailSent email) =
    "Eine Bestätigung wurde an " `mappend`
    email `mappend`
-    "versandt."
+    " versandt."
 germanMessage AddressVerified = "Adresse bestätigt, bitte neues Passwort angeben"
 germanMessage EmailVerifiedChangePass = "Adresse bestätigt, bitte neues Passwort angeben"
 germanMessage EmailVerified = "Adresse bestätigt"
 germanMessage InvalidKeyTitle = "Ungültiger Bestätigungsschlüssel"
 germanMessage InvalidKey = "Das war leider ein ungültiger Bestätigungsschlüssel"
 germanMessage InvalidEmailPass = "Ungültiger Nutzername oder Passwort"
@ -250,22 +305,26 @@ germanMessage SetPassTitle = "Passwort angeben"
 germanMessage SetPass = "Neues Passwort angeben"
 germanMessage NewPass = "Neues Passwort"
 germanMessage ConfirmPass = "Bestätigen"
-germanMessage PassMismatch = "Die Passwörter stimmten nicht überein"
+germanMessage PassMismatch = "Die Passwörter stimmen nicht überein"
 germanMessage PassUpdated = "Passwort überschrieben"
 germanMessage Facebook = "Login über Facebook"
-germanMessage LoginViaEmail = "Login via e-Mail"
+germanMessage LoginViaEmail = "Login via E-Mail"
 germanMessage InvalidLogin = "Ungültiger Login"
 germanMessage NowLoggedIn = "Login erfolgreich"
-germanMessage LoginTitle = "Login"
+germanMessage LoginTitle = "Anmelden"
 germanMessage PleaseProvideUsername = "Bitte Nutzername angeben"
 germanMessage PleaseProvidePassword = "Bitte Passwort angeben"
-germanMessage NoIdentifierProvided = "Keine Email-Adresse oder kein Nutzername angegeben"
+germanMessage NoIdentifierProvided = "Keine E-Mail-Adresse oder kein Nutzername angegeben"
-germanMessage InvalidEmailAddress = "Unzulässiger Email-Anbieter"
+germanMessage InvalidEmailAddress = "Unzulässiger E-Mail-Anbieter"
 germanMessage PasswordResetTitle = "Passwort zurücksetzen"
-germanMessage ProvideIdentifier = "Email-Adresse oder Nutzername"
+germanMessage ProvideIdentifier = "E-Mail-Adresse oder Nutzername"
-germanMessage SendPasswordResetEmail = "Email zusenden um Passwort zurückzusetzen"
+germanMessage SendPasswordResetEmail = "E-Mail zusenden um Passwort zurückzusetzen"
-germanMessage PasswordResetPrompt = "Nach Einhabe der Email-Adresse oder des Nutzernamen wird eine Email zugesendet mit welcher das Passwort zurückgesetzt werden kann."
+germanMessage PasswordResetPrompt = "Nach Einhabe der E-Mail-Adresse oder des Nutzernamen wird eine E-Mail zugesendet mit welcher das Passwort zurückgesetzt werden kann."
 germanMessage InvalidUsernamePass = "Ungültige Kombination aus Nutzername und Passwort"
 germanMessage i@(IdentifierNotFound _) = englishMessage i -- TODO
 germanMessage Logout = "Abmelden"
 germanMessage LogoutTitle = "Abmelden"
 germanMessage AuthError = "Fehler beim Anmelden"
 frenchMessage :: AuthMessage -> Text
 frenchMessage NoOpenID = "Aucun fournisseur OpenID n'a été trouvé"
@ -273,7 +332,9 @@ frenchMessage LoginOpenID = "Se connecter avec OpenID"
 frenchMessage LoginGoogle = "Se connecter avec Google"
 frenchMessage LoginYahoo = "Se connecter avec Yahoo"
 frenchMessage Email = "Adresse électronique"
 frenchMessage UserName = "Nom d'utilisateur" -- FIXME by Google Translate "user name"
 frenchMessage Password = "Mot de passe"
 frenchMessage CurrentPassword = "Mot de passe actuel"
 frenchMessage Register = "S'inscrire"
 frenchMessage RegisterLong = "Créer un compte"
 frenchMessage EnterEmail = "Entrez ci-dessous votre adresse électronique, et un message de confirmation vous sera envoyé"
@ -283,9 +344,11 @@ frenchMessage (ConfirmationEmailSent email) =
    email `mappend`
    "."
 frenchMessage AddressVerified = "Votre adresse électronique a été validée, merci de choisir un nouveau mot de passe."
 frenchMessage EmailVerifiedChangePass = "Votre adresse électronique a été validée, merci de choisir un nouveau mot de passe."
 frenchMessage EmailVerified = "Votre adresse électronique a été validée"
 frenchMessage InvalidKeyTitle = "Clef de validation incorrecte"
 frenchMessage InvalidKey = "Désolé, mais cette clef de validation est incorrecte"
-frenchMessage InvalidEmailPass = "Le couple mot de passe/adresse électronique n'est pas correct"
+frenchMessage InvalidEmailPass = "La combinaison de ce mot de passe et de cette adresse électronique n'existe pas."
 frenchMessage BadSetPass = "Vous devez être connecté pour choisir un mot de passe"
 frenchMessage SetPassTitle = "Changer de mot de passe"
 frenchMessage SetPass = "Choisir un nouveau mot de passe"
@ -294,19 +357,23 @@ frenchMessage ConfirmPass = "Confirmation du mot de passe"
 frenchMessage PassMismatch = "Le deux mots de passe sont différents, veuillez les corriger"
 frenchMessage PassUpdated = "Le mot de passe a bien été changé"
 frenchMessage Facebook = "Se connecter avec Facebook"
-frenchMessage LoginViaEmail = "Se connecter à l'aide d'une adresse électronique"
+frenchMessage LoginViaEmail = "Se connecter avec une adresse électronique"
 frenchMessage InvalidLogin = "Nom d'utilisateur incorrect"
 frenchMessage NowLoggedIn = "Vous êtes maintenant connecté"
 frenchMessage LoginTitle = "Se connecter"
-frenchMessage PleaseProvideUsername = "Merci de renseigner votre nom d'utilisateur"
+frenchMessage PleaseProvideUsername = "Veuillez fournir votre nom d'utilisateur"
-frenchMessage PleaseProvidePassword = "Merci de spécifier un mot de passe"
+frenchMessage PleaseProvidePassword = "Veuillez fournir votre mot de passe"
-frenchMessage NoIdentifierProvided = "No email/username provided"
+frenchMessage NoIdentifierProvided = "Adresse électronique/nom d'utilisateur non spécifié"
-frenchMessage InvalidEmailAddress = "Invalid email address provided"
+frenchMessage InvalidEmailAddress = "Adresse électronique spécifiée invalide"
-frenchMessage PasswordResetTitle = "Password Reset"
+frenchMessage PasswordResetTitle = "Réinitialisation du mot de passe"
-frenchMessage ProvideIdentifier = "Email or Username"
+frenchMessage ProvideIdentifier = "Adresse électronique ou nom d'utilisateur"
-frenchMessage SendPasswordResetEmail = "Send password reset email"
+frenchMessage SendPasswordResetEmail = "Envoi d'un courriel pour réinitialiser le mot de passe"
-frenchMessage PasswordResetPrompt = "Enter your e-mail address or username below, and a password reset e-mail will be sent to you."
+frenchMessage PasswordResetPrompt = "Entrez votre courriel ou votre nom d'utilisateur ci-dessous, et vous recevrez un message électronique pour réinitialiser votre mot de passe."
-frenchMessage InvalidUsernamePass = "Invalid username/password combination"
+frenchMessage InvalidUsernamePass = "La combinaison de ce mot de passe et de ce nom d'utilisateur n'existe pas."
 frenchMessage (IdentifierNotFound ident) = "Nom d'utilisateur introuvable: " `mappend` ident
 frenchMessage Logout = "Déconnexion"
 frenchMessage LogoutTitle = "Déconnexion"
 frenchMessage AuthError = "Erreur d'authentification" -- FIXME by Google Translate
 norwegianBokmålMessage :: AuthMessage -> Text
 norwegianBokmålMessage NoOpenID = "Ingen OpenID-identifiserer funnet"
@ -314,7 +381,9 @@ norwegianBokmålMessage LoginOpenID = "Logg inn med OpenID"
 norwegianBokmålMessage LoginGoogle = "Logg inn med Google"
 norwegianBokmålMessage LoginYahoo = "Logg inn med Yahoo"
 norwegianBokmålMessage Email = "E-post"
 norwegianBokmålMessage UserName = "Brukernavn" -- FIXME by Google Translate "user name"
 norwegianBokmålMessage Password = "Passord"
 norwegianBokmålMessage CurrentPassword = "Current password"
 norwegianBokmålMessage Register = "Registrer"
 norwegianBokmålMessage RegisterLong = "Registrer en ny konto"
 norwegianBokmålMessage EnterEmail = "Skriv inn e-postadressen din nedenfor og en e-postkonfirmasjon vil bli sendt."
@ -324,6 +393,8 @@ norwegianBokmålMessage (ConfirmationEmailSent email) =
    email `mappend`
    "."
 norwegianBokmålMessage AddressVerified = "Adresse verifisert, vennligst sett et nytt passord."
 norwegianBokmålMessage EmailVerifiedChangePass = "Adresse verifisert, vennligst sett et nytt passord."
 norwegianBokmålMessage EmailVerified = "Adresse verifisert"
 norwegianBokmålMessage InvalidKeyTitle = "Ugyldig verifiseringsnøkkel"
 norwegianBokmålMessage InvalidKey = "Beklager, men det var en ugyldig verifiseringsnøkkel."
 norwegianBokmålMessage InvalidEmailPass = "Ugyldig e-post/passord-kombinasjon"
@ -348,6 +419,11 @@ norwegianBokmålMessage ProvideIdentifier = "Email or Username"
 norwegianBokmålMessage SendPasswordResetEmail = "Send password reset email"
 norwegianBokmålMessage PasswordResetPrompt = "Enter your e-mail address or username below, and a password reset e-mail will be sent to you."
 norwegianBokmålMessage InvalidUsernamePass = "Invalid username/password combination"
 -- TODO
 norwegianBokmålMessage i@(IdentifierNotFound _) = englishMessage i
 norwegianBokmålMessage Logout = "Logge ut" -- FIXME by Google Translate
 norwegianBokmålMessage LogoutTitle = "Logge ut" -- FIXME by Google Translate
 norwegianBokmålMessage AuthError = "Godkjenningsfeil" -- FIXME by Google Translate
 japaneseMessage :: AuthMessage -> Text
 japaneseMessage NoOpenID = "OpenID識別子がありません"
@ -355,7 +431,9 @@ japaneseMessage LoginOpenID = "OpenIDでログイン"
 japaneseMessage LoginGoogle = "Googleでログイン"
 japaneseMessage LoginYahoo = "Yahooでログイン"
 japaneseMessage Email = "Eメール"
 japaneseMessage UserName = "ユーザー名" -- FIXME by Google Translate "user name"
 japaneseMessage Password = "パスワード"
 japaneseMessage CurrentPassword = "現在のパスワード"
 japaneseMessage Register = "登録"
 japaneseMessage RegisterLong = "新規アカウント登録"
 japaneseMessage EnterEmail = "メールアドレスを入力してください。確認メールが送られます"
@ -365,6 +443,8 @@ japaneseMessage (ConfirmationEmailSent email) =
    email `mappend`
    " に送信しました"
 japaneseMessage AddressVerified = "アドレスは認証されました。新しいパスワードを設定してください"
 japaneseMessage EmailVerifiedChangePass = "アドレスは認証されました。新しいパスワードを設定してください"
 japaneseMessage EmailVerified = "アドレスは認証されました"
 japaneseMessage InvalidKeyTitle = "認証キーが無効です"
 japaneseMessage InvalidKey = "申し訳ありません。無効な認証キーです"
 japaneseMessage InvalidEmailPass = "メールアドレスまたはパスワードが無効です"
@ -382,13 +462,18 @@ japaneseMessage NowLoggedIn = "ログインしました"
 japaneseMessage LoginTitle = "ログイン"
 japaneseMessage PleaseProvideUsername = "ユーザ名を入力してください"
 japaneseMessage PleaseProvidePassword = "パスワードを入力してください"
-japaneseMessage NoIdentifierProvided = "No email/username provided"
+japaneseMessage NoIdentifierProvided = "メールアドレス/ユーザ名が入力されていません"
-japaneseMessage InvalidEmailAddress = "Invalid email address provided"
+japaneseMessage InvalidEmailAddress = "メールアドレスが無効です"
-japaneseMessage PasswordResetTitle = "Password Reset"
+japaneseMessage PasswordResetTitle = "パスワードの再設定"
-japaneseMessage ProvideIdentifier = "Email or Username"
+japaneseMessage ProvideIdentifier = "メールアドレスまたはユーザ名"
-japaneseMessage SendPasswordResetEmail = "Send password reset email"
+japaneseMessage SendPasswordResetEmail = "パスワード再設定用メールの送信"
-japaneseMessage PasswordResetPrompt = "Enter your e-mail address or username below, and a password reset e-mail will be sent to you."
+japaneseMessage PasswordResetPrompt = "以下にメールアドレスまたはユーザ名を入力してください。パスワードを再設定するためのメールが送信されます。"
-japaneseMessage InvalidUsernamePass = "Invalid username/password combination"
+japaneseMessage InvalidUsernamePass = "ユーザ名とパスワードの組み合わせが間違っています"
 japaneseMessage (IdentifierNotFound ident) =
  ident `mappend` "は登録されていません"
 japaneseMessage Logout = "ログアウト" -- FIXME by Google Translate
 japaneseMessage LogoutTitle = "ログアウト" -- FIXME by Google Translate
 japaneseMessage AuthError = "認証エラー" -- FIXME by Google Translate
 finnishMessage :: AuthMessage -> Text
 finnishMessage NoOpenID = "OpenID-tunnistetta ei löydy"
@ -396,7 +481,9 @@ finnishMessage LoginOpenID = "Kirjaudu OpenID-tilillä"
 finnishMessage LoginGoogle = "Kirjaudu Google-tilillä"
 finnishMessage LoginYahoo = "Kirjaudu Yahoo-tilillä"
 finnishMessage Email = "Sähköposti"
 finnishMessage UserName = "Käyttäjätunnus" -- FIXME by Google Translate "user name"
 finnishMessage Password = "Salasana"
 finnishMessage CurrentPassword = "Current password"
 finnishMessage Register = "Luo uusi"
 finnishMessage RegisterLong = "Luo uusi tili"
 finnishMessage EnterEmail = "Kirjoita alle sähköpostiosoitteesi, johon vahvistussähköposti lähetetään."
@ -407,6 +494,8 @@ finnishMessage (ConfirmationEmailSent email) =
    "."
 finnishMessage AddressVerified = "Sähköpostiosoite vahvistettu. Anna uusi salasana"
 finnishMessage EmailVerifiedChangePass = "Sähköpostiosoite vahvistettu. Anna uusi salasana"
 finnishMessage EmailVerified = "Sähköpostiosoite vahvistettu"
 finnishMessage InvalidKeyTitle = "Virheellinen varmistusavain"
 finnishMessage InvalidKey = "Valitettavasti varmistusavain on virheellinen."
 finnishMessage InvalidEmailPass = "Virheellinen sähköposti tai salasana."
@ -431,6 +520,11 @@ finnishMessage ProvideIdentifier = "Sähköpostiosoite tai käyttäjänimi"
 finnishMessage SendPasswordResetEmail = "Lähetä uusi salasana sähköpostitse"
 finnishMessage PasswordResetPrompt = "Anna sähköpostiosoitteesi tai käyttäjätunnuksesi alla, niin lähetämme uuden salasanan sähköpostitse."
 finnishMessage InvalidUsernamePass = "Virheellinen käyttäjänimi tai salasana."
 -- TODO
 finnishMessage i@(IdentifierNotFound _) = englishMessage i
 finnishMessage Logout = "Kirjaudu ulos" -- FIXME by Google Translate
 finnishMessage LogoutTitle = "Kirjaudu ulos" -- FIXME by Google Translate
 finnishMessage AuthError = "Authentication Error" -- FIXME by Google Translate
 chineseMessage :: AuthMessage -> Text
 chineseMessage NoOpenID = "无效的OpenID"
@ -438,7 +532,9 @@ chineseMessage LoginOpenID = "用OpenID登录"
 chineseMessage LoginGoogle = "用Google帐户登录"
 chineseMessage LoginYahoo = "用Yahoo帐户登录"
 chineseMessage Email = "邮箱"
 chineseMessage UserName = "用户名"
 chineseMessage Password = "密码"
 chineseMessage CurrentPassword = "当前密码"
 chineseMessage Register = "注册"
 chineseMessage RegisterLong = "注册新帐户"
 chineseMessage EnterEmail = "输入你的邮箱地址，你将收到一封确认邮件。"
@ -448,6 +544,8 @@ chineseMessage (ConfirmationEmailSent email) =
    email `mappend`
    "."
 chineseMessage AddressVerified = "地址验证成功，请设置新密码"
 chineseMessage EmailVerifiedChangePass = "地址验证成功，请设置新密码"
 chineseMessage EmailVerified = "地址验证成功"
 chineseMessage InvalidKeyTitle = "无效的验证码"
 chineseMessage InvalidKey = "对不起，验证码无效。"
 chineseMessage InvalidEmailPass = "无效的邮箱/密码组合"
@ -472,5 +570,299 @@ chineseMessage ProvideIdentifier = "邮箱或用户名"
 chineseMessage SendPasswordResetEmail = "发送密码重置邮件"
 chineseMessage PasswordResetPrompt = "输入你的邮箱地址或用户名，你将收到一封密码重置邮件。"
 chineseMessage InvalidUsernamePass = "无效的用户名/密码组合"
 chineseMessage (IdentifierNotFound ident) = "邮箱/用户名不存在: " `mappend` ident
 chineseMessage Logout = "注销"
 chineseMessage LogoutTitle = "注销"
 chineseMessage AuthError = "验证错误"
 czechMessage :: AuthMessage -> Text
 czechMessage NoOpenID = "Nebyl nalezen identifikátor OpenID"
 czechMessage LoginOpenID = "Přihlásit přes OpenID"
 czechMessage LoginGoogle = "Přihlásit přes Google"
 czechMessage LoginYahoo = "Přihlásit přes Yahoo"
 czechMessage Email = "E-mail"
 czechMessage UserName = "Uživatelské jméno"
 czechMessage Password = "Heslo"
 czechMessage CurrentPassword = "Current password"
 czechMessage Register = "Registrovat"
 czechMessage RegisterLong = "Zaregistrovat nový účet"
 czechMessage EnterEmail = "Níže zadejte svou e-mailovou adresu a bude vám poslán potvrzovací e-mail."
 czechMessage ConfirmationEmailSentTitle = "Potvrzovací e-mail odeslán"
 czechMessage (ConfirmationEmailSent email) =
    "Potvrzovací e-mail byl odeslán na " `mappend` email `mappend` "."
 czechMessage AddressVerified = "Adresa byla ověřena, prosím nastavte si nové heslo"
 czechMessage EmailVerifiedChangePass = "Adresa byla ověřena, prosím nastavte si nové heslo"
 czechMessage EmailVerified = "Adresa byla ověřena"
 czechMessage InvalidKeyTitle = "Neplatný ověřovací klíč"
 czechMessage InvalidKey = "Bohužel, ověřovací klíč je neplatný."
 czechMessage InvalidEmailPass = "Neplatná kombinace e-mail/heslo"
 czechMessage BadSetPass = "Pro nastavení hesla je vyžadováno přihlášení"
 czechMessage SetPassTitle = "Nastavit heslo"
 czechMessage SetPass = "Nastavit nové heslo"
 czechMessage NewPass = "Nové heslo"
 czechMessage ConfirmPass = "Potvrdit"
 czechMessage PassMismatch = "Hesla si neodpovídají, zkuste to znovu"
 czechMessage PassUpdated = "Heslo aktualizováno"
 czechMessage Facebook = "Přihlásit přes Facebook"
 czechMessage LoginViaEmail = "Přihlásit přes e-mail"
 czechMessage InvalidLogin = "Neplatné přihlášení"
 czechMessage NowLoggedIn = "Přihlášení proběhlo úspěšně"
 czechMessage LoginTitle = "Přihlásit"
 czechMessage PleaseProvideUsername = "Prosím, zadejte svoje uživatelské jméno"
 czechMessage PleaseProvidePassword = "Prosím, zadejte svoje heslo"
 czechMessage NoIdentifierProvided = "Nebyl poskytnut žádný e-mail nebo uživatelské jméno"
 czechMessage InvalidEmailAddress = "Zadaná e-mailová adresa je neplatná"
 czechMessage PasswordResetTitle = "Obnovení hesla"
 czechMessage ProvideIdentifier = "E-mail nebo uživatelské jméno"
 czechMessage SendPasswordResetEmail = "Poslat e-mail pro obnovení hesla"
 czechMessage PasswordResetPrompt = "Zadejte svou e-mailovou adresu nebo uživatelské jméno a bude vám poslán email pro obnovení hesla."
 czechMessage InvalidUsernamePass = "Neplatná kombinace uživatelského jména a hesla"
 -- TODO
 czechMessage i@(IdentifierNotFound _) = englishMessage i
 czechMessage Logout = "Odhlásit" -- FIXME by Google Translate
 czechMessage LogoutTitle = "Odhlásit" -- FIXME by Google Translate
 czechMessage AuthError = "Chyba ověřování" -- FIXME by Google Translate
 -- Так как e-mail – это фактическое сокращение словосочетания electronic mail,
 -- для русского перевода так же использовано сокращение: эл.почта
 russianMessage :: AuthMessage -> Text
 russianMessage NoOpenID = "Идентификатор OpenID не найден"
 russianMessage LoginOpenID = "Вход с помощью OpenID"
 russianMessage LoginGoogle = "Вход с помощью Google"
 russianMessage LoginYahoo = "Вход с помощью Yahoo"
 russianMessage Email = "Эл.почта"
 russianMessage UserName = "Имя пользователя"
 russianMessage Password = "Пароль"
 russianMessage CurrentPassword = "Старый пароль"
 russianMessage Register = "Регистрация"
 russianMessage RegisterLong = "Создать учётную запись"
 russianMessage EnterEmail = "Введите свой адрес эл.почты ниже, вам будет отправлено письмо для подтверждения."
 russianMessage ConfirmationEmailSentTitle = "Письмо для подтверждения отправлено"
 russianMessage (ConfirmationEmailSent email) =
    "Письмо для подтверждения было отправлено на адрес " `mappend`
    email `mappend`
    "."
 russianMessage AddressVerified = "Адрес подтверждён. Пожалуйста, установите новый пароль."
 russianMessage EmailVerifiedChangePass = "Адрес подтверждён. Пожалуйста, установите новый пароль."
 russianMessage EmailVerified = "Адрес подтверждён"
 russianMessage InvalidKeyTitle = "Неверный ключ подтверждения"
 russianMessage InvalidKey = "Извините, но ключ подтверждения оказался недействительным."
 russianMessage InvalidEmailPass = "Неверное сочетание эл.почты и пароля"
 russianMessage BadSetPass = "Чтобы изменить пароль, необходимо выполнить вход"
 russianMessage SetPassTitle = "Установить пароль"
 russianMessage SetPass = "Установить новый пароль"
 russianMessage NewPass = "Новый пароль"
 russianMessage ConfirmPass = "Подтверждение пароля"
 russianMessage PassMismatch = "Пароли не совпадают, повторите снова"
 russianMessage PassUpdated = "Пароль обновлён"
 russianMessage Facebook = "Войти с помощью Facebook"
 russianMessage LoginViaEmail = "Войти по адресу эл.почты"
 russianMessage InvalidLogin = "Неверный логин"
 russianMessage NowLoggedIn = "Вход выполнен"
 russianMessage LoginTitle = "Войти"
 russianMessage PleaseProvideUsername = "Пожалуйста, введите ваше имя пользователя"
 russianMessage PleaseProvidePassword = "Пожалуйста, введите ваш пароль"
 russianMessage NoIdentifierProvided = "Не указан адрес эл.почты/имя пользователя"
 russianMessage InvalidEmailAddress = "Указан неверный адрес эл.почты"
 russianMessage PasswordResetTitle = "Сброс пароля"
 russianMessage ProvideIdentifier = "Имя пользователя или эл.почта"
 russianMessage SendPasswordResetEmail = "Отправить письмо для сброса пароля"
 russianMessage PasswordResetPrompt = "Введите адрес эл.почты или ваше имя пользователя ниже, вам будет отправлено письмо для сброса пароля."
 russianMessage InvalidUsernamePass = "Неверное сочетание имени пользователя и пароля"
 russianMessage (IdentifierNotFound ident) = "Логин не найден: " `mappend` ident
 russianMessage Logout = "Выйти"
 russianMessage LogoutTitle = "Выйти"
 russianMessage AuthError = "Ошибка аутентификации"
 dutchMessage :: AuthMessage -> Text
 dutchMessage NoOpenID = "Geen OpenID identificator gevonden"
 dutchMessage LoginOpenID = "Inloggen via OpenID"
 dutchMessage LoginGoogle = "Inloggen via Google"
 dutchMessage LoginYahoo = "Inloggen via Yahoo"
 dutchMessage Email = "E-mail"
 dutchMessage UserName = "Gebruikersnaam"
 dutchMessage Password = "Wachtwoord"
 dutchMessage CurrentPassword = "Huidig wachtwoord"
 dutchMessage Register = "Registreren"
 dutchMessage RegisterLong = "Registreer een nieuw account"
 dutchMessage EnterEmail = "Voer uw e-mailadres hieronder in, er zal een bevestigings-e-mail naar u worden verzonden."
 dutchMessage ConfirmationEmailSentTitle = "Bevestigings-e-mail verzonden"
 dutchMessage (ConfirmationEmailSent email) =
    "Een bevestigings-e-mail is verzonden naar " `mappend`
    email `mappend`
    "."
 dutchMessage AddressVerified = "Adres geverifieerd, stel alstublieft een nieuwe wachtwoord in"
 dutchMessage EmailVerifiedChangePass = "Adres geverifieerd, stel alstublieft een nieuwe wachtwoord in"
 dutchMessage EmailVerified = "Adres geverifieerd"
 dutchMessage InvalidKeyTitle = "Ongeldig verificatietoken"
 dutchMessage InvalidKey = "Dat was helaas een ongeldig verificatietoken."
 dutchMessage InvalidEmailPass = "Ongeldige e-mailadres/wachtwoord combinatie"
 dutchMessage BadSetPass = "U moet ingelogd zijn om een nieuwe wachtwoord in te stellen"
 dutchMessage SetPassTitle = "Wachtwoord instellen"
 dutchMessage SetPass = "Een nieuwe wachtwoord instellen"
 dutchMessage NewPass = "Nieuw wachtwoord"
 dutchMessage ConfirmPass = "Bevestig"
 dutchMessage PassMismatch = "Wachtwoorden kwamen niet overeen, probeer het alstublieft nog eens"
 dutchMessage PassUpdated = "Wachtwoord geüpdatet"
 dutchMessage Facebook = "Inloggen met Facebook"
 dutchMessage LoginViaEmail = "Inloggen via e-mail"
 dutchMessage InvalidLogin = "Ongeldige inloggegevens"
 dutchMessage NowLoggedIn = "U bent nu ingelogd"
 dutchMessage LoginTitle = "Inloggen"
 dutchMessage PleaseProvideUsername = "Voer alstublieft uw gebruikersnaam in"
 dutchMessage PleaseProvidePassword = "Voer alstublieft uw wachtwoord in"
 dutchMessage NoIdentifierProvided = "Geen e-mailadres/gebruikersnaam opgegeven"
 dutchMessage InvalidEmailAddress = "Ongeldig e-mailadres opgegeven"
 dutchMessage PasswordResetTitle = "Wachtwoord wijzigen"
 dutchMessage ProvideIdentifier = "E-mailadres of gebruikersnaam"
 dutchMessage SendPasswordResetEmail = "Stuur een wachtwoord reset e-mail"
 dutchMessage PasswordResetPrompt = "Voer uw e-mailadres of gebruikersnaam hieronder in, er zal een e-mail naar u worden verzonden waarmee u uw wachtwoord kunt wijzigen."
 dutchMessage InvalidUsernamePass = "Ongeldige gebruikersnaam/wachtwoord combinatie"
 dutchMessage (IdentifierNotFound ident) = "Inloggegevens niet gevonden: " `mappend` ident
 dutchMessage Logout = "Uitloggen"
 dutchMessage LogoutTitle = "Uitloggen"
 dutchMessage AuthError = "Verificatiefout"
 croatianMessage :: AuthMessage -> Text
 croatianMessage NoOpenID = "Nije pronađen OpenID identifikator"
 croatianMessage LoginOpenID = "Prijava uz OpenID"
 croatianMessage LoginGoogle = "Prijava uz Google"
 croatianMessage LoginYahoo = "Prijava uz Yahoo"
 croatianMessage Facebook = "Prijava uz Facebook"
 croatianMessage LoginViaEmail = "Prijava putem e-pošte"
 croatianMessage Email = "E-pošta"
 croatianMessage UserName = "Korisničko ime"
 croatianMessage Password = "Lozinka"
 croatianMessage CurrentPassword = "Current Password"
 croatianMessage Register = "Registracija"
 croatianMessage RegisterLong = "Registracija novog računa"
 croatianMessage EnterEmail = "Dolje unesite adresu e-pošte, pa ćemo vam poslati e-poruku za potvrdu."
 croatianMessage PasswordResetPrompt = "Dolje unesite adresu e-pošte ili korisničko ime, pa ćemo vam poslati e-poruku za potvrdu."
 croatianMessage ConfirmationEmailSentTitle = "E-poruka za potvrdu"
 croatianMessage (ConfirmationEmailSent email) = "E-poruka za potvrdu poslana je na adresu " <> email <> "."
 croatianMessage AddressVerified = "Adresa ovjerena, postavite novu lozinku"
 croatianMessage EmailVerifiedChangePass = "Adresa ovjerena, postavite novu lozinku"
 croatianMessage EmailVerified = "Adresa ovjerena"
 croatianMessage InvalidKeyTitle = "Ključ za ovjeru nije valjan"
 croatianMessage InvalidKey = "Nažalost, taj ključ za ovjeru nije valjan."
 croatianMessage InvalidEmailPass = "Kombinacija e-pošte i lozinke nije valjana"
 croatianMessage InvalidUsernamePass = "Kombinacija korisničkog imena i lozinke nije valjana"
 croatianMessage BadSetPass = "Za postavljanje lozinke morate biti prijavljeni"
 croatianMessage SetPassTitle = "Postavi lozinku"
 croatianMessage SetPass = "Postavite novu lozinku"
 croatianMessage NewPass = "Nova lozinka"
 croatianMessage ConfirmPass = "Potvrda lozinke"
 croatianMessage PassMismatch = "Lozinke se ne podudaraju, pokušajte ponovo"
 croatianMessage PassUpdated = "Lozinka ažurirana"
 croatianMessage InvalidLogin = "Prijava nije valjana"
 croatianMessage NowLoggedIn = "Sada ste prijavljeni u"
 croatianMessage LoginTitle = "Prijava"
 croatianMessage PleaseProvideUsername = "Unesite korisničko ime"
 croatianMessage PleaseProvidePassword = "Unesite lozinku"
 croatianMessage NoIdentifierProvided = "Nisu dani e-pošta/korisničko ime"
 croatianMessage InvalidEmailAddress = "Dana adresa e-pošte nije valjana"
 croatianMessage PasswordResetTitle = "Poništavanje lozinke"
 croatianMessage ProvideIdentifier = "E-pošta ili korisničko ime"
 croatianMessage SendPasswordResetEmail = "Pošalji e-poruku za poništavanje lozinke"
 croatianMessage (IdentifierNotFound ident) = "Korisničko ime/e-pošta nisu pronađeni: " <> ident
 croatianMessage Logout = "Odjava"
 croatianMessage LogoutTitle = "Odjava"
 croatianMessage AuthError = "Pogreška provjere autentičnosti"
 danishMessage :: AuthMessage -> Text
 danishMessage NoOpenID = "Mangler OpenID identifier"
 danishMessage LoginOpenID = "Login med OpenID"
 danishMessage LoginGoogle = "Login med Google"
 danishMessage LoginYahoo = "Login med Yahoo"
 danishMessage Email = "E-mail"
 danishMessage UserName = "Brugernavn"
 danishMessage Password = "Kodeord"
 danishMessage CurrentPassword = "Nuværende kodeord"
 danishMessage Register = "Opret"
 danishMessage RegisterLong = "Opret en ny konto"
 danishMessage EnterEmail = "Indtast din e-mailadresse nedenfor og en bekræftelsesmail vil blive sendt til dig."
 danishMessage ConfirmationEmailSentTitle = "Bekræftelsesmail sendt"
 danishMessage (ConfirmationEmailSent email) =
    "En bekræftelsesmail er sendt til " `mappend`
    email `mappend`
    "."
 danishMessage AddressVerified = "Adresse bekræftet, sæt venligst et nyt kodeord"
 danishMessage EmailVerifiedChangePass = "Adresse bekræftet, sæt venligst et nyt kodeord"
 danishMessage EmailVerified = "Adresse bekræftet"
 danishMessage InvalidKeyTitle = "Ugyldig verifikationsnøgle"
 danishMessage InvalidKey = "Beklager, det var en ugyldigt verifikationsnøgle."
 danishMessage InvalidEmailPass = "Ugyldigt e-mail/kodeord"
 danishMessage BadSetPass = "Du skal være logget ind for at sætte et kodeord"
 danishMessage SetPassTitle = "Sæt kodeord"
 danishMessage SetPass = "Sæt et nyt kodeord"
 danishMessage NewPass = "Nyt kodeord"
 danishMessage ConfirmPass = "Bekræft"
 danishMessage PassMismatch = "Kodeordne var forskellige, prøv venligst igen"
 danishMessage PassUpdated = "Kodeord opdateret"
 danishMessage Facebook = "Login med Facebook"
 danishMessage LoginViaEmail = "Login med e-mail"
 danishMessage InvalidLogin = "Ugyldigt login"
 danishMessage NowLoggedIn = "Du er nu logget ind"
 danishMessage LoginTitle = "Log ind"
 danishMessage PleaseProvideUsername = "Indtast venligst dit brugernavn"
 danishMessage PleaseProvidePassword = "Indtasy venligst dit kodeord"
 danishMessage NoIdentifierProvided = "Mangler e-mail/username"
 danishMessage InvalidEmailAddress = "Ugyldig e-mailadresse indtastet"
 danishMessage PasswordResetTitle = "Nulstilning af kodeord"
 danishMessage ProvideIdentifier = "E-mail eller brugernavn"
 danishMessage SendPasswordResetEmail = "Send kodeordsnulstillingsmail"
 danishMessage PasswordResetPrompt = "Indtast din e-mailadresse eller dit brugernavn nedenfor, så bliver en kodeordsnulstilningsmail sendt til dig."
 danishMessage InvalidUsernamePass = "Ugyldigt brugernavn/kodeord"
 danishMessage (IdentifierNotFound ident) = "Brugernavn findes ikke: " `mappend` ident
 danishMessage Logout = "Log ud"
 danishMessage LogoutTitle = "Log ud"
 danishMessage AuthError = "Fejl ved bekræftelse af identitet"
 koreanMessage :: AuthMessage -> Text
 koreanMessage NoOpenID = "OpenID ID가 없습니다"
 koreanMessage LoginOpenID = "OpenID로 로그인"
 koreanMessage LoginGoogle = "Google로 로그인"
 koreanMessage LoginYahoo = "Yahoo로 로그인"
 koreanMessage Email = "이메일"
 koreanMessage UserName = "사용자 이름"
 koreanMessage Password = "비밀번호"
 koreanMessage CurrentPassword = "현재 비밀번호"
 koreanMessage Register = "등록"
 koreanMessage RegisterLong = "새 계정 등록"
 koreanMessage EnterEmail = "이메일 주소를 아래에 입력하시면 확인 이메일이 발송됩니다."
 koreanMessage ConfirmationEmailSentTitle = "확인 이메일을 보냈습니다"
 koreanMessage (ConfirmationEmailSent email) =
    "확인 이메일을 " `mappend`
    email `mappend`
    "에 보냈습니다."
 koreanMessage AddressVerified = "주소가 인증되었습니다. 새 비밀번호를 설정하세요."
 koreanMessage EmailVerifiedChangePass = "주소가 인증되었습니다. 새 비밀번호를 설정하세요."
 koreanMessage EmailVerified = "주소가 인증되었습니다"
 koreanMessage InvalidKeyTitle = "인증키가 잘못되었습니다"
 koreanMessage InvalidKey = "죄송합니다. 잘못된 인증키입니다."
 koreanMessage InvalidEmailPass = "이메일 주소나 비밀번호가 잘못되었습니다"
 koreanMessage BadSetPass = "비밀번호를 설정하기 위해서는 로그인해야 합니다"
 koreanMessage SetPassTitle = "비밀번호 설정"
 koreanMessage SetPass = "새 비밀번호 설정"
 koreanMessage NewPass = "새 비밀번호"
 koreanMessage ConfirmPass = "확인"
 koreanMessage PassMismatch = "비밀번호가 맞지 않습니다. 다시 시도해주세요."
 koreanMessage PassUpdated = "비밀번호가 업데이트 되었습니다"
 koreanMessage Facebook = "Facebook으로 로그인"
 koreanMessage LoginViaEmail = "이메일로"
 koreanMessage InvalidLogin = "잘못된 로그인입니다"
 koreanMessage NowLoggedIn = "로그인했습니다"
 koreanMessage LoginTitle = "로그인"
 koreanMessage PleaseProvideUsername = "사용자 이름을 입력하세요"
 koreanMessage PleaseProvidePassword = "비밀번호를 입력하세요"
 koreanMessage NoIdentifierProvided = "이메일 주소나 사용자 이름이 입력되어 있지 않습니다"
 koreanMessage InvalidEmailAddress = "이메일 주소가 잘못되었습니다"
 koreanMessage PasswordResetTitle = "비밀번호 변경"
 koreanMessage ProvideIdentifier = "이메일 주소나 사용자 이름"
 koreanMessage SendPasswordResetEmail = "비밀번호 재설정 이메일 보내기"
 koreanMessage PasswordResetPrompt = "이메일 주소나 사용자 이름을 아래에 입력하시면 비밀번호 재설정 이메일이 발송됩니다."
 koreanMessage InvalidUsernamePass = "사용자 이름이나 비밀번호가 잘못되었습니다"
 koreanMessage (IdentifierNotFound ident) = ident `mappend` "는 등록되어 있지 않습니다"
 koreanMessage Logout = "로그아웃"
 koreanMessage LogoutTitle = "로그아웃"
 koreanMessage AuthError = "인증오류"
--- a/yesod-auth/Yesod/Auth/OpenId.hs
+++ b/yesod-auth/Yesod/Auth/OpenId.hs
@ -1,7 +1,9 @@
 {-# LANGUAGE FlexibleContexts #-}
 {-# LANGUAGE QuasiQuotes #-}
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE GADTs #-}
 module Yesod.Auth.OpenId
    ( authOpenId
    , forwardUrl
@ -16,10 +18,9 @@ import qualified Web.Authenticate.OpenId as OpenId
 import Yesod.Form
 import Yesod.Core
 import Text.Cassius (cassius)
 import Data.Text (Text, isPrefixOf)
 import qualified Yesod.Auth.Message as Msg
-import Control.Exception.Lifted (SomeException, try)
+import UnliftIO.Exception (tryAny)
 import Data.Maybe (fromMaybe)
 import qualified Data.Text as T
@ -36,7 +37,10 @@ authOpenId idType extensionFields =
    AuthPlugin "openid" dispatch login
  where
    complete = PluginR "openid" ["complete"]
    name :: Text
    name = "openid_identifier"
    login tm = do
        ident <- newIdent
        -- FIXME this is a hack to get GHC 7.6's type checker to allow the
@ -49,9 +53,6 @@ authOpenId idType extensionFields =
 |] $ x `asTypeOf` y)
        [whamlet|
 $newline never
 <form method="get" action="@{tm forwardUrl}">
    <input type="hidden" name="openid_identifier" value="https://www.google.com/accounts/o8/id">
    <button .openid-google>_{Msg.LoginGoogle}
 <form method="get" action="@{tm forwardUrl}">
    <input type="hidden" name="openid_identifier" value="http://me.yahoo.com">
    <button .openid-yahoo>_{Msg.LoginYahoo}
@ -60,17 +61,19 @@ $newline never
    <input id="#{ident}" type="text" name="#{name}" value="http://">
    <input type="submit" value="_{Msg.LoginOpenID}">
 |]
    dispatch :: Text -> [Text] -> AuthHandler master TypedContent
    dispatch "GET" ["forward"] = do
-        roid <- lift $ runInputGet $ iopt textField name
+        roid <- runInputGet $ iopt textField name
        case roid of
            Just oid -> do
                tm <- getRouteToParent
                render <- getUrlRender
-                let complete' = render complete
+                let complete' = render $ tm complete
-                master <- lift getYesod
+                manager <- authHttpManager
-                eres <- lift $ try $ OpenId.getForwardUrl oid complete' Nothing extensionFields (authHttpManager master)
+                eres <- tryAny $ OpenId.getForwardUrl oid complete' Nothing extensionFields manager
                case eres of
-                    Left err -> loginErrorMessage LoginR $ T.pack $
+                    Left err -> loginErrorMessage (tm LoginR) $ T.pack $ show err
                                 show (err :: SomeException)
                    Right x -> redirect x
            Nothing -> loginErrorMessageI LoginR Msg.NoOpenID
    dispatch "GET" ["complete", ""] = dispatch "GET" ["complete"] -- compatibility issues
@ -83,14 +86,15 @@ $newline never
        completeHelper idType posts
    dispatch _ _ = notFound
-completeHelper :: IdentifierType -> [(Text, Text)] -> AuthHandler master ()
+completeHelper :: IdentifierType -> [(Text, Text)] -> AuthHandler master TypedContent
 completeHelper idType gets' = do
-    master <- lift getYesod
+    manager <- authHttpManager
-    eres <- try $ OpenId.authenticateClaimed gets' (authHttpManager master)
+    eres <- tryAny $ OpenId.authenticateClaimed gets' manager
    either onFailure onSuccess eres
  where
-    onFailure err = loginErrorMessage LoginR $ T.pack $
+    onFailure err = do
-                      show (err :: SomeException)
+        tm <- getRouteToParent
        loginErrorMessage (tm LoginR) $ T.pack $ show err
    onSuccess oir = do
            let claimed =
                    case OpenId.oirClaimed oir of
@ -104,7 +108,7 @@ completeHelper idType gets' = do
                        case idType of
                            OPLocal -> OpenId.oirOpLocal oir
                            Claimed -> fromMaybe (OpenId.oirOpLocal oir) $ OpenId.oirClaimed oir
-            lift $ setCreds True $ Creds "openid" i gets''
+            setCredsRedirect $ Creds "openid" i gets''
 -- | The main identifier provided by the OpenID authentication plugin is the
 -- \"OP-local identifier\". There is also sometimes a \"claimed\" identifier
--- a/yesod-auth/Yesod/Auth/Routes.hs
+++ b/yesod-auth/Yesod/Auth/Routes.hs
@ -4,7 +4,7 @@
 {-# LANGUAGE MultiParamTypeClasses #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE ViewPatterns #-}
 module Yesod.Auth.Routes where
 import Yesod.Core
--- a/yesod-auth/Yesod/Auth/Rpxnow.hs
+++ b/yesod-auth/Yesod/Auth/Rpxnow.hs
@ -2,6 +2,7 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE FlexibleContexts #-}
 {-# LANGUAGE GADTs #-}
 module Yesod.Auth.Rpxnow
    ( authRpxnow
    ) where
@ -11,17 +12,16 @@ import qualified Web.Authenticate.Rpxnow as Rpxnow
 import Control.Monad (mplus)
 import Yesod.Core
 import Text.Hamlet (hamlet)
 import Data.Text (pack, unpack)
 import Data.Text.Encoding (encodeUtf8, decodeUtf8With)
 import Data.Text.Encoding.Error (lenientDecode)
 import Control.Arrow ((***))
 import Network.HTTP.Types (renderQuery)
-authRpxnow :: YesodAuth m
+authRpxnow :: YesodAuth master
           => String -- ^ app name
           -> String -- ^ key
-           -> AuthPlugin m
+           -> AuthPlugin master
 authRpxnow app apiKey =
    AuthPlugin "rpxnow" dispatch login
  where
@ -33,14 +33,16 @@ authRpxnow app apiKey =
 $newline never
 <iframe src="http://#{app}.rpxnow.com/openid/embed#{queryString}" scrolling="no" frameBorder="no" allowtransparency="true" style="width:400px;height:240px">
 |]
    dispatch :: a -> [b] -> AuthHandler master TypedContent
    dispatch _ [] = do
        token1 <- lookupGetParams "token"
        token2 <- lookupPostParams "token"
        token <- case token1 ++ token2 of
                        [] -> invalidArgs ["token: Value not supplied"]
                        x:_ -> return $ unpack x
-        master <- lift getYesod
+        manager <- authHttpManager
-        Rpxnow.Identifier ident extra <- lift $ Rpxnow.authenticate apiKey token (authHttpManager master)
+        Rpxnow.Identifier ident extra <- Rpxnow.authenticate apiKey token manager
        let creds =
                Creds "rpxnow" ident
                $ maybe id (\x -> (:) ("verifiedEmail", x))
@ -48,7 +50,7 @@ $newline never
                $ maybe id (\x -> (:) ("displayName", x))
                    (fmap pack $ getDisplayName $ map (unpack *** unpack) extra)
                  []
-        lift $ setCreds True creds
+        setCredsRedirect creds
    dispatch _ _ = notFound
 -- | Get some form of a display name.
--- a/yesod-auth/Yesod/Auth/Util/PasswordStore.hs
+++ b/yesod-auth/Yesod/Auth/Util/PasswordStore.hs
@ -0,0 +1,464 @@
 {-# LANGUAGE OverloadedStrings, BangPatterns #-}
 {-# LANGUAGE CPP #-}
 -- |
 -- This is a fork of pwstore-fast, originally copyright (c) Peter Scott, 2011,
 -- and released under a BSD-style licence.
 --
 -- Securely store hashed, salted passwords. If you need to store and verify
 -- passwords, there are many wrong ways to do it, most of them all too
 -- common. Some people store users' passwords in plain text. Then, when an
 -- attacker manages to get their hands on this file, they have the passwords for
 -- every user's account. One step up, but still wrong, is to simply hash all
 -- passwords with SHA1 or something. This is vulnerable to rainbow table and
 -- dictionary attacks. One step up from that is to hash the password along with
 -- a unique salt value. This is vulnerable to dictionary attacks, since guessing
 -- a password is very fast. The right thing to do is to use a slow hash
 -- function, to add some small but significant delay, that will be negligible
 -- for legitimate users but prohibitively expensive for someone trying to guess
 -- passwords by brute force. That is what this library does. It iterates a
 -- SHA256 hash, with a random salt, a few thousand times. This scheme is known
 -- as PBKDF1, and is generally considered secure; there is nothing innovative
 -- happening here.
 --
 -- The API here is very simple. What you store are called /password hashes/.
 -- They are strings (technically, ByteStrings) that look like this:
 --
 -- > "sha256|14|jEWU94phx4QzNyH94Qp4CQ==|5GEw+jxP/4WLgzt9VS3Ee3nhqBlDsrKiB+rq7JfMckU="
 --
 -- Each password hash shows the algorithm, the strength (more on that later),
 -- the salt, and the hashed-and-salted password. You store these on your server,
 -- in a database, for when you need to verify a password. You make a password
 -- hash with the 'makePassword' function. Here's an example:
 --
 -- > >>> makePassword "hunter2" 14
 -- > "sha256|14|Zo4LdZGrv/HYNAUG3q8WcA==|zKjbHZoTpuPLp1lh6ATolWGIKjhXvY4TysuKvqtNFyk="
 --
 -- This will hash the password @\"hunter2\"@, with strength 14, which is a good
 -- default value. The strength here determines how long the hashing will
 -- take. When doing the hashing, we iterate the SHA256 hash function
 -- @2^strength@ times, so increasing the strength by 1 makes the hashing take
 -- twice as long. When computers get faster, you can bump up the strength a
 -- little bit to compensate. You can strengthen existing password hashes with
 -- the 'strengthenPassword' function. Note that 'makePassword' needs to generate
 -- random numbers, so its return type is 'IO' 'ByteString'. If you want to avoid
 -- the 'IO' monad, you can generate your own salt and pass it to
 -- 'makePasswordSalt'.
 --
 -- Your strength value should not be less than 12, and 14 is a good default
 -- value at the time of this writing, in 2013.
 --
 -- Once you've got your password hashes, the second big thing you need to do
 -- with them is verify passwords against them. When a user gives you a password,
 -- you compare it with a password hash using the 'verifyPassword' function:
 --
 -- > >>> verifyPassword "wrong guess" passwordHash
 -- > False
 -- > >>> verifyPassword "hunter2" passwordHash
 -- > True
 --
 -- These two functions are really all you need. If you want to make existing
 -- password hashes stronger, you can use 'strengthenPassword'. Just pass it an
 -- existing password hash and a new strength value, and it will return a new
 -- password hash with that strength value, which will match the same password as
 -- the old password hash.
 --
 -- Note that, as of version 2.4, you can also use PBKDF2, and specify the exact
 -- iteration count. This does not have a significant effect on security, but can
 -- be handy for compatibility with other code.
 --
 -- @since 1.4.18
 module Yesod.Auth.Util.PasswordStore (
        -- * Algorithms
        pbkdf1,                 -- :: ByteString -> Salt -> Int -> ByteString
        pbkdf2,                 -- :: ByteString -> Salt -> Int -> ByteString
        -- * Registering and verifying passwords
        makePassword,           -- :: ByteString -> Int -> IO ByteString
        makePasswordWith,       -- :: (ByteString -> Salt -> Int -> ByteString) ->
                                --    ByteString -> Int -> IO ByteString
        makePasswordSalt,       -- :: ByteString -> ByteString -> Int -> ByteString
        makePasswordSaltWith,   -- :: (ByteString -> Salt -> Int -> ByteString) ->
                                --    ByteString -> Salt -> Int -> ByteString
        verifyPassword,         -- :: ByteString -> ByteString -> Bool
        verifyPasswordWith,     -- :: (ByteString -> Salt -> Int -> ByteString) ->
                                --    (Int -> Int) -> ByteString -> ByteString -> Bool
        -- * Updating password hash strength
        strengthenPassword,     -- :: ByteString -> Int -> ByteString
        passwordStrength,       -- :: ByteString -> Int
        -- * Utilities
        Salt,
        isPasswordFormatValid,  -- :: ByteString -> Bool
        genSaltIO,              -- :: IO Salt
        genSaltRandom,          -- :: (RandomGen b) => b -> (Salt, b)
        makeSalt,               -- :: ByteString -> Salt
        exportSalt,             -- :: Salt -> ByteString
        importSalt              -- :: ByteString -> Salt
  ) where
 import qualified Crypto.MAC.HMAC as CH
 import qualified Crypto.Hash as CH
 import qualified Data.ByteString.Char8 as B
 import qualified Data.ByteString as BS
 import qualified Data.ByteString.Lazy as BL
 import qualified Data.Binary as Binary
 import Control.Monad
 import Control.Monad.ST
 import Data.STRef
 import Data.Bits
 import Data.ByteString.Char8 (ByteString)
 import Data.ByteString.Base64 (encode, decodeLenient)
 import System.IO
 import System.Random
 import Data.Maybe
 import qualified Control.Exception
 import Data.ByteArray (convert)
 ---------------------
 -- Cryptographic base
 ---------------------
 -- | PBKDF1 key-derivation function. Takes a password, a 'Salt', and a number of
 -- iterations. The number of iterations should be at least 1000, and probably
 -- more. 5000 is a reasonable number, computing almost instantaneously. This
 -- will give a 32-byte 'ByteString' as output. Both the salt and this 32-byte
 -- key should be stored in the password file. When a user wishes to authenticate
 -- a password, just pass it and the salt to this function, and see if the output
 -- matches.
 --
 -- @since 1.4.18
 --
 pbkdf1 :: ByteString -> Salt -> Int -> ByteString
 pbkdf1 password (SaltBS salt) iter = hashRounds first_hash (iter + 1)
  where
    first_hash =
      convert $
      ((CH.hashFinalize $ CH.hashInit `CH.hashUpdate` password `CH.hashUpdate` salt) :: CH.Digest CH.SHA256)
 -- | Hash a 'ByteString' for a given number of rounds. The number of rounds is 0
 -- or more. If the number of rounds specified is 0, the ByteString will be
 -- returned unmodified.
 hashRounds :: ByteString -> Int -> ByteString
 hashRounds (!bs) 0 = bs
 hashRounds bs rounds = hashRounds (convert (CH.hash bs :: CH.Digest CH.SHA256)) (rounds - 1)
 -- | Computes the hmacSHA256 of the given message, with the given 'Salt'.
 hmacSHA256 :: ByteString
           -- ^ The secret (the salt)
           -> ByteString
           -- ^ The clear-text message
           -> ByteString
           -- ^ The encoded message
 hmacSHA256 secret msg =
    convert (CH.hmacGetDigest (CH.hmac secret msg) :: CH.Digest CH.SHA256)
 -- | PBKDF2 key-derivation function.
 -- For details see @http://tools.ietf.org/html/rfc2898@.
 -- @32@ is the most common digest size for @SHA256@, and is
 -- what the algorithm internally uses.
 -- @HMAC+SHA256@ is used as @PRF@, because @HMAC+SHA1@ is considered too weak.
 --
 -- @since 1.4.18
 --
 pbkdf2 :: ByteString -> Salt -> Int -> ByteString
 pbkdf2 password (SaltBS salt) c =
    let hLen = 32
        dkLen = hLen in go hLen dkLen
  where
    go hLen dkLen | dkLen > (2^(32 :: Int) - 1) * hLen = error "Derived key too long."
                  | otherwise =
                      let !l = ceiling ((fromIntegral dkLen / fromIntegral hLen) :: Double)
                          !r = dkLen - (l - 1) * hLen
                          chunks = [f i | i <- [1 .. l]]
                      in (B.concat . init $ chunks) `B.append` B.take r (last chunks)
    -- The @f@ function, as defined in the spec.
    -- It calls 'u' under the hood.
    f :: Int -> ByteString
    f i = let !u1 = hmacSHA256 password (salt `B.append` int i)
      -- Using the ST Monad, for maximum performance.
      in runST $ do
          u <- newSTRef u1
          accum <- newSTRef u1
          forM_ [2 .. c] $ \_ -> do
            modifySTRef' u (hmacSHA256 password)
            currentU <- readSTRef u
            modifySTRef' accum (`xor'` currentU)
          readSTRef accum
    -- int(i), as defined in the spec.
    int :: Int -> ByteString
    int i = let str = BL.unpack . Binary.encode $ i
            in BS.pack $ drop (length str - 4) str
    -- | A convenience function to XOR two 'ByteString' together.
    xor' :: ByteString -> ByteString -> ByteString
    xor' !b1 !b2 = BS.pack $ BS.zipWith xor b1 b2
 -- | Generate a 'Salt' from 128 bits of data from @\/dev\/urandom@, with the
 -- system RNG as a fallback. This is the function used to generate salts by
 -- 'makePassword'.
 --
 -- @since 1.4.18
 --
 genSaltIO :: IO Salt
 genSaltIO =
    Control.Exception.catch genSaltDevURandom def
  where
    def :: IOError -> IO Salt
    def _ = genSaltSysRandom
 -- | Generate a 'Salt' from @\/dev\/urandom@.
 genSaltDevURandom :: IO Salt
 genSaltDevURandom = withFile "/dev/urandom" ReadMode $ \h -> do
                      rawSalt <- B.hGet h 16
                      return $ makeSalt rawSalt
 -- | Generate a 'Salt' from 'System.Random'.
 genSaltSysRandom :: IO Salt
 genSaltSysRandom = randomChars >>= return . makeSalt . B.pack
    where randomChars = sequence $ replicate 16 $ randomRIO ('\NUL', '\255')
 -----------------------
 -- Password hash format
 -----------------------
 -- Format: "sha256|strength|salt|hash", where strength is an unsigned int, salt
 -- is a base64-encoded 16-byte random number, and hash is a base64-encoded hash
 -- value.
 -- | Try to parse a password hash.
 readPwHash :: ByteString -> Maybe (Int, Salt, ByteString)
 readPwHash pw | length broken /= 4
                || algorithm /= "sha256"
                || B.length hash /= 44 = Nothing
              | otherwise = case B.readInt strBS of
                              Just (strength, _) -> Just (strength, SaltBS salt, hash)
                              Nothing -> Nothing
    where broken = B.split '|' pw
          [algorithm, strBS, salt, hash] = broken
 -- | Encode a password hash, from a @(strength, salt, hash)@ tuple, where
 -- strength is an 'Int', and both @salt@ and @hash@ are base64-encoded
 -- 'ByteString's.
 writePwHash :: (Int, Salt, ByteString) -> ByteString
 writePwHash (strength, SaltBS salt, hash) =
    B.intercalate "|" ["sha256", B.pack (show strength), salt, hash]
 -----------------
 -- High level API
 -----------------
 -- | Hash a password with a given strength (14 is a good default). The output of
 -- this function can be written directly to a password file or
 -- database. Generates a salt using high-quality randomness from
 -- @\/dev\/urandom@ or (if that is not available, for example on Windows)
 -- 'System.Random', which is included in the hashed output.
 --
 -- @since 1.4.18
 --
 makePassword :: ByteString -> Int -> IO ByteString
 makePassword = makePasswordWith pbkdf1
 -- | A generic version of 'makePassword', which allow the user
 -- to choose the algorithm to use.
 --
 -- >>> makePasswordWith pbkdf1 "password" 14
 --
 -- @since 1.4.18
 --
 makePasswordWith :: (ByteString -> Salt -> Int -> ByteString)
                 -- ^ The algorithm to use (e.g. pbkdf1)
                 -> ByteString
                 -- ^ The password to encrypt
                 -> Int
                 -- ^ log2 of the number of iterations
                 -> IO ByteString
 makePasswordWith algorithm password strength = do
  salt <- genSaltIO
  return $ makePasswordSaltWith algorithm (2^) password salt strength
 -- | A generic version of 'makePasswordSalt', meant to give the user
 -- the maximum control over the generation parameters.
 -- Note that, unlike 'makePasswordWith', this function takes the @raw@
 -- number of iterations. This means the user will need to specify a
 -- sensible value, typically @10000@ or @20000@.
 --
 -- @since 1.4.18
 --
 makePasswordSaltWith :: (ByteString -> Salt -> Int -> ByteString)
                     -- ^ A function modeling an algorithm (e.g. 'pbkdf1')
                     -> (Int -> Int)
                     -- ^ A function to modify the strength
                     -> ByteString
                     -- ^ A password, given as clear text
                     -> Salt
                     -- ^ A hash 'Salt'
                     -> Int
                     -- ^ The password strength (e.g. @10000, 20000, etc.@)
                     -> ByteString
 makePasswordSaltWith algorithm strengthModifier pwd salt strength = writePwHash (strength, salt, hash)
    where hash = encode $ algorithm pwd salt (strengthModifier strength)
 -- | Hash a password with a given strength (14 is a good default), using a given
 -- salt. The output of this function can be written directly to a password file
 -- or database. Example:
 --
 -- > >>> makePasswordSalt "hunter2" (makeSalt "72cd18b5ebfe6e96") 14
 -- > "sha256|14|NzJjZDE4YjVlYmZlNmU5Ng==|yuiNrZW3KHX+pd0sWy9NTTsy5Yopmtx4UYscItSsoxc="
 --
 -- @since 1.4.18
 --
 makePasswordSalt :: ByteString -> Salt -> Int -> ByteString
 makePasswordSalt = makePasswordSaltWith pbkdf1 (2^)
 -- | 'verifyPasswordWith' @algorithm userInput pwHash@ verifies
 -- the password @userInput@ given by the user against the stored password
 -- hash @pwHash@, with the hashing algorithm @algorithm@.  Returns 'True' if the
 -- given password is correct, and 'False' if it is not.
 -- This function allows the programmer to specify the algorithm to use,
 -- e.g. 'pbkdf1' or 'pbkdf2'.
 -- Note: If you want to verify a password previously generated with
 -- 'makePasswordSaltWith', but without modifying the number of iterations,
 -- you can do:
 --
 -- > >>> verifyPasswordWith pbkdf2 id "hunter2" "sha256..."
 -- > True
 --
 -- @since 1.4.18
 --
 verifyPasswordWith :: (ByteString -> Salt -> Int -> ByteString)
                   -- ^ A function modeling an algorithm (e.g. pbkdf1)
                   -> (Int -> Int)
                   -- ^ A function to modify the strength
                   -> ByteString
                   -- ^ User password
                   -> ByteString
                   -- ^ The generated hash (e.g. sha256|14...)
                   -> Bool
 verifyPasswordWith algorithm strengthModifier userInput pwHash =
    case readPwHash pwHash of
      Nothing -> False
      Just (strength, salt, goodHash) ->
          encode (algorithm userInput salt (strengthModifier strength)) == goodHash
 -- | Like 'verifyPasswordWith', but uses 'pbkdf1' as algorithm.
 --
 -- @since 1.4.18
 --
 verifyPassword :: ByteString -> ByteString -> Bool
 verifyPassword = verifyPasswordWith pbkdf1 (2^)
 -- | Try to strengthen a password hash, by hashing it some more
 -- times. @'strengthenPassword' pwHash new_strength@ will return a new password
 -- hash with strength at least @new_strength@. If the password hash already has
 -- strength greater than or equal to @new_strength@, then it is returned
 -- unmodified. If the password hash is invalid and does not parse, it will be
 -- returned without comment.
 --
 -- This function can be used to periodically update your password database when
 -- computers get faster, in order to keep up with Moore's law. This isn't hugely
 -- important, but it's a good idea.
 --
 -- @since 1.4.18
 --
 strengthenPassword :: ByteString -> Int -> ByteString
 strengthenPassword pwHash newstr =
    case readPwHash pwHash of
      Nothing -> pwHash
      Just (oldstr, salt, hashB64) ->
          if oldstr < newstr then
              writePwHash (newstr, salt, newHash)
          else
              pwHash
          where newHash = encode $ hashRounds hash extraRounds
                extraRounds = (2^newstr) - (2^oldstr)
                hash = decodeLenient hashB64
 -- | Return the strength of a password hash.
 --
 -- @since 1.4.18
 --
 passwordStrength :: ByteString -> Int
 passwordStrength pwHash = case readPwHash pwHash of
                            Nothing               -> 0
                            Just (strength, _, _) -> strength
 ------------
 -- Utilities
 ------------
 -- | A salt is a unique random value which is stored as part of the password
 -- hash. You can generate a salt with 'genSaltIO' or 'genSaltRandom', or if you
 -- really know what you're doing, you can create them from your own ByteString
 -- values with 'makeSalt'.
 --
 -- @since 1.4.18
 --
 newtype Salt = SaltBS ByteString
    deriving (Show, Eq, Ord)
 -- | Create a 'Salt' from a 'ByteString'. The input must be at least 8
 -- characters, and can contain arbitrary bytes. Most users will not need to use
 -- this function.
 --
 -- @since 1.4.18
 --
 makeSalt :: ByteString -> Salt
 makeSalt = SaltBS . encode . check_length
    where check_length salt | B.length salt < 8 =
                                error "Salt too short. Minimum length is 8 characters."
                            | otherwise = salt
 -- | Convert a 'Salt' into a 'ByteString'. The resulting 'ByteString' will be
 -- base64-encoded. Most users will not need to use this function.
 --
 -- @since 1.4.18
 --
 exportSalt :: Salt -> ByteString
 exportSalt (SaltBS bs) = bs
 -- | Convert a raw 'ByteString' into a 'Salt'.
 -- Use this function with caution, since using a weak salt will result in a
 -- weak password.
 --
 -- @since 1.4.18
 --
 importSalt :: ByteString -> Salt
 importSalt = SaltBS
 -- | Is the format of a password hash valid? Attempts to parse a given password
 -- hash. Returns 'True' if it parses correctly, and 'False' otherwise.
 --
 -- @since 1.4.18
 --
 isPasswordFormatValid :: ByteString -> Bool
 isPasswordFormatValid = isJust . readPwHash
 -- | Generate a 'Salt' with 128 bits of data taken from a given random number
 -- generator. Returns the salt and the updated random number generator. This is
 -- meant to be used with 'makePasswordSalt' by people who would prefer to either
 -- use their own random number generator or avoid the 'IO' monad.
 --
 -- @since 1.4.18
 --
 genSaltRandom :: (RandomGen b) => b -> (Salt, b)
 genSaltRandom gen = (salt, newgen)
    where rands _ 0 = []
          rands g n = (a, g') : rands g' (n-1 :: Int)
              where (a, g') = randomR ('\NUL', '\255') g
          salt   = makeSalt $ B.pack $ map fst (rands gen 16)
          newgen = snd $ last (rands gen 16)
 #if !MIN_VERSION_base(4, 6, 0)
 -- | Strict version of 'modifySTRef'
 modifySTRef' :: STRef s a -> (a -> a) -> ST s ()
 modifySTRef' ref f = do
    x <- readSTRef ref
    let x' = f x
    x' `seq` writeSTRef ref x'
 #endif
--- a/yesod-auth/browserid.hs
+++ b/yesod-auth/browserid.hs
@ -26,7 +26,7 @@ mkYesod "BID" [parseRoutes|
 getRootR :: Handler ()
 getRootR = redirect $ AuthR LoginR
-getAfterLoginR :: Handler RepHtml
+getAfterLoginR :: Handler Html
 getAfterLoginR = do
    mauth <- maybeAuthId
    defaultLayout $ toWidget [hamlet|
@ -41,13 +41,14 @@ instance YesodAuth BID where
    loginDest _ = AfterLoginR
    logoutDest _ = AuthR LoginR
    getAuthId = return . Just . credsIdent
-    authPlugins _ = [authBrowserId]
+    authPlugins _ = [authBrowserId def]
    authHttpManager = httpManager
    maybeAuthId = lookupSession credsKey
 instance RenderMessage BID FormMessage where
    renderMessage _ _ = defaultFormMessage
 main :: IO ()
 main = do
-    m <- newManager def
+    m <- newManager conduitManagerSettings
    toWaiApp (BID m) >>= run 3000 . logStdoutDev
--- a/yesod-auth/openid.hs
+++ b/yesod-auth/openid.hs
@ -27,7 +27,7 @@ getRootR = getAfterLoginR
 getAfterLoginR :: Handler RepHtml
 getAfterLoginR = do
    mauth <- maybeAuthId
-    defaultLayout $ addHamlet [hamlet|
+    defaultLayout [whamlet|
 <p>Auth: #{show mauth}
 $maybe _ <- mauth
    <p>
@ -38,21 +38,22 @@ $nothing
 |]
 instance Yesod BID where
-    approot = ApprootStatic "http://localhost:3000"
+    approot = guessApproot
 instance YesodAuth BID where
    type AuthId BID = Text
    loginDest _ = AfterLoginR
    logoutDest _ = AuthR LoginR
    getAuthId = return . Just . credsIdentClaimed
-    authPlugins _ = [authOpenId]
+    authPlugins _ = [authOpenId Claimed []]
    authHttpManager = httpManager
    maybeAuthId = lookupSession credsKey
 instance RenderMessage BID FormMessage where
    renderMessage _ _ = defaultFormMessage
 main :: IO ()
 main = do
-    m <- newManager def
+    m <- newManager tlsManagerSettings
    toWaiApp (BID m) >>= run 3000
--- a/yesod-auth/yesod-auth.cabal
+++ b/yesod-auth/yesod-auth.cabal
@ -1,5 +1,6 @@
 cabal-version:   >=1.10
 name:            yesod-auth
-version:         1.2.0.2
+version:         1.6.11.2
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman, Patrick Brisbin
@ -7,48 +8,61 @@ maintainer:      Michael Snoyman <michael@snoyman.com>
 synopsis:        Authentication for Yesod.
 category:        Web, Yesod
 stability:       Stable
 cabal-version:   >= 1.6.0
 build-type:      Simple
 homepage:        http://www.yesodweb.com/
-description:     This package provides a pluggable mechanism for allowing users to authenticate with your site. It comes with a number of common plugins, such as OpenID, BrowserID (a.k.a., Mozilla Persona), and email. Other packages are available from Hackage as well. If you've written such an add-on, please notify me so that it can be added to this description.
+description:     API docs and the README are available at <http://www.stackage.org/package/yesod-auth>
                 .
                 * <http://hackage.haskell.org/package/yesod-auth-account>: An account authentication plugin for Yesod
 extra-source-files: persona_sign_in_blue.png
                    README.md
                    ChangeLog.md
 flag network-uri
  description: Get Network.URI from the network-uri package
  default: True
 library
-    build-depends:   base                    >= 4         && < 5
+    default-language: Haskell2010
-                   , authenticate            >= 1.3
+    build-depends:   base                    >= 4.10      && < 5
-                   , bytestring              >= 0.9.1.4
+                   , aeson                   >= 0.7
-                   , yesod-core              >= 1.2       && < 1.3
+                   , attoparsec-aeson        >= 2.1
-                   , wai                     >= 1.4
+                   , authenticate            >= 1.3.4
-                   , template-haskell
+                   , base16-bytestring
-                   , pureMD5                 >= 2.0
+                   , base64-bytestring
-                   , random                  >= 1.0.0.2
+                   , binary
-                   , text                    >= 0.7
+                   , blaze-builder
                   , mime-mail               >= 0.3
                   , yesod-persistent        >= 1.2
                   , hamlet                  >= 1.1       && < 1.2
                   , shakespeare-css         >= 1.0       && < 1.1
                   , shakespeare-js          >= 1.0.2     && < 1.2
                   , containers
                   , unordered-containers
                   , yesod-form              >= 1.3       && < 1.4
                   , transformers            >= 0.2.2
                   , persistent              >= 1.2       && < 1.3
                   , persistent-template     >= 1.2       && < 1.3
                   , SHA                     >= 1.4.1.3
                   , http-conduit            >= 1.5
                   , aeson                   >= 0.5
                   , pwstore-fast            >= 2.2
                   , lifted-base             >= 0.1
                   , blaze-html              >= 0.5
                   , blaze-markup            >= 0.5.1
-                   , network
+                   , bytestring              >= 0.9.1.4
-                   , http-types
+                   , conduit                 >= 1.3
-                   , file-embed
+                   , conduit-extra
-                   , email-validate          >= 1.0
+                   , containers
                   , cryptonite
                   , data-default
-                   , resourcet
+                   , email-validate          >= 1.0
                   , file-embed
                   , http-client             >= 0.5
                   , http-client-tls
                   , http-conduit            >= 2.1
                   , http-types
                   , memory
                   , nonce                   >= 1.0.2     && < 1.1
                   , persistent              >= 2.8
                   , random                  >= 1.0.0.2
                   , safe
                   , shakespeare
                   , template-haskell
                   , text                    >= 0.7
                   , time
                   , transformers            >= 0.2.2
                   , unliftio
                   , unliftio-core
                   , unordered-containers
                   , wai                     >= 1.4
                   , yesod-core              >= 1.6       && < 1.7
                   , yesod-form              >= 1.6       && < 1.8
                   , yesod-persistent        >= 1.6
    if flag(network-uri)
      build-depends: network-uri >= 2.6
    exposed-modules: Yesod.Auth
                     Yesod.Auth.BrowserId
@ -56,9 +70,10 @@ library
                     Yesod.Auth.Email
                     Yesod.Auth.OpenId
                     Yesod.Auth.Rpxnow
                     Yesod.Auth.HashDB
                     Yesod.Auth.Message
-                     Yesod.Auth.GoogleEmail
+                     Yesod.Auth.GoogleEmail2
                     Yesod.Auth.Hardcoded
                     Yesod.Auth.Util.PasswordStore
    other-modules:   Yesod.Auth.Routes
    ghc-options:     -Wall
--- a/yesod-bin/AddHandler.hs
+++ b/yesod-bin/AddHandler.hs
@ -1,64 +1,168 @@
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE PatternGuards #-}
 module AddHandler (addHandler) where
 import Prelude hiding (readFile)
-import System.IO (hFlush, stdout)
+import System.IO  (hFlush, stdout)
-import Data.Char (isLower, toLower, isSpace)
+import Data.Char  (isLower, toLower, isSpace)
-import Data.List (isPrefixOf, isSuffixOf)
+import Data.List  (isPrefixOf, isSuffixOf, stripPrefix)
 import Data.Maybe (fromMaybe, listToMaybe)
 import qualified Data.Text as T
 import qualified Data.Text.IO as TIO
-import System.Directory (getDirectoryContents)
+#if MIN_VERSION_Cabal(3, 7, 0)
 import Distribution.Simple.PackageDescription (readGenericPackageDescription)
 #elif MIN_VERSION_Cabal(2, 2, 0)
 import Distribution.PackageDescription.Parsec (readGenericPackageDescription)
 #elif MIN_VERSION_Cabal(2, 0, 0)
 import Distribution.PackageDescription.Parse (readGenericPackageDescription)
 #else
 import Distribution.PackageDescription.Parse (readPackageDescription)
 #endif
 #if MIN_VERSION_Cabal(3, 6, 0)
 import Distribution.Utils.Path
 #endif
 import Distribution.PackageDescription.Configuration (flattenPackageDescription)
 import Distribution.PackageDescription (allBuildInfo, hsSourceDirs)
 import Distribution.Verbosity (normal)
 import System.Directory (getDirectoryContents, doesFileExist)
 import Control.Monad (unless)
 data RouteError = EmptyRoute
                | RouteCaseError
                | RouteExists FilePath
                deriving Eq
 instance Show RouteError where
    show EmptyRoute         = "No name entered. Quitting ..."
    show RouteCaseError     = "Name must start with an upper case letter"
    show (RouteExists file) = "File already exists: " ++ file
 -- strict readFile
 readFile :: FilePath -> IO String
 readFile = fmap T.unpack . TIO.readFile
-addHandler :: IO ()
+cmdLineArgsError :: String
-addHandler = do
+cmdLineArgsError = "You have to specify a route name if you want to add handler with command line arguments."
    allFiles <- getDirectoryContents "."
    cabal <-
        case filter (".cabal" `isSuffixOf`) allFiles of
            [x] -> return x
            [] -> error "No cabal file found"
            _ -> error "Too many cabal files found"
-    putStr "Name of route (without trailing R): "
+addHandler :: Maybe String -> Maybe String -> [String] -> IO ()
-    hFlush stdout
+addHandler (Just route) pat met = do
-    name <- getLine
+    cabal <- getCabal
-    case name of
+    checked <- checkRoute route cabal
-        [] -> error "Please provide a name"
+    let routePair = case checked of
-        c:_
+          Left err@EmptyRoute -> (error . show) err
-            | isLower c -> error "Name must start with an upper case letter"
+          Left err@RouteCaseError -> (error . show) err
-            | otherwise -> return ()
+          Left err@(RouteExists _) -> (error . show) err
          Right p -> p
    addHandlerFiles cabal routePair pattern methods
  where
    pattern = fromMaybe "" pat -- pattern defaults to ""
    methods = unwords met      -- methods default to none
 addHandler Nothing (Just _) _ = error cmdLineArgsError
 addHandler Nothing _ (_:_)    = error cmdLineArgsError
 addHandler _ _ _ = addHandlerInteractive
 addHandlerInteractive :: IO ()
 addHandlerInteractive = do
    cabal <- getCabal
    let routeInput = do
          putStr "Name of route (without trailing R): "
          hFlush stdout
          name <- getLine
          checked <- checkRoute name cabal
          case checked of
              Left err@EmptyRoute -> (error . show) err
              Left err@RouteCaseError -> print err >> routeInput
              Left err@(RouteExists _) -> do
                print err
                putStrLn "Try another name or leave blank to exit"
                routeInput
              Right p -> return p
    routePair <- routeInput
    putStr "Enter route pattern (ex: /entry/#EntryId): "
    hFlush stdout
    pattern <- getLine
    putStr "Enter space-separated list of methods (ex: GET POST): "
    hFlush stdout
    methods <- getLine
    addHandlerFiles cabal routePair pattern methods
-    let modify fp f = readFile fp >>= writeFile fp . f
+getRoutesFilePath :: IO FilePath
 getRoutesFilePath = do
    let oldPath = "config/routes"
    oldExists <- doesFileExist oldPath
    pure $ if oldExists
        then oldPath
        else "config/routes.yesodroutes"
-    modify "Application.hs" $ fixApp name
+addHandlerFiles :: FilePath -> (String, FilePath) -> String -> String -> IO ()
 addHandlerFiles cabal (name, handlerFile) pattern methods = do
    src <- getSrcDir cabal
    let applicationFile = concat [src, "/Application.hs"]
    modify applicationFile $ fixApp name
    modify cabal $ fixCabal name
-    modify "config/routes" $ fixRoutes name pattern methods
+    routesPath <- getRoutesFilePath
-    writeFile ("Handler/" ++ name ++ ".hs") $ mkHandler name pattern methods
+    modify routesPath $ fixRoutes name pattern methods
    writeFile handlerFile $ mkHandler name pattern methods
    specExists <- doesFileExist specFile
    unless specExists $
      writeFile specFile $ mkSpec name pattern methods
  where
    specFile = "test/Handler/" ++ name ++ "Spec.hs"
    modify fp f = readFile fp >>= writeFile fp . f
 getCabal :: IO FilePath
 getCabal = do
    allFiles <- getDirectoryContents "."
    case filter (".cabal" `isSuffixOf`) allFiles of
        [x] -> return x
        [] -> error "No cabal file found"
        _ -> error "Too many cabal files found"
 checkRoute :: String -> FilePath -> IO (Either RouteError (String, FilePath))
 checkRoute name cabal =
    case name of
        [] -> return $ Left EmptyRoute
        c:_
            | isLower c -> return $ Left RouteCaseError
            | otherwise -> do
                -- Check that the handler file doesn't already exist
                src <- getSrcDir cabal
                let handlerFile = concat [src, "/Handler/", name, ".hs"]
                exists <- doesFileExist handlerFile
                if exists
                    then (return . Left . RouteExists) handlerFile
                    else return $ Right (name, handlerFile)
 fixApp :: String -> String -> String
 fixApp name =
    unlines . reverse . go . reverse . lines
  where
-    l = "import Handler." ++ name
+    l spaces = "import " ++ spaces ++ "Handler." ++ name
-    go [] = [l]
+    go [] = [l ""]
    go (x:xs)
-        | "import Handler." `isPrefixOf` x = l : x : xs
+        | Just y <- stripPrefix "import " x, "Handler." `isPrefixOf` dropWhile (== ' ') y = l (takeWhile (== ' ') y) : x : xs
        | otherwise = x : go xs
 fixCabal :: String -> String -> String
-fixCabal name =
+fixCabal name orig =
-    unlines . reverse . go . reverse . lines
+    unlines $ (reverse $ go $ reverse libraryLines) ++ restLines
  where
-    l = "import Handler." ++ name
+    origLines = lines orig
    (libraryLines, restLines) = break isExeTestBench origLines
    isExeTestBench x = any
        (\prefix -> prefix `isPrefixOf` x)
        [ "executable"
        , "test-suite"
        , "benchmark"
        ]
    l = "                  Handler." ++ name
    go [] = [l]
    go (x:xs)
@ -68,17 +172,37 @@ fixCabal name =
        (spaces, x') = span isSpace x
 fixRoutes :: String -> String -> String -> String -> String
-fixRoutes name pattern methods =
+fixRoutes name pattern methods fileContents =
-    (++ l)
+    fileContents ++ l
  where
    l = concat
-        [ pattern
+        [ startingCharacter
        , pattern
        , " "
        , name
        , "R "
        , methods
        , "\n"
        ]
    startingCharacter = if "\n" `isSuffixOf` fileContents then "" else "\n"
 mkSpec :: String -> String -> String -> String
 mkSpec name _ methods = unlines
    $ ("module Handler." ++ name ++ "Spec (spec) where")
    : ""
    : "import TestImport"
    : ""
    : "spec :: Spec"
    : "spec = withApp $ do"
    : concatMap go (words methods)
  where
    go method =
        [ ""
        , "    describe \"" ++ func ++ "\" $ do"
        , "        error \"Spec not implemented: " ++ func ++ "\""
        , ""]
      where
        func = concat [map toLower method, name, "R"]
 mkHandler :: String -> String -> String -> String
 mkHandler name pattern methods = unlines
@ -92,7 +216,9 @@ mkHandler name pattern methods = unlines
        , concat $ func : " :: " : map toArrow types ++ ["Handler Html"]
        , concat
            [ func
-            , " = error \"Not yet implemented: "
+            , " "
            , concatMap toArgument types
            , "= error \"Not yet implemented: "
            , func
            , "\""
            ]
@ -103,11 +229,31 @@ mkHandler name pattern methods = unlines
    types = getTypes pattern
    toArrow t = concat [t, " -> "]
    toArgument t = concat [uncapitalize t, " "]
    getTypes "" = []
    getTypes ('/':rest) = getTypes rest
-    getTypes ('#':rest) =
+    getTypes (c:rest) | c `elem` "#*" =
        typ : getTypes rest'
      where
        (typ, rest') = break (== '/') rest
    getTypes rest = getTypes $ dropWhile (/= '/') rest
 uncapitalize :: String -> String
 uncapitalize (x:xs) = toLower x : xs
 uncapitalize "" = ""
 getSrcDir :: FilePath -> IO FilePath
 getSrcDir cabal = do
 #if MIN_VERSION_Cabal(2, 0, 0)
    pd <- flattenPackageDescription <$> readGenericPackageDescription normal cabal
 #else
    pd <- flattenPackageDescription <$> readPackageDescription normal cabal
 #endif
    let buildInfo = allBuildInfo pd
        srcDirs = concatMap hsSourceDirs buildInfo
 #if MIN_VERSION_Cabal(3, 6, 0)
    return $ maybe "." getSymbolicPath $ listToMaybe srcDirs
 #else
    return $ fromMaybe "." $ listToMaybe srcDirs
 #endif
--- a/yesod-bin/Build.hs
+++ b/yesod-bin/Build.hs
@ -1,263 +0,0 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 module Build
    ( getDeps
    , touchDeps
    , touch
    , recompDeps
    , isNewerThan
    , safeReadFile
    ) where
 import           Control.Applicative ((<|>), many, (<$>))
 import qualified Data.Attoparsec.Text as A
 import           Data.Char (isSpace, isUpper)
 import qualified Data.Text as T
 import           Data.Text.Encoding (decodeUtf8With)
 import           Data.Text.Encoding.Error (lenientDecode)
 import           Data.ByteString (ByteString)
 import qualified Data.ByteString as S
 import           Control.Exception (SomeException, try, IOException)
 import           Control.Exception.Lifted (handle)
 import           Control.Monad (when, filterM, forM, forM_, (>=>))
 import           Control.Monad.Trans.State (StateT, get, put, execStateT)
 import           Control.Monad.Trans.Writer (WriterT, tell, execWriterT)
 import           Control.Monad.IO.Class (MonadIO, liftIO)
 import           Control.Monad.Trans.Class (lift)
 import           Data.Monoid (Monoid (mappend, mempty))
 import qualified Data.Map as Map
 import qualified Data.Set as Set
 import qualified System.Posix.Types
 import           System.Directory
 import           System.FilePath (takeExtension, replaceExtension, (</>), takeDirectory)
 import           System.PosixCompat.Files (getFileStatus, setFileTimes,
                                             accessTime, modificationTime)
 import           Text.Shakespeare (Deref)
 import           Text.Julius      (juliusUsedIdentifiers)
 import           Text.Cassius     (cassiusUsedIdentifiers)
 import           Text.Lucius      (luciusUsedIdentifiers)
 safeReadFile :: MonadIO m => FilePath -> m (Either IOException ByteString)
 safeReadFile = liftIO . try . S.readFile
 touch :: IO ()
 touch = do
    m <- handle (\(_ :: SomeException) -> return Map.empty) $ readFile touchCache >>= readIO
    x <- fmap snd (getDeps [])
    m' <- execStateT (execWriterT $ touchDeps id updateFileTime x) m
    createDirectoryIfMissing True $ takeDirectory touchCache
    writeFile touchCache $ show m'
  where
    touchCache = "dist/touchCache.txt"
 -- | Returns True if any files were touched, otherwise False
 recompDeps :: [FilePath] -> StateT (Map.Map FilePath (Set.Set Deref)) IO Bool
 recompDeps =
    fmap toBool . execWriterT . (liftIO . getDeps >=> touchDeps hiFile removeHi . snd)
  where
    toBool NoFilesTouched = False
    toBool SomeFilesTouched = True
 type Deps = Map.Map FilePath ([FilePath], ComparisonType)
 getDeps :: [FilePath] -> IO ([FilePath], Deps)
 getDeps hsSourceDirs = do
    let defSrcDirs = case hsSourceDirs of
                        [] -> ["."]
                        ds -> ds
    hss <- fmap concat $ mapM findHaskellFiles defSrcDirs
    deps' <- mapM determineDeps hss
    return $ (hss, fixDeps $ zip hss deps')
 data AnyFilesTouched = NoFilesTouched | SomeFilesTouched
 instance Monoid AnyFilesTouched where
    mempty = NoFilesTouched
    mappend NoFilesTouched NoFilesTouched = mempty
    mappend _ _ = SomeFilesTouched
 touchDeps :: (FilePath -> FilePath) ->
             (FilePath -> FilePath -> IO ()) ->
             Deps -> WriterT AnyFilesTouched (StateT (Map.Map FilePath (Set.Set Deref)) IO) ()
 touchDeps f action deps = (mapM_ go . Map.toList) deps
  where
    go (x, (ys, ct)) = do
        isChanged <- handle (\(_ :: SomeException) -> return True) $ lift $
            case ct of
                AlwaysOutdated -> return True
                CompareUsedIdentifiers getDerefs -> do
                    derefMap <- get
                    ebs <- safeReadFile x
                    let newDerefs =
                            case ebs of
                                Left _ -> Set.empty
                                Right bs -> Set.fromList $ getDerefs $ T.unpack $ decodeUtf8With lenientDecode bs
                    put $ Map.insert x newDerefs derefMap
                    case Map.lookup x derefMap of
                        Just oldDerefs | oldDerefs == newDerefs -> return False
                        _ -> return True
        when isChanged $ forM_ ys $ \y -> do
            n <- liftIO $ x `isNewerThan` f y
            when n $ do
                liftIO $ putStrLn ("Forcing recompile for " ++ y ++ " because of " ++ x)
                liftIO $ action x y
                tell SomeFilesTouched
 -- | remove the .hi files for a .hs file, thereby forcing a recompile
 removeHi :: FilePath -> FilePath -> IO ()
 removeHi _ hs = mapM_ removeFile' hiFiles
    where
      removeFile' file = try' (removeFile file) >> return ()
      hiFiles          = map (\e -> "dist/build" </> replaceExtension hs e)
                             ["hi", "p_hi"]
 -- | change file mtime of .hs file to that of the dependency
 updateFileTime :: FilePath -> FilePath -> IO ()
 updateFileTime x hs = do
  (_     , modx) <- getFileStatus' x
  (access, _   ) <- getFileStatus' hs
  _ <- try' (setFileTimes hs access modx)
  return ()
 hiFile :: FilePath -> FilePath
 hiFile hs = "dist/build" </> replaceExtension hs "hi"
 try' :: IO x -> IO (Either SomeException x)
 try' = try
 isNewerThan :: FilePath -> FilePath -> IO Bool
 isNewerThan f1 f2 = do
  (_, mod1) <- getFileStatus' f1
  (_, mod2) <- getFileStatus' f2
  return (mod1 > mod2)
 getFileStatus' :: FilePath ->
                  IO (System.Posix.Types.EpochTime, System.Posix.Types.EpochTime)
 getFileStatus' fp = do
    efs <- try' $ getFileStatus fp
    case efs of
        Left _ -> return (0, 0)
        Right fs -> return (accessTime fs, modificationTime fs)
 fixDeps :: [(FilePath, [(ComparisonType, FilePath)])] -> Deps
 fixDeps =
    Map.unionsWith combine . map go
  where
    go :: (FilePath, [(ComparisonType, FilePath)]) -> Deps
    go (x, ys) = Map.fromList $ map (\(ct, y) -> (y, ([x], ct))) ys
    combine (ys1, ct) (ys2, _) = (ys1 `mappend` ys2, ct)
 findHaskellFiles :: FilePath -> IO [FilePath]
 findHaskellFiles path = do
    contents <- getDirectoryContents path
    fmap concat $ mapM go contents
  where
    go ('.':_)          = return []
    go filename = do
        d <- doesDirectoryExist full
        if not d
          then if isHaskellFile
                  then return [full]
                  else return []
          else if isHaskellDir
                 then findHaskellFiles full
                 else return []
      where
        -- this could fail on unicode
        isHaskellDir  = isUpper (head filename)
        isHaskellFile = takeExtension filename `elem` watch_files
        full = path </> filename
        watch_files = [".hs", ".lhs"]
 data TempType = StaticFiles FilePath
              | Verbatim | Messages FilePath | Hamlet | Widget | Julius | Cassius | Lucius
    deriving Show
 -- | How to tell if a file is outdated.
 data ComparisonType = AlwaysOutdated
                    | CompareUsedIdentifiers (String -> [Deref])
 determineDeps :: FilePath -> IO [(ComparisonType, FilePath)]
 determineDeps x = do
    y <- safeReadFile x
    case y of
        Left _ -> return []
        Right bs -> do
            let z = A.parseOnly (many $ (parser <|> (A.anyChar >> return Nothing)))
                  $ decodeUtf8With lenientDecode bs
            case z of
                Left _ -> return []
                Right r -> mapM go r >>= filterM (doesFileExist . snd) . concat
  where
    go (Just (StaticFiles fp, _)) = map ((,) AlwaysOutdated) <$> getFolderContents fp
    go (Just (Hamlet, f)) = return [(AlwaysOutdated, f)]
    go (Just (Widget, f)) = return
        [ (AlwaysOutdated, "templates/" ++ f ++ ".hamlet")
        , (CompareUsedIdentifiers $ map fst . juliusUsedIdentifiers, "templates/" ++ f ++ ".julius")
        , (CompareUsedIdentifiers $ map fst . luciusUsedIdentifiers, "templates/" ++ f ++ ".lucius")
        , (CompareUsedIdentifiers $ map fst . cassiusUsedIdentifiers, "templates/" ++ f ++ ".cassius")
        ]
    go (Just (Julius, f)) = return [(CompareUsedIdentifiers $ map fst . juliusUsedIdentifiers, f)]
    go (Just (Cassius, f)) = return [(CompareUsedIdentifiers $ map fst . cassiusUsedIdentifiers, f)]
    go (Just (Lucius, f)) = return [(CompareUsedIdentifiers $ map fst . luciusUsedIdentifiers, f)]
    go (Just (Verbatim, f)) = return [(AlwaysOutdated, f)]
    go (Just (Messages f, _)) = map ((,) AlwaysOutdated) <$> getFolderContents f
    go Nothing = return []
    parser = do
        ty <- (do _ <- A.string "\nstaticFiles \""
                  x' <- A.many1 $ A.satisfy (/= '"')
                  return $ StaticFiles x')
           <|> (A.string "$(parseRoutesFile " >> return Verbatim)
           <|> (A.string "$(hamletFile " >> return Hamlet)
           <|> (A.string "$(ihamletFile " >> return Hamlet)
           <|> (A.string "$(whamletFile " >> return Hamlet)
           <|> (A.string "$(html " >> return Hamlet)
           <|> (A.string "$(widgetFile " >> return Widget)
           <|> (A.string "$(Settings.hamletFile " >> return Hamlet)
           <|> (A.string "$(Settings.widgetFile " >> return Widget)
           <|> (A.string "$(juliusFile " >> return Julius)
           <|> (A.string "$(cassiusFile " >> return Cassius)
           <|> (A.string "$(luciusFile " >> return Lucius)
           <|> (A.string "$(persistFile " >> return Verbatim)
           <|> (
                   A.string "$(persistFileWith " >>
                   A.many1 (A.satisfy (/= '"')) >>
                   return Verbatim)
           <|> (do
                    _ <- A.string "\nmkMessage \""
                    A.skipWhile (/= '"')
                    _ <- A.string "\" \""
                    x' <- A.many1 $ A.satisfy (/= '"')
                    _ <- A.string "\" \""
                    _y <- A.many1 $ A.satisfy (/= '"')
                    _ <- A.string "\""
                    return $ Messages x')
        case ty of
            Messages{} -> return $ Just (ty, "")
            StaticFiles{} -> return $ Just (ty, "")
            _ -> do
                A.skipWhile isSpace
                _ <- A.char '"'
                y <- A.many1 $ A.satisfy (/= '"')
                _ <- A.char '"'
                A.skipWhile isSpace
                _ <- A.char ')'
                return $ Just (ty, y)
    getFolderContents :: FilePath -> IO [FilePath]
    getFolderContents fp = do
        cs <- getDirectoryContents fp
        let notHidden ('.':_) = False
            notHidden ('t':"mp") = False
            notHidden ('f':"ay") = False
            notHidden _ = True
        fmap concat $ forM (filter notHidden cs) $ \c -> do
            let f = fp ++ '/' : c
            isFile <- doesFileExist f
            if isFile then return [f] else getFolderContents f
--- a/yesod-bin/ChangeLog.md
+++ b/yesod-bin/ChangeLog.md
@ -0,0 +1,279 @@
 # ChangeLog for yesod-bin
 ## 1.6.2.2
 * Support Cabal 3.8 [#1769](https://github.com/yesodweb/yesod/pull/1769)
 ## 1.6.2.1
 * Support Cabal 3.6 [#1754](https://github.com/yesodweb/yesod/pull/1754)
 ## 1.6.2
 * aeson 2.0
 ## 1.6.1
 Added command line options `cert` and `key` to allow TLS certificate and key files to be passed to `yesod devel` [#1717](https://github.com/yesodweb/yesod/pull/1717)
 ## 1.6.0.6
 Fix the `add-handler` subcommand to support both the old default routes filename (`routes`) and the new one (`routes.yesodroutes`) [#1688](https://github.com/yesodweb/yesod/pull/1688)
 ## 1.6.0.5
 * Use process groups to ensure GHC is killed on Ctrl-C [#1683](https://github.com/yesodweb/yesod/pull/1683)
 ## 1.6.0.4
 * Support Cabal 3.0
 ## 1.6.0.3
 * Support Cabal 2.2 [#1151](https://github.com/yesodweb/yesod/issues/1511)
 ## 1.6.0.2
 * Fix broken support for older http-reverse-proxy
 ## 1.6.0.1
 * Support for http-reverse-proxy 0.6
 ## 1.6.0
 * Upgrade to conduit 1.3.0
 * Remove configure, build, touch, and test commands
 ## 1.5.3
 * Support typed-process-0.2.0.0
 ## 1.5.2.6
 * Drop an upper bound
 ## 1.5.2.5
 * Support for `add-handler` when modules are in `src/` directory [#1413](https://github.com/yesodweb/yesod/issues/1413)
 ## 1.5.2.4
 * Cabal 2.0 support
 ## 1.5.2.3
 * Fix race condition which leads dev server to stay in compilation mode. [#1380](https://github.com/yesodweb/yesod/issues/1380)
 ## 1.5.2.2
 * I guess `--no-nix-pure` implies Nix... sigh [#1359](https://github.com/yesodweb/yesod/issues/1359)
 ## 1.5.2.1
 * Use `--no-nix-pure` [#1357](https://github.com/yesodweb/yesod/issues/1357)
 ## 1.5.2
 * Fix warnings
 ## 1.5.1
 * Add `--host` option to `yesod devel`
 ## 1.5.0.1
 * Fix build failure
 ## 1.5.0
 Rewrite of `yesod devel` to take advantage of Stack for a simpler codebase.
 Advantages:
 * Does not link against the ghc library, so can be used with multiple
  GHC versions
 * Leverages Stack's ability to check for dependent files, which is
  more robust than what yesod devel was doing previously
 * Seems to involve less rebuilding of the library on initial run
 Disadvantages:
 * Lost some functionality (e.g., failure hooks, controlling the exit
  command)
 * Newer codebase, quite likely has bugs that need to be ironed out.
 ## 1.4.18.7
 * Actually release the changes for #1284
 ## 1.4.18.6
 * Fix support for GHC 8.0.1 [#1284](https://github.com/yesodweb/yesod/issues/1284)
 ## 1.4.18.5
 * yesod-bin: Make it build with latest optparse-applicative [#1282](https://github.com/yesodweb/yesod/pull/1282)
 ## 1.4.18.4
 * Link yesod-bin with wxneeded on OpenBSD. [#1281](https://github.com/yesodweb/yesod/pull/1281)
 ## 1.4.18.3
 * Adding a new handler adds it under wrong stanza [#1273](https://github.com/yesodweb/yesod/issues/1273)
 ## 1.4.18.2
 * Work around change in behavior in newer optparse-applicative ([mailing list discussion](https://groups.google.com/d/msg/yesodweb/BrTkMKFREgU/AKVc9AK2AQAJ))
 ## 1.4.18.1
 * error handling when checking for stack binary [#1219](https://github.com/yesodweb/yesod/pull/1219)
 * GHC 8 support
 ## 1.4.18
 * Disable `yesod test` when using Stack [#1198](https://github.com/yesodweb/yesod/issues/1198)
 ## 1.4.17
 * Fully remove the `yesod init` command
 ## 1.4.16.1
 * Workaround for [wai#478](https://github.com/yesodweb/wai/issues/478)
 ## 1.4.16
 * Some updates for better reverse proxying [yesod-scaffold#114](https://github.com/yesodweb/yesod-scaffold/issues/114)
 ## 1.4.15
 * Deprecate yesod init
 ## 1.4.14
 * Fix order of -package-db arguments to runghc [#1057](https://github.com/yesodweb/yesod/issues/1057)
 ## 1.4.13
 * Enable stack with yesod keter [#1041](https://github.com/yesodweb/yesod/pull/1041)
 ## 1.4.12
 * Devel server: have to type quit to quit
 ## 1.4.11
 * Add support to `yesod devel` to detect and use `GHC_PACKAGE_PATH`. This makes
  `yesod devel` compatible with `stack`, just run: `stack exec -- yesod devel`.
 ## 1.4.10
 * Scaffolding update
 ## 1.4.9.2
 * Collapse paths in keter bundles, see [mailing list thread](https://groups.google.com/d/msg/yesodweb/Ndd310qfSEc/pZOXldsKowsJ)
 ## 1.4.9
 * Command line options for `yesod init` [#986](https://github.com/yesodweb/yesod/pull/986)
 ## 1.4.8
 * Drop system-filepath
 ## 1.4.7.2
 * Scaffolding updates, including fix for [#982](https://github.com/yesodweb/yesod/issues/982)
 ## 1.4.7
 * GHC 7.10 support
 ## 1.4.6
 * Add TLS support to `yesod devel` [#964](https://github.com/yesodweb/yesod/pull/964)
 ## 1.4.5
 * add a switch to yesod to skip deploying a .keter with copy-to [#952](https://github.com/yesodweb/yesod/issues/952)
 ## 1.4.4
 * Add and process Keter option 'extraFiles' [#947](https://github.com/yesodweb/yesod/pull/947)
 ## 1.4.3.11
 * Disregard proxy environment variables in yesod devel [#945](https://github.com/yesodweb/yesod/pull/945)
 ## 1.4.3.10
 * Allow blaze-builder 0.4
 ## 1.4.3.9
 * Scaffold update: minimal scaffold uses yesod-core instead of yesod [yesodweb/yesod-scaffold#65](https://github.com/yesodweb/yesod-scaffold/issues/65)
 ## 1.4.3.8
 * Scaffold update: fix 404 for missing sourcemap
 ## 1.4.3.6
 * Scaffold update: use `addToken` instead of `addNonce`
 ## 1.4.3.5
 * Fix add-handler putting two routes on one line [#922](https://github.com/yesodweb/yesod/pull/922)
 ## 1.4.3.4
 Scaffolding updates:
 * Improve `DevelMain` support
 * Wipe out database during test runs
 * Convenience `unsafeHandler` function
 * Remove deprecated Chrome Frame code
 ## 1.4.3.3
 More consistent whitespace in hamlet files in scaffolding [#50](https://github.com/yesodweb/yesod-scaffold/issues/50)
 ## 1.4.3.2
 add-handler adds arguments too [#898](https://github.com/yesodweb/yesod/issues/898)
 ## 1.4.3
 Add the minimal scaffolding
 ## 1.4.2
 Scaffolding updates:
 * Import.NoFoundation
 * Explanation of static files in Settings.StaticFiles
 * Explanation of environment variables in settings.yml
 ## 1.4.1.2
 No args passed in keter.yml
 ## 1.4.1
 Significant update to the scaffolding.
 ## 1.4.0.9
 Allow devel.hs to be located in app/ or src/ subdirectories.
 ## 1.4.0.8
 Updated postgres-fay scaffolding for yesod-fay 0.7.0
 ## 1.4.0.7
 Fix a bug in `yesod devel` when cabal config has `tests: True` #864
--- a/yesod-bin/Devel.hs
+++ b/yesod-bin/Devel.hs
@ -1,447 +1,533 @@
 {-# LANGUAGE ScopedTypeVariables #-}
 {-# LANGUAGE CPP                 #-}
 {-# LANGUAGE OverloadedStrings   #-}
-{-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE TemplateHaskell     #-}
 module Devel
    ( devel
    , develSignal
    , DevelOpts(..)
    , defaultDevelOpts
    ) where
-
+import           Control.Applicative                   ((<|>))
-import qualified Distribution.Compiler                 as D
+import           UnliftIO                              (race_)
-import qualified Distribution.ModuleName               as D
+import           Control.Concurrent                    (threadDelay)
-import qualified Distribution.PackageDescription       as D
+import           Control.Concurrent.STM
-import qualified Distribution.PackageDescription.Parse as D
+import qualified UnliftIO.Exception                    as Ex
 import qualified Distribution.Simple.Configure         as D
 import qualified Distribution.Simple.Program           as D
 import qualified Distribution.Simple.Utils             as D
 import qualified Distribution.Verbosity                as D
 import           Control.Applicative                   ((<$>), (<*>))
 import           Control.Concurrent                    (forkIO, threadDelay)
 import           Control.Concurrent.MVar               (MVar, newEmptyMVar,
                                                        takeMVar, tryPutMVar)
 import qualified Control.Exception                     as Ex
 import           Control.Monad                         (forever, unless, void,
                                                        when)
-import           Control.Monad.IO.Class                (liftIO)
+import Data.ByteString (ByteString, isInfixOf)
-import           Control.Monad.Trans.State             (evalStateT, get)
+import qualified Data.ByteString.Lazy                  as LB
-import qualified Data.IORef                            as I
+import           Conduit
-
+import           Data.FileEmbed                        (embedFile)
 import           Data.Char                             (isNumber, isUpper)
 import qualified Data.List                             as L
 import qualified Data.Map                              as Map
-import           Data.Maybe                            (fromMaybe)
+import           Data.Maybe                            (isJust)
 import qualified Data.Set                              as Set
-
+import           Data.Streaming.Network                (bindPortTCP,
-import           System.Directory
+                                                        bindRandomPortTCP)
-import           System.Environment                    (getEnvironment)
+import           Data.String                           (fromString)
-import           System.Exit                           (ExitCode (..),
+import           Data.Time                             (getCurrentTime)
-                                                        exitFailure,
+import qualified Distribution.Package                  as D
-                                                        exitSuccess)
+import qualified Distribution.PackageDescription       as D
-import           System.FilePath                       (dropExtension,
+#if MIN_VERSION_Cabal(3,8,0)
-                                                        splitDirectories,
+import qualified Distribution.Simple.PackageDescription as D
                                                        takeExtension, (</>))
 import           System.FSNotify
 import           System.IO                             (Handle)
 import           System.IO.Error                       (isDoesNotExistError)
 import           System.Posix.Types                    (EpochTime)
 import           System.PosixCompat.Files              (getFileStatus,
                                                        modificationTime)
 import           System.Process                        (ProcessHandle,
                                                        createProcess, env,
                                                        getProcessExitCode,
                                                        proc, readProcess,
                                                        system,
                                                        terminateProcess)
 import           System.Timeout                        (timeout)
 import           Build                                 (getDeps, isNewerThan,
                                                        recompDeps)
 import           GhcBuild                              (buildPackage,
                                                        getBuildFlags, getPackageArgs)
 import qualified Config                                as GHC
 import           Data.Conduit.Network                  (HostPreference (HostIPv4),
                                                        bindPort)
 import           Network                               (withSocketsDo)
 import           Network.HTTP.Conduit                  (def, newManager)
 import           Network.HTTP.ReverseProxy             (ProxyDest (ProxyDest),
                                                        waiProxyToSettings, wpsTimeout, wpsOnExc)
 #if MIN_VERSION_http_reverse_proxy(0, 2, 0)
 import qualified Network.HTTP.ReverseProxy             as ReverseProxy
 #endif
-import           Network.HTTP.Types                    (status200)
+#if MIN_VERSION_Cabal(2, 2, 0)
-import           Network.Socket                        (sClose)
+import qualified Distribution.PackageDescription.Parsec as D
-import           Network.Wai                           (responseLBS)
+#else
-import           Network.Wai.Handler.Warp              (run)
+import qualified Distribution.PackageDescription.Parse as D
-import           SrcLoc                                (Located)
+#endif
 import qualified Distribution.Simple.Utils             as D
 import qualified Distribution.Verbosity                as D
 import           Network.HTTP.Client                   (newManager)
 import           Network.HTTP.Client                   (managerSetProxy,
                                                        noProxy)
 import           Network.HTTP.Client.TLS               (tlsManagerSettings)
 import           Network.HTTP.ReverseProxy             (ProxyDest (ProxyDest),
                                                        waiProxyToSettings,
                                                        wpsOnExc, wpsTimeout,
 #if MIN_VERSION_http_reverse_proxy(0, 6, 0)
                                                        defaultWaiProxySettings
 #else
                                                        def
 #endif
                                                        )
 import qualified Network.HTTP.ReverseProxy             as ReverseProxy
 import           Network.HTTP.Types                    (status200, status503)
 import qualified Network.Socket
 import           Network.Wai                           (requestHeaderHost,
                                                        requestHeaders,
                                                        responseLBS)
 import           Network.Wai.Handler.Warp              (defaultSettings, runSettings,
                                                        setPort, setHost)
 import           Network.Wai.Handler.WarpTLS           (runTLS, tlsSettings,
                                                        tlsSettingsMemory)
 import           Network.Wai.Parse                     (parseHttpAccept)
 import           Say
 import           System.Directory
 import           System.Environment                    (getEnvironment,
                                                        getExecutablePath)
 import           System.FilePath                       (takeDirectory,
                                                        takeFileName, (</>))
 import           System.FSNotify
 import           System.IO                             (stdout, stderr)
 import           System.IO.Error                       (isDoesNotExistError)
 import           Data.Conduit.Process.Typed
-lockFile :: DevelOpts -> FilePath
+-- We have two special files:
-lockFile _opts =  "yesod-devel/devel-terminate"
+--
 -- * The terminate file tells the child process to die simply by being
 -- present. Ideally we'd handle this via killing the process
 -- directly, but that's historically never worked reliably.
 --
 -- * The signal file, which tells us that "stack build" has succeeded
 -- yet again.
 data SpecialFile = TermFile | SignalFile
-writeLock :: DevelOpts -> IO ()
+specialFilePath :: SpecialFile -> FilePath
 writeLock opts = do
    createDirectoryIfMissing True "yesod-devel"
    writeFile (lockFile opts) ""
    createDirectoryIfMissing True "dist" -- for compatibility with old devel.hs
    writeFile "dist/devel-terminate" ""
-removeLock :: DevelOpts -> IO ()
+-- used by scaffolded app, cannot change
-removeLock opts = do
+specialFilePath TermFile = "yesod-devel/devel-terminate"
    removeFileIfExists (lockFile opts)
    removeFileIfExists "dist/devel-terminate"  -- for compatibility with old devel.hs
 -- only used internally, can change
 specialFilePath SignalFile = "yesod-devel/rebuild"
 -- | Write a special file
 writeSpecialFile :: SpecialFile -> IO ()
 writeSpecialFile sp = do
    let fp = specialFilePath sp
    createDirectoryIfMissing True $ takeDirectory fp
    now <- getCurrentTime
    writeFile fp $ show now
 -- | Remove a special file
 removeSpecialFile :: SpecialFile -> IO ()
 removeSpecialFile sp = removeFile (specialFilePath sp) `Ex.catch` \e ->
  if isDoesNotExistError e
    then return ()
    else Ex.throwIO e
 -- | Get an absolute path to the special file
 canonicalizeSpecialFile :: SpecialFile -> IO FilePath
 canonicalizeSpecialFile sp = do
    let fp = specialFilePath sp
        dir = takeDirectory fp
        file = takeFileName fp
    createDirectoryIfMissing True dir
    dir' <- canonicalizePath dir
    return $ dir' </> file
 -- | Used as a callback from "stack build --exec" to write the signal file
 develSignal :: IO ()
 develSignal = writeSpecialFile SignalFile
 -- | Options to be provided on the command line
 data DevelOpts = DevelOpts
-      { isCabalDev   :: Bool
+      { verbose         :: Bool
-      , forceCabal   :: Bool
+      , successHook     :: Maybe String
-      , verbose      :: Bool
+      , develPort       :: Int
-      , eventTimeout :: Int -- negative value for no timeout
+      , develTlsPort    :: Int
-      , successHook  :: Maybe String
+      , proxyTimeout    :: Int
      , failHook     :: Maybe String
      , buildDir     :: Maybe String
      , develPort    :: Int
      , proxyTimeout :: Int
      , useReverseProxy :: Bool
      , develHost       :: Maybe String
      , cert            :: Maybe (FilePath, FilePath)
      } deriving (Show, Eq)
-getBuildDir :: DevelOpts -> String
+-- | Run a reverse proxy from the develPort and develTlsPort ports to
-getBuildDir opts = fromMaybe "dist" (buildDir opts)
+-- the app running in appPortVar. If there is no response on the
 -- application port, give an appropriate message to the user.
 reverseProxy :: DevelOpts -> TVar Int -> IO ()
 reverseProxy opts appPortVar = do
    manager <- newManager $ managerSetProxy noProxy tlsManagerSettings
    let refreshHtml = LB.fromChunks [$(embedFile "refreshing.html")]
        sayV = when (verbose opts) . sayString
    let onExc _ req
            | maybe False (("application/json" `elem`) . parseHttpAccept)
                (lookup "accept" $ requestHeaders req) =
                    return $ responseLBS status503
                        [ ("Retry-After", "1")
                        ]
                        "{\"message\":\"Recompiling\"}"
            | otherwise = return $ responseLBS status200
                [ ("content-type", "text/html")
                , ("Refresh", "1")
                ]
                refreshHtml
-defaultDevelOpts :: DevelOpts
+    let proxyApp = waiProxyToSettings
 defaultDevelOpts = DevelOpts False False False (-1) Nothing Nothing Nothing 3000 10 True
 cabalProgram :: DevelOpts -> FilePath
 cabalProgram opts | isCabalDev opts = "cabal-dev"
                  | otherwise       = "cabal"
 -- | Run a reverse proxy from port 3000 to 3001. If there is no response on
 -- 3001, give an appropriate message to the user.
 reverseProxy :: DevelOpts -> I.IORef Int -> IO ()
 reverseProxy opts iappPort = do
    manager <- newManager def
    let loop = forever $ do
            run (develPort opts) $ waiProxyToSettings
                (const $ do
-                    appPort <- liftIO $ I.readIORef iappPort
+                    appPort <- atomically $ readTVar appPortVar
                    sayV $ "revProxy: appPort " ++ (show appPort)
                    return $
 #if MIN_VERSION_http_reverse_proxy(0, 2, 0)
                        ReverseProxy.WPRProxyDest
 #else
                        Right
 #endif
                        $ ProxyDest "127.0.0.1" appPort)
 #if MIN_VERSION_http_reverse_proxy(0, 6, 0)
                defaultWaiProxySettings
 #else
                def
-                    { wpsOnExc = onExc
+#endif
                    { wpsOnExc = \e req f -> onExc e req >>= f
                    , wpsTimeout =
                        if proxyTimeout opts == 0
                            then Nothing
                            else Just (1000000 * proxyTimeout opts)
                    }
                manager
-            putStrLn "Reverse proxy stopped, but it shouldn't"
+        defaultSettings' = maybe id (setHost . fromString) (develHost opts) defaultSettings
-            threadDelay 1000000
+        runProxyTls port app = do
-            putStrLn "Restarting reverse proxy"
+          let certDef = $(embedFile "certificate.pem")
-    loop `Ex.onException` exitFailure
+              keyDef = $(embedFile "key.pem")
-  where
+              theSettings = case cert opts of
-    onExc _ _ = return $ responseLBS
+                Nothing -> tlsSettingsMemory certDef keyDef
-        status200
+                Just (c,k) -> tlsSettings c k
-        [ ("content-type", "text/html")
+          runTLS theSettings (setPort port defaultSettings') $ \req send -> do
-        , ("Refresh", "1")
+            let req' = req
-        ]
+                    { requestHeaders
-        "<h1>App not ready, please refresh</h1>"
+                        = ("X-Forwarded-Proto", "https")
                        -- Workaround for
                        -- https://github.com/yesodweb/wai/issues/478, where
                        -- the Host headers aren't set. Without this, generated
                        -- URLs from guestApproot are incorrect, see:
                        -- https://github.com/yesodweb/yesod-scaffold/issues/114
                        : (case lookup "host" (requestHeaders req) of
                            Nothing ->
                                case requestHeaderHost req of
                                    Just host -> (("Host", host):)
                                    Nothing -> id
                            Just _ -> id)
                          (requestHeaders req)
                    }
            app req' send
        httpProxy = runSettings (setPort (develPort opts) defaultSettings') proxyApp
        httpsProxy = runProxyTls (develTlsPort opts) proxyApp
    say "Application can be accessed at:\n"
    sayString $ "http://localhost:" ++ show (develPort opts)
    sayString $ "https://localhost:" ++ show (develTlsPort opts)
    say $ "If you wish to test https capabilities, you should set the following variable:"
    sayString $ "  export APPROOT=https://localhost:" ++ show (develTlsPort opts)
    say ""
    race_ httpProxy httpsProxy
 -- | Check if the given port is available.
 checkPort :: Int -> IO Bool
 checkPort p = do
-    es <- Ex.try $ bindPort p HostIPv4
+    es <- Ex.tryIO $ bindPortTCP p "*4"
    case es of
-        Left (_ :: Ex.IOException) -> return False
+        Left _ -> return False
        Right s -> do
-            sClose s
+            Network.Socket.close s
            return True
-getPort :: DevelOpts -> Int -> IO Int
+-- | Get a random, unused port.
-getPort opts _ | not (useReverseProxy opts) = return $ develPort opts
+getNewPort :: DevelOpts -> IO Int
-getPort _ p0 =
+getNewPort opts = do
-    loop p0
+    (port, socket) <- bindRandomPortTCP "*"
    when (verbose opts) $ sayString $ "Got new port: " ++ show port
    Network.Socket.close socket
    return port
 -- | Utility function
 unlessM :: Monad m => m Bool -> m () -> m ()
 unlessM c a = c >>= \res -> unless res a
 -- | Find the file containing the devel code to be run.
 checkDevelFile :: IO FilePath
 checkDevelFile =
    loop paths
  where
-    loop p = do
+    paths = ["app/devel.hs", "devel.hs", "src/devel.hs"]
        avail <- checkPort p
        if avail then return p else loop (succ p)
-devel :: DevelOpts -> [String] -> IO ()
+    loop [] = error $ "file devel.hs not found, checked: " ++ show paths
-devel opts passThroughArgs = withSocketsDo $ withManager $ \manager -> do
+    loop (x:xs) = do
-    avail <- checkPort $ develPort opts
+        e <- doesFileExist x
-    unless avail $ error "devel port unavailable"
+        if e
-    iappPort <- getPort opts 17834 >>= I.newIORef
+            then return x
-    when (useReverseProxy opts) $ void $ forkIO $ reverseProxy opts iappPort
+            else loop xs
    checkDevelFile
    writeLock opts
-    putStrLn "Yesod devel server. Press ENTER to quit"
+stackSuccessString :: ByteString
-    _ <- forkIO $ do
+stackSuccessString = "ExitSuccess"
-      filesModified <- newEmptyMVar
+
-      watchTree manager "." (const True) (\_ -> void (tryPutMVar filesModified ()))
+stackFailureString :: ByteString
-      evalStateT (mainOuterLoop iappPort filesModified) Map.empty
+stackFailureString = "ExitFailure"
-    _ <- getLine
+
-    writeLock opts
+-- We need updateAppPort logic to prevent a race condition.
-    exitSuccess
+-- See https://github.com/yesodweb/yesod/issues/1380
 updateAppPort :: ByteString -> TVar Bool -- ^ Bool to indicate if the
                                         -- output from stack has
                                         -- started. False indicate
                                         -- that it hasn't started
                                         -- yet.
              -> TVar Int -> STM ()
 updateAppPort bs buildStarted appPortVar = do
  hasStarted <- readTVar buildStarted
  let buildEnd = isInfixOf stackFailureString bs || isInfixOf stackSuccessString bs
  case (hasStarted, buildEnd) of
    (False, False) -> do
      writeTVar appPortVar (-1 :: Int)
      writeTVar buildStarted True
    (True, False) -> return ()
    (_, True) -> writeTVar buildStarted False
 -- | Get the set of all flags available in the given cabal file
 getAvailableFlags :: D.GenericPackageDescription -> Set.Set String
 getAvailableFlags =
    Set.fromList . map (unFlagName . D.flagName) . D.genPackageFlags
  where
-    bd = getBuildDir opts
+#if MIN_VERSION_Cabal(2, 0, 0)
    unFlagName = D.unFlagName
 #else
    unFlagName (D.FlagName fn) = fn
 #endif
-    -- outer loop re-reads the cabal file
+-- | This is the main entry point. Run the devel server.
-    mainOuterLoop iappPort filesModified = do
+devel :: DevelOpts -- ^ command line options
-      ghcVer <- liftIO ghcVersion
+      -> [String] -- ^ extra options to pass to Stack
-      cabal  <- liftIO $ D.findPackageDesc "."
+      -> IO ()
-      gpd    <- liftIO $ D.readPackageDescription D.normal cabal
+devel opts passThroughArgs = do
-      ldar   <- liftIO lookupLdAr
+    -- Check that the listening ports are available
-      (hsSourceDirs, _) <- liftIO $ checkCabalFile gpd
+    unlessM (checkPort $ develPort opts) $ error "devel port unavailable"
-      liftIO $ removeFileIfExists (bd </> "setup-config")
+    unlessM (checkPort $ develTlsPort opts) $ error "devel TLS port unavailable"
      c <- liftIO $ configure opts passThroughArgs
      if c then do
             -- these files contain the wrong data after the configure step,
             -- remove them to force a cabal build first
             liftIO $ mapM_ removeFileIfExists [ "yesod-devel/ghcargs.txt"
                                               , "yesod-devel/arargs.txt"
                                               , "yesod-devel/ldargs.txt"
                                               ]
             rebuild <- liftIO $ mkRebuild ghcVer cabal opts ldar
             mainInnerLoop iappPort hsSourceDirs filesModified cabal rebuild
           else do
             liftIO (threadDelay 5000000)
             mainOuterLoop iappPort filesModified
-    -- inner loop rebuilds after files change
+    -- Friendly message to the user
-    mainInnerLoop iappPort hsSourceDirs filesModified cabal rebuild = go
+    say "Yesod devel server. Enter 'quit' or hit Ctrl-C to quit."
       where
         go = do
           _ <- recompDeps hsSourceDirs
           list <- liftIO $ getFileList hsSourceDirs [cabal]
           success <- liftIO rebuild
           pkgArgs <- liftIO (ghcPackageArgs opts)
           let devArgs = pkgArgs ++ ["devel.hs"]
           let loop list0 = do
                   (haskellFileChanged, list1) <- liftIO $
                       watchForChanges filesModified hsSourceDirs [cabal] list0 (eventTimeout opts)
                   anyTouched <- recompDeps hsSourceDirs
                   unless (anyTouched || haskellFileChanged) $ loop list1
           if not success
             then liftIO $ do
                   putStrLn "Build failure, pausing..."
                   runBuildHook $ failHook opts
             else do
                   liftIO $ runBuildHook $ successHook opts
                   liftIO $ removeLock opts
                   liftIO $ putStrLn
                            $ if verbose opts then "Starting development server: runghc " ++ L.unwords devArgs
                                              else "Starting development server..."
                   env0 <- liftIO getEnvironment
-                   -- get a new port for the new process to listen on
+    -- Find out the name of our package, needed for the upcoming Stack
-                   appPort <- liftIO $ I.readIORef iappPort >>= getPort opts . (+ 1)
+    -- commands
-                   liftIO $ I.writeIORef iappPort appPort
+#if MIN_VERSION_Cabal(3, 0, 0)
    cabal  <- D.tryFindPackageDesc D.silent "."
 #elif MIN_VERSION_Cabal(1, 20, 0)
    cabal  <- D.tryFindPackageDesc "."
 #else
    cabal  <- D.findPackageDesc "."
 #endif
-                   (_,_,_,ph) <- liftIO $ createProcess (proc "runghc" devArgs)
+#if MIN_VERSION_Cabal(2, 0, 0)
-                        { env = Just $ ("PORT", show appPort) : ("DISPLAY_PORT", show $ develPort opts) : env0
+    gpd    <- D.readGenericPackageDescription D.normal cabal
-                        }
+#else
-                   derefMap <- get
+    gpd    <- D.readPackageDescription D.normal cabal
-                   watchTid <- liftIO . forkIO . try_ $ flip evalStateT derefMap $ do
+#endif
                      loop list
                      liftIO $ do
                         putStrLn "Stopping development server..."
                         writeLock opts
                         threadDelay 1000000
                         putStrLn "Terminating development server..."
                         terminateProcess ph
                   ec <- liftIO $ waitForProcess' ph
                   liftIO $ putStrLn $ "Exit code: " ++ show ec
                   liftIO $ Ex.throwTo watchTid (userError "process finished")
           loop list
           n <- liftIO $ cabal `isNewerThan` (bd </> "setup-config")
           if n then mainOuterLoop iappPort filesModified else go
-runBuildHook :: Maybe String -> IO ()
+    let pd = D.packageDescription gpd
-runBuildHook (Just s) = do
+        D.PackageIdentifier packageNameWrapped _version = D.package pd
-             ret <- system s
+#if MIN_VERSION_Cabal(2, 0, 0)
-             case ret of
+        packageName = D.unPackageName packageNameWrapped
-                  ExitFailure _ -> putStrLn ("Error executing hook: " ++ s)
+#else
-                  _             -> return ()
+        D.PackageName packageName = packageNameWrapped
-runBuildHook Nothing = return ()
+#endif
-{-
+    -- Which file contains the code to run
-   run `cabal configure' with our wrappers
+    develHsPath <- checkDevelFile
 -}
 configure :: DevelOpts -> [String] -> IO Bool
 configure opts extraArgs =
  checkExit =<< (createProcess $ proc (cabalProgram opts)
                                ([ "configure"
                                 , "-flibrary-only"
                                 , "-fdevel"
                                 , "--disable-library-profiling"
                                 , "--with-ld=yesod-ld-wrapper"
                                 , "--with-ghc=yesod-ghc-wrapper"
                                 , "--with-ar=yesod-ar-wrapper"
                                 , "--with-hc-pkg=ghc-pkg"
                                 ] ++ extraArgs)
               )
-removeFileIfExists :: FilePath -> IO ()
+    -- The port that we're currently listening on, and that the
-removeFileIfExists file = removeFile file `Ex.catch` handler
+    -- reverse proxy should point to
-    where
+    appPortVar <- newTVarIO (-1)
      handler :: IOError -> IO ()
      handler e | isDoesNotExistError e = return ()
                | otherwise             = Ex.throw e
-mkRebuild :: String -> FilePath -> DevelOpts -> (FilePath, FilePath) -> IO (IO Bool)
+    -- If we're actually using reverse proxying, spawn off a reverse
-mkRebuild ghcVer cabalFile opts (ldPath, arPath)
+    -- proxy thread
-  | GHC.cProjectVersion /= ghcVer =
+    let withRevProxy =
-       failWith "Yesod has been compiled with a different GHC version, please reinstall"
+          if useReverseProxy opts
-  | forceCabal opts               = return (rebuildCabal opts)
+            then race_ (reverseProxy opts appPortVar)
-  | otherwise                     = do
+            else id
      return $ do
        ns <- mapM (cabalFile `isNewerThan`)
           [ "yesod-devel/ghcargs.txt", "yesod-devel/arargs.txt", "yesod-devel/ldargs.txt" ]
        if or ns
          then rebuildCabal opts
          else do
            bf <- getBuildFlags
            rebuildGhc bf ldPath arPath
    -- Run the following concurrently. If any of them exit, take the
    -- whole thing down.
    --
    -- We need to put withChangedVar outside of all this, since we
    -- need to ensure we start watching files before the stack build
    -- loop starts.
    withChangedVar $ \changedVar -> withRevProxy $ race_
        -- Start the build loop
        (runStackBuild appPortVar packageName (getAvailableFlags gpd))
-rebuildGhc :: [Located String] -> FilePath -> FilePath -> IO Bool
+        -- Run the app itself, restarting when a build succeeds
-rebuildGhc bf ld ar = do
+        (runApp appPortVar changedVar develHsPath)
  putStrLn "Rebuilding application... (using GHC API)"
  buildPackage bf ld ar
 rebuildCabal :: DevelOpts -> IO Bool
 rebuildCabal opts = do
  putStrLn $ "Rebuilding application... (using " ++ cabalProgram opts ++ ")"
  checkExit =<< createProcess (proc (cabalProgram opts) args)
    where
      args | verbose opts = [ "build" ]
           | otherwise    = [ "build", "-v0" ]
 try_ :: forall a. IO a -> IO ()
 try_ x = (Ex.try x :: IO (Either Ex.SomeException a)) >> return ()
 type FileList = Map.Map FilePath EpochTime
 getFileList :: [FilePath] -> [FilePath] -> IO FileList
 getFileList hsSourceDirs extraFiles = do
    (files, deps) <- getDeps hsSourceDirs
    let files' = extraFiles ++ files ++ map fst (Map.toList deps)
    fmap Map.fromList $ flip mapM files' $ \f -> do
        efs <- Ex.try $ getFileStatus f
        return $ case efs of
            Left (_ :: Ex.SomeException) -> (f, 0)
            Right fs -> (f, modificationTime fs)
 -- | Returns @True@ if a .hs file changed.
 watchForChanges :: MVar () -> [FilePath] -> [FilePath] -> FileList -> Int -> IO (Bool, FileList)
 watchForChanges filesModified hsSourceDirs extraFiles list t = do
    newList <- getFileList hsSourceDirs extraFiles
    if list /= newList
      then do
        let haskellFileChanged = not $ Map.null $ Map.filterWithKey isHaskell $
                Map.differenceWith compareTimes newList list `Map.union`
                Map.differenceWith compareTimes list newList
        return (haskellFileChanged, newList)
      else timeout (1000000*t) (takeMVar filesModified) >>
           watchForChanges filesModified hsSourceDirs extraFiles list t
  where
-    compareTimes x y
+    -- say, but only when verbose is on
-        | x == y = Nothing
+    sayV = when (verbose opts) . sayString
        | otherwise = Just x
-    isHaskell filename _ = takeExtension filename `elem` [".hs", ".lhs", ".hsc", ".cabal"]
+    -- Leverage "stack build --file-watch" to do the build
    runStackBuild :: TVar Int -> [Char] -> Set.Set [Char] -> IO ()
    runStackBuild appPortVar packageName availableFlags = do
        -- We call into this app for the devel-signal command
        myPath <- getExecutablePath
        let procConfig = setStdout createSource
                       $ setStderr createSource
                       $ setCreateGroup True -- because need when yesod-bin killed and kill child ghc
                       $ proc "stack" $
                [ "build"
                , "--fast"
                , "--file-watch"
-checkDevelFile :: IO ()
+                -- Indicate the component we want
-checkDevelFile = do
+                , packageName ++ ":lib"
  e <- doesFileExist "devel.hs"
  unless e $ failWith "file devel.hs not found"
-checkCabalFile :: D.GenericPackageDescription -> IO ([FilePath], D.Library)
+                -- signal the watcher that a build has succeeded
-checkCabalFile gpd = case D.condLibrary gpd of
+                , "--exec", myPath ++ " devel-signal"
-    Nothing -> failWith "incorrect cabal file, no library"
+                ] ++
    Just ct ->
      case lookupDevelLib gpd ct of
        Nothing   ->
          failWith "no development flag found in your configuration file. Expected a 'library-only' flag or the older 'devel' flag"
        Just dLib -> do
           let hsSourceDirs = D.hsSourceDirs . D.libBuildInfo $ dLib
           fl <- getFileList hsSourceDirs []
           let unlisted = checkFileList fl dLib
           unless (null unlisted) $ do
                putStrLn "WARNING: the following source files are not listed in exposed-modules or other-modules:"
                mapM_ putStrLn unlisted
           when (D.fromString "Application" `notElem` D.exposedModules dLib) $
                putStrLn "WARNING: no exposed module Application"
           return (hsSourceDirs, dLib)
-failWith :: String -> IO a
+                -- Turn on relevant flags
-failWith msg = do
+                concatMap
-    putStrLn $ "ERROR: " ++ msg
+                    (\flagName -> [ "--flag", packageName ++ ":" ++ flagName])
-    exitFailure
+                    (Set.toList $ Set.intersection
                        availableFlags
                        (Set.fromList ["dev", "library-only"])) ++
-checkFileList :: FileList -> D.Library -> [FilePath]
+                -- Add the success hook
-checkFileList fl lib = filter isUnlisted . filter isSrcFile $ sourceFiles
+                (case successHook opts of
-  where
+                    Nothing -> []
-    al = allModules lib
+                    Just h -> ["--exec", h]) ++
    -- a file is only a possible 'module file' if all path pieces start with a capital letter
    sourceFiles = filter isSrcFile . map fst . Map.toList $ fl
    isSrcFile file = let dirs = filter (/=".") $ splitDirectories file
                     in  all (isUpper . head) dirs && (takeExtension file `elem` [".hs", ".lhs"])
    isUnlisted file = not (toModuleName file `Set.member` al)
    toModuleName = L.intercalate "." . filter (/=".") . splitDirectories . dropExtension
-allModules :: D.Library -> Set.Set String
+                -- Any extra args passed on the command line
-allModules lib = Set.fromList $ map toString $ D.exposedModules lib ++ (D.otherModules . D.libBuildInfo) lib
+                passThroughArgs
    where
      toString = L.intercalate "." . D.components
-ghcVersion :: IO String
+        sayV $ show procConfig
-ghcVersion = fmap getNumber $ readProcess "runghc" ["--numeric-version", "0"] []
+        buildStarted <- newTVarIO False
-    where
+        -- Monitor the stdout and stderr content from the build process. Any
-      getNumber = filter (\x -> isNumber x || x == '.')
+        -- time some output comes, we invalidate the currently running app by
        -- changing the destination port for reverse proxying to -1. We also
        -- make sure that all content to stdout or stderr from the build
        -- process is piped to the actual stdout and stderr handles.
        withProcess_ procConfig $ \p -> do
            let helper getter h =
                      runConduit
                    $ getter p
                   .| iterMC (\(str :: ByteString) -> atomically (updateAppPort str buildStarted appPortVar))
                   .| sinkHandle h
            race_ (helper getStdout stdout) (helper getStderr stderr)
-ghcPackageArgs :: DevelOpts -> IO [String]
+    -- Run the inner action with a TVar which will be set to True
-ghcPackageArgs opts = getBuildFlags >>= getPackageArgs (buildDir opts)
+    -- whenever the signal file is modified.
    withChangedVar :: (TVar Bool -> IO a) -> IO a
    withChangedVar inner = withManager $ \manager -> do
        -- Variable indicating that the signal file has been changed. We
        -- reset it each time we handle the signal.
        changedVar <- newTVarIO False
-lookupDevelLib :: D.GenericPackageDescription -> D.CondTree D.ConfVar c a -> Maybe a
+        -- Get the absolute path of the signal file, needed for the
-lookupDevelLib gpd ct | found     = Just (D.condTreeData ct)
+        -- file watching
-                      | otherwise = Nothing
+        develSignalFile' <- canonicalizeSpecialFile SignalFile
  where
    flags = map (unFlagName . D.flagName) $ D.genPackageFlags gpd
    unFlagName (D.FlagName x) = x
    found = any (`elem` ["library-only", "devel"]) flags
-- location of `ld' and `ar' programs
+        -- Start watching the signal file, and set changedVar to
-lookupLdAr :: IO (FilePath, FilePath)
+        -- True each time it's changed.
-lookupLdAr = do
+        void $ watchDir manager
-  mla <- lookupLdAr'
+                -- Using fromString to work with older versions of fsnotify
-  case mla of
+                -- that use system-filepath
-    Nothing -> failWith "Cannot determine location of `ar' or `ld' program"
+                (fromString (takeDirectory develSignalFile'))
-    Just la -> return la
+                (\e -> eventPath e == fromString develSignalFile')
                (const $ atomically $ writeTVar changedVar True)
-lookupLdAr' :: IO (Maybe (FilePath, FilePath))
+        -- Run the inner action
-lookupLdAr' = do
+        inner changedVar
  (_, pgmc) <- D.configCompiler (Just D.GHC) Nothing Nothing D.defaultProgramConfiguration D.silent
  pgmc' <- D.configureAllKnownPrograms D.silent pgmc
  return $ (,) <$> look D.ldProgram pgmc' <*> look D.arProgram pgmc'
     where
       look pgm pdb = fmap D.programPath (D.lookupProgram pgm pdb)
-- | nonblocking version of @waitForProcess@
+    -- Each time the library builds successfully, run the application
-waitForProcess' :: ProcessHandle -> IO ExitCode
+    runApp :: TVar Int -> TVar Bool -> String -> IO b
-waitForProcess' pid = go
+    runApp appPortVar changedVar develHsPath = do
-  where
+        -- Wait for the first change, indicating that the library
-    go = do
+        -- has been built
-      mec <- getProcessExitCode pid
+        atomically $ do
-      case mec of
+            changed <- readTVar changedVar
-        Just ec -> return ec
+            check changed
-        Nothing -> threadDelay 100000 >> go
+            writeTVar changedVar False
-- | wait for process started by @createProcess@, return True for ExitSuccess
+        sayV "First successful build complete, running app"
 checkExit :: (Maybe Handle, Maybe Handle, Maybe Handle, ProcessHandle) -> IO Bool
 checkExit (_,_,_,h) = (==ExitSuccess) <$> waitForProcess' h
        -- We're going to set the PORT and DISPLAY_PORT variables for
        -- the child below. Also need to know if the env program
        -- exists.
        env <- fmap Map.fromList getEnvironment
        hasEnv <- fmap isJust $ findExecutable "env"
        -- Keep looping forever, print any synchronous exceptions,
        -- and eventually die from an async exception from one of
        -- the other threads (via race_ above).
        forever $ Ex.handleAny (\e -> sayErrString $ "Exception in runApp: " ++ show e) $ do
            -- Get the port the child should listen on, and tell
            -- the reverse proxy about it
            newPort <-
                if useReverseProxy opts
                    then getNewPort opts
                    -- no reverse proxy, so use the develPort directly
                    else return (develPort opts)
            atomically $ writeTVar appPortVar newPort
            -- Modified environment
            let env' = Map.toList
                        $ Map.insert "PORT" (show newPort)
                        $ Map.insert "DISPLAY_PORT" (show $ develPort opts)
                        env
            -- Remove the terminate file so we don't immediately exit
            removeSpecialFile TermFile
            -- Launch the main function in the Main module defined
            -- in the file develHsPath. We use ghc instead of
            -- runghc to avoid the extra (confusing) resident
            -- runghc process. Starting with GHC 8.0.2, that will
            -- not be necessary.
            {- Hmm, unknown errors trying to get this to work. Just doing the
             - runghc thing instead.
            let procDef = setStdin closed $ setEnv env' $ proc "stack"
                    [ "ghc"
                    , "--"
                    , develHsPath
                    , "-e"
                    , "Main.main"
                    ]
            -}
            -- Nix support in Stack doesn't pass along env vars by
            -- default, so we use the env command. But if the command
            -- isn't available, just set the env var. I'm sure this
            -- will break _some_ combination of systems, but we'll
            -- deal with that later. Previous issues:
            --
            -- https://github.com/yesodweb/yesod/issues/1357
            -- https://github.com/yesodweb/yesod/issues/1359
            let procDef
                  | hasEnv = setStdin closed $ proc "stack"
                    [ "exec"
                    , "--"
                    , "env"
                    , "PORT=" ++ show newPort
                    , "DISPLAY_PORT=" ++ show (develPort opts)
                    , "runghc"
                    , develHsPath
                    ]
                  | otherwise = setStdin closed $ setEnv env' $ proc "stack"
                    [ "runghc"
                    , "--"
                    , develHsPath
                    ]
            sayV $ "Running child process: " ++ show procDef
            -- Start running the child process with GHC
            withProcess procDef $ \p -> do
                -- Wait for either the process to exit, or for a new build to come through
                eres <- atomically (fmap Left (waitExitCodeSTM p) <|> fmap Right
                    (do changed <- readTVar changedVar
                        check changed
                        writeTVar changedVar False))
                            -- on an async exception, make sure the child dies
                            `Ex.onException` writeSpecialFile TermFile
                case eres of
                    -- Child exited, which indicates some
                    -- error. Let the user know, sleep for a bit
                    -- to avoid busy-looping, and then we'll try
                    -- again.
                    Left ec -> do
                        sayErrString $ "Unexpected: child process exited with " ++ show ec
                        threadDelay 1000000
                        sayErrString "Trying again"
                    -- New build succeeded
                    Right () -> do
                        -- Kill the child process, both with the
                        -- TermFile, and by signaling the process
                        -- directly.
                        writeSpecialFile TermFile
                        stopProcess p
                        -- Wait until the child properly exits, then we'll try again
                        ec <- waitExitCode p
                        sayV $ "Expected: child process exited with " ++ show ec
--- a/yesod-bin/GhcBuild.hs
+++ b/yesod-bin/GhcBuild.hs
@ -1,480 +0,0 @@
 {-# OPTIONS_GHC -fno-warn-unused-do-bind #-}
 {-# OPTIONS_GHC -fno-warn-unused-binds #-}
 {-# OPTIONS_GHC -fno-warn-unused-imports #-}
 {-# OPTIONS_GHC -fno-warn-unused-matches #-}
 {-
  There is a lot of code copied from GHC here, and some conditional
  compilation. Instead of fixing all warnings and making it much more
  difficult to compare the code to the original, just ignore unused
  binds and imports.
 -}
 {-# LANGUAGE CPP                 #-}
 {-# LANGUAGE PatternGuards       #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 {-
  build package with the GHC API
 -}
 module GhcBuild (getBuildFlags, buildPackage, getPackageArgs) where
 import qualified Control.Exception as Ex
 import           Control.Monad      (when)
 import           Data.IORef
 import           System.Process     (rawSystem)
 import           System.Environment (getEnvironment)
 import           CmdLineParser
 import           Data.Char          (toLower)
 import           Data.List          (isPrefixOf, isSuffixOf, partition)
 import           Data.Maybe         (fromMaybe)
 import           DriverPhases       (Phase (..), anyHsc, isHaskellSrcFilename,
                                     isSourceFilename, startPhase)
 import           DriverPipeline     (compileFile, link, linkBinary, oneShot)
 import           DynFlags           (DynFlags, compilerInfo)
 import qualified DynFlags
 import qualified DynFlags           as DF
 import qualified GHC
 import           GHC.Paths          (libdir)
 import           HscTypes           (HscEnv (..), emptyHomePackageTable)
 import qualified Module
 import           MonadUtils         (liftIO)
 import           Panic              (ghcError, panic)
 import           SrcLoc             (Located, mkGeneralLocated)
 import qualified StaticFlags
 import           StaticFlags        (v_Ld_inputs)
 import           System.FilePath    (normalise, (</>))
 import           Util               (consIORef, looksLikeModuleName)
 {-
  This contains a huge hack:
  GHC only accepts setting static flags once per process, however it has no way to
  get the remaining options from the command line, without setting the static flags.
  This code overwrites the IORef to disable the check. This will likely cause
  problems if the flags are modified, but fortunately that's relatively uncommon.
 -}
 getBuildFlags :: IO [Located String]
 getBuildFlags = do
  argv0 <- fmap read $ readFile "yesod-devel/ghcargs.txt" -- generated by yesod-ghc-wrapper
  argv0' <- prependHsenvArgv argv0
  let (minusB_args, argv1) = partition ("-B" `isPrefixOf`) argv0'
      mbMinusB | null minusB_args = Nothing
               | otherwise = Just (drop 2 (last minusB_args))
  let argv1' = map (mkGeneralLocated "on the commandline") argv1
  writeIORef StaticFlags.v_opt_C_ready False -- the huge hack
  (argv2, staticFlagWarnings) <- GHC.parseStaticFlags argv1'
  return argv2
 prependHsenvArgv :: [String] -> IO [String]
 prependHsenvArgv argv = do
  env <- getEnvironment
  return $ case (lookup "HSENV" env) of
             Nothing -> argv
             _       -> hsenvArgv ++ argv
                 where hsenvArgv = words $ fromMaybe "" (lookup "PACKAGE_DB_FOR_GHC" env)
 -- construct a command line for loading the right packages
 getPackageArgs :: Maybe String -> [Located String] -> IO [String]
 getPackageArgs buildDir argv2 = do
  (mode, argv3, modeFlagWarnings) <- parseModeFlags argv2
  GHC.runGhc (Just libdir) $ do
    dflags0 <- GHC.getSessionDynFlags
    (dflags1, _, _) <- GHC.parseDynamicFlags dflags0 argv3
    let pkgFlags = map convertPkgFlag (GHC.packageFlags dflags1)
        hideAll | gopt DF.Opt_HideAllPackages dflags1 = [ "-hide-all-packages"]
                | otherwise                           = []
        ownPkg = "-package-id" ++ Module.packageIdString (DF.thisPackage dflags1) ++ "-inplace"
    return (extra dflags1 ++ hideAll ++ pkgFlags ++ [ownPkg])
  where
    convertPkgFlag (DF.ExposePackage p)   = "-package" ++ p
    convertPkgFlag (DF.ExposePackageId p) = "-package-id" ++ p
    convertPkgFlag (DF.HidePackage p)     = "-hide-package" ++ p
    convertPkgFlag (DF.IgnorePackage p)   = "-ignore-package" ++ p
    convertPkgFlag (DF.TrustPackage p)    = "-trust" ++ p
    convertPkgFlag (DF.DistrustPackage p) ="-distrust" ++ p
 #if __GLASGOW_HASKELL__ >= 705
    extra df = inplaceConf ++ extra'
      where
         extra' = concatMap convertExtra (extraConfs df)
         -- old cabal-install sometimes misses the .inplace db, fix it here
         inplaceConf
           | any (".inplace" `isSuffixOf`) extra' = []
           | otherwise = ["-package-db" ++ fromMaybe "dist" buildDir
                           ++ "/package.conf.inplace"]
    extraConfs df = GHC.extraPkgConfs df []
    convertExtra DF.GlobalPkgConf      = [ ]
    convertExtra DF.UserPkgConf        = [ ]
    convertExtra (DF.PkgConfFile file) = [ "-package-db" ++ file ]
 #else
    extra df  = inplaceConf ++ extra'
      where
        extra' = map ("-package-conf"++) (GHC.extraPkgConfs df)
         -- old cabal-install sometimes misses the .inplace db, fix it here
        inplaceConf
          | any (".inplace" `isSuffixOf`) extra' = []
          | otherwise = ["-package-conf" ++ fromMaybe "dist" buildDir
                           ++ "/package.conf.inplace"]
 #endif
 #if __GLASGOW_HASKELL__ >= 707
    gopt = DF.gopt
 #else
    gopt = DF.dopt
 #endif
 buildPackage :: [Located String] -> FilePath -> FilePath -> IO Bool
 buildPackage a ld ar = buildPackage' a ld ar `Ex.catch` \e -> do
  putStrLn ("exception building package: " ++ show (e :: Ex.SomeException))
  return False
 buildPackage' :: [Located String] -> FilePath -> FilePath -> IO Bool
 buildPackage' argv2 ld ar = do
  (mode, argv3, modeFlagWarnings) <- parseModeFlags argv2
  GHC.runGhc (Just libdir) $ do
    dflags0 <- GHC.getSessionDynFlags
    (dflags1, _, _) <- GHC.parseDynamicFlags dflags0 argv3
    let dflags2 = dflags1 { GHC.ghcMode   = GHC.CompManager
                          , GHC.hscTarget = GHC.hscTarget dflags1
                          , GHC.ghcLink   = GHC.LinkBinary
                          , GHC.verbosity = 1
                          }
    (dflags3, fileish_args, _) <- GHC.parseDynamicFlags dflags2 argv3
    GHC.setSessionDynFlags dflags3
    let normal_fileish_paths = map (normalise . GHC.unLoc) fileish_args
        (srcs, objs)         = partition_args normal_fileish_paths [] []
        (hs_srcs, non_hs_srcs) = partition haskellish srcs
        haskellish (f,Nothing) =
          looksLikeModuleName f || isHaskellSrcFilename f || '.' `notElem` f
        haskellish (_,Just phase) =
 #if MIN_VERSION_ghc(7,4,0)
          phase `notElem` [As, Cc, Cobjc, Cobjcpp, CmmCpp, Cmm, StopLn]
 #else
          phase `notElem` [As, Cc, CmmCpp, Cmm, StopLn]
 #endif
    hsc_env <- GHC.getSession
 --    if (null hs_srcs)
 --       then liftIO (oneShot hsc_env StopLn srcs)
 --       else do
 #if MIN_VERSION_ghc(7,2,0)
    o_files <- mapM (\x -> liftIO $ compileFile hsc_env StopLn x)
 #else
    o_files <- mapM (\x -> compileFile hsc_env StopLn x)
 #endif
                 non_hs_srcs
    liftIO $ mapM_ (consIORef v_Ld_inputs) (reverse o_files)
    targets <- mapM (uncurry GHC.guessTarget) hs_srcs
    GHC.setTargets targets
    ok_flag <- GHC.load GHC.LoadAllTargets
    if GHC.failed ok_flag
      then return False
      else liftIO (linkPkg ld ar) >> return True
 linkPkg :: FilePath -> FilePath -> IO ()
 linkPkg ld ar = do
  arargs <- fmap read $ readFile "yesod-devel/arargs.txt"
  rawSystem ar arargs
  ldargs <- fmap read $ readFile "yesod-devel/ldargs.txt"
  rawSystem ld ldargs
  return ()
 --------------------------------------------------------------------------------------------
 -- stuff below copied from ghc main.hs
 --------------------------------------------------------------------------------------------
 partition_args :: [String] -> [(String, Maybe Phase)] -> [String]
               -> ([(String, Maybe Phase)], [String])
 partition_args [] srcs objs = (reverse srcs, reverse objs)
 partition_args ("-x":suff:args) srcs objs
  | "none" <- suff      = partition_args args srcs objs
  | StopLn <- phase     = partition_args args srcs (slurp ++ objs)
  | otherwise           = partition_args rest (these_srcs ++ srcs) objs
        where phase = startPhase suff
              (slurp,rest) = break (== "-x") args
              these_srcs = zip slurp (repeat (Just phase))
 partition_args (arg:args) srcs objs
  | looks_like_an_input arg = partition_args args ((arg,Nothing):srcs) objs
  | otherwise               = partition_args args srcs (arg:objs)
    {-
      We split out the object files (.o, .dll) and add them
      to v_Ld_inputs for use by the linker.
      The following things should be considered compilation manager inputs:
       - haskell source files (strings ending in .hs, .lhs or other
         haskellish extension),
       - module names (not forgetting hierarchical module names),
       - and finally we consider everything not containing a '.' to be
         a comp manager input, as shorthand for a .hs or .lhs filename.
      Everything else is considered to be a linker object, and passed
      straight through to the linker.
    -}
 looks_like_an_input :: String -> Bool
 looks_like_an_input m =  isSourceFilename m
                      || looksLikeModuleName m
                      || '.' `notElem` m
 -- Parsing the mode flag
 parseModeFlags :: [Located String]
               -> IO (Mode,
                      [Located String],
                      [Located String])
 parseModeFlags args = do
  let ((leftover, errs1, warns), (mModeFlag, errs2, flags')) =
          runCmdLine (processArgs mode_flags args)
                     (Nothing, [], [])
      mode = case mModeFlag of
             Nothing     -> doMakeMode
             Just (m, _) -> m
      errs = errs1 ++ map (mkGeneralLocated "on the commandline") errs2
  when (not (null errs)) $ ghcError $ errorsToGhcException errs
  return (mode, flags' ++ leftover, warns)
 type ModeM = CmdLineP (Maybe (Mode, String), [String], [Located String])
  -- mode flags sometimes give rise to new DynFlags (eg. -C, see below)
  -- so we collect the new ones and return them.
 mode_flags :: [Flag ModeM]
 mode_flags =
  [  ------- help / version ----------------------------------------------
    Flag "?"                     (PassFlag (setMode showGhcUsageMode))
  , Flag "-help"                 (PassFlag (setMode showGhcUsageMode))
  , Flag "V"                     (PassFlag (setMode showVersionMode))
  , Flag "-version"              (PassFlag (setMode showVersionMode))
  , Flag "-numeric-version"      (PassFlag (setMode showNumVersionMode))
  , Flag "-info"                 (PassFlag (setMode showInfoMode))
  , Flag "-supported-languages"  (PassFlag (setMode showSupportedExtensionsMode))
  , Flag "-supported-extensions" (PassFlag (setMode showSupportedExtensionsMode))
  ] ++
  [ Flag k'                      (PassFlag (setMode (printSetting k)))
  | k <- ["Project version",
          "Booter version",
          "Stage",
          "Build platform",
          "Host platform",
          "Target platform",
          "Have interpreter",
          "Object splitting supported",
          "Have native code generator",
          "Support SMP",
          "Unregisterised",
          "Tables next to code",
          "RTS ways",
          "Leading underscore",
          "Debug on",
          "LibDir",
          "Global Package DB",
          "C compiler flags",
          "Gcc Linker flags",
          "Ld Linker flags"],
    let k' = "-print-" ++ map (replaceSpace . toLower) k
        replaceSpace ' ' = '-'
        replaceSpace c   = c
  ] ++
      ------- interfaces ----------------------------------------------------
  [ Flag "-show-iface"  (HasArg (\f -> setMode (showInterfaceMode f)
                                               "--show-iface"))
      ------- primary modes ------------------------------------------------
  , Flag "c"            (PassFlag (\f -> do setMode (stopBeforeMode StopLn) f
                                            addFlag "-no-link" f))
  , Flag "M"            (PassFlag (setMode doMkDependHSMode))
  , Flag "E"            (PassFlag (setMode (stopBeforeMode anyHsc)))
  , Flag "C"            (PassFlag (\f -> do setMode (stopBeforeMode HCc) f
                                            addFlag "-fvia-C" f))
  , Flag "S"            (PassFlag (setMode (stopBeforeMode As)))
  , Flag "-make"        (PassFlag (setMode doMakeMode))
  , Flag "-interactive" (PassFlag (setMode doInteractiveMode))
  , Flag "-abi-hash"    (PassFlag (setMode doAbiHashMode))
  , Flag "e"            (SepArg   (\s -> setMode (doEvalMode s) "-e"))
  ]
 setMode :: Mode -> String -> EwM ModeM ()
 setMode newMode newFlag = liftEwM $ do
    (mModeFlag, errs, flags') <- getCmdLineState
    let (modeFlag', errs') =
            case mModeFlag of
            Nothing -> ((newMode, newFlag), errs)
            Just (oldMode, oldFlag) ->
                case (oldMode, newMode) of
                    -- -c/--make are allowed together, and mean --make -no-link
                    _ |  isStopLnMode oldMode && isDoMakeMode newMode
                      || isStopLnMode newMode && isDoMakeMode oldMode ->
                      ((doMakeMode, "--make"), [])
                    -- If we have both --help and --interactive then we
                    -- want showGhciUsage
                    _ | isShowGhcUsageMode oldMode &&
                        isDoInteractiveMode newMode ->
                            ((showGhciUsageMode, oldFlag), [])
                      | isShowGhcUsageMode newMode &&
                        isDoInteractiveMode oldMode ->
                            ((showGhciUsageMode, newFlag), [])
                    -- Otherwise, --help/--version/--numeric-version always win
                      | isDominantFlag oldMode -> ((oldMode, oldFlag), [])
                      | isDominantFlag newMode -> ((newMode, newFlag), [])
                    -- We need to accumulate eval flags like "-e foo -e bar"
                    (Right (Right (DoEval esOld)),
                     Right (Right (DoEval [eNew]))) ->
                        ((Right (Right (DoEval (eNew : esOld))), oldFlag),
                         errs)
                    -- Saying e.g. --interactive --interactive is OK
                    _ | oldFlag == newFlag -> ((oldMode, oldFlag), errs)
                    -- Otherwise, complain
                    _ -> let err = flagMismatchErr oldFlag newFlag
                         in ((oldMode, oldFlag), err : errs)
    putCmdLineState (Just modeFlag', errs', flags')
  where isDominantFlag f = isShowGhcUsageMode   f ||
                           isShowGhciUsageMode  f ||
                           isShowVersionMode    f ||
                           isShowNumVersionMode f
 flagMismatchErr :: String -> String -> String
 flagMismatchErr oldFlag newFlag
    = "cannot use `" ++ oldFlag ++  "' with `" ++ newFlag ++ "'"
 addFlag :: String -> String -> EwM ModeM ()
 addFlag s flag = liftEwM $ do
  (m, e, flags') <- getCmdLineState
  putCmdLineState (m, e, mkGeneralLocated loc s : flags')
    where loc = "addFlag by " ++ flag ++ " on the commandline"
 type Mode = Either PreStartupMode PostStartupMode
 type PostStartupMode = Either PreLoadMode PostLoadMode
 data PreStartupMode
  = ShowVersion             -- ghc -V/--version
  | ShowNumVersion          -- ghc --numeric-version
  | ShowSupportedExtensions -- ghc --supported-extensions
  | Print String            -- ghc --print-foo
 showVersionMode, showNumVersionMode, showSupportedExtensionsMode :: Mode
 showVersionMode             = mkPreStartupMode ShowVersion
 showNumVersionMode          = mkPreStartupMode ShowNumVersion
 showSupportedExtensionsMode = mkPreStartupMode ShowSupportedExtensions
 mkPreStartupMode :: PreStartupMode -> Mode
 mkPreStartupMode = Left
 isShowVersionMode :: Mode -> Bool
 isShowVersionMode (Left ShowVersion) = True
 isShowVersionMode _ = False
 isShowNumVersionMode :: Mode -> Bool
 isShowNumVersionMode (Left ShowNumVersion) = True
 isShowNumVersionMode _ = False
 data PreLoadMode
  = ShowGhcUsage                           -- ghc -?
  | ShowGhciUsage                          -- ghci -?
  | ShowInfo                               -- ghc --info
  | PrintWithDynFlags (DynFlags -> String) -- ghc --print-foo
 showGhcUsageMode, showGhciUsageMode, showInfoMode :: Mode
 showGhcUsageMode = mkPreLoadMode ShowGhcUsage
 showGhciUsageMode = mkPreLoadMode ShowGhciUsage
 showInfoMode = mkPreLoadMode ShowInfo
 printSetting :: String -> Mode
 printSetting k = mkPreLoadMode (PrintWithDynFlags f)
    where f dflags = fromMaybe (panic ("Setting not found: " ++ show k))
 #if MIN_VERSION_ghc(7,2,0)
                   $ lookup k (compilerInfo dflags)
 #else
                   $ fmap convertPrintable (lookup k compilerInfo)
              where
                convertPrintable (DynFlags.String s) = s
                convertPrintable (DynFlags.FromDynFlags f) = f dflags
 #endif
 mkPreLoadMode :: PreLoadMode -> Mode
 mkPreLoadMode = Right . Left
 isShowGhcUsageMode :: Mode -> Bool
 isShowGhcUsageMode (Right (Left ShowGhcUsage)) = True
 isShowGhcUsageMode _ = False
 isShowGhciUsageMode :: Mode -> Bool
 isShowGhciUsageMode (Right (Left ShowGhciUsage)) = True
 isShowGhciUsageMode _ = False
 data PostLoadMode
  = ShowInterface FilePath  -- ghc --show-iface
  | DoMkDependHS            -- ghc -M
  | StopBefore Phase        -- ghc -E | -C | -S
                            -- StopBefore StopLn is the default
  | DoMake                  -- ghc --make
  | DoInteractive           -- ghc --interactive
  | DoEval [String]         -- ghc -e foo -e bar => DoEval ["bar", "foo"]
  | DoAbiHash               -- ghc --abi-hash
 doMkDependHSMode, doMakeMode, doInteractiveMode, doAbiHashMode :: Mode
 doMkDependHSMode = mkPostLoadMode DoMkDependHS
 doMakeMode = mkPostLoadMode DoMake
 doInteractiveMode = mkPostLoadMode DoInteractive
 doAbiHashMode = mkPostLoadMode DoAbiHash
 showInterfaceMode :: FilePath -> Mode
 showInterfaceMode fp = mkPostLoadMode (ShowInterface fp)
 stopBeforeMode :: Phase -> Mode
 stopBeforeMode phase = mkPostLoadMode (StopBefore phase)
 doEvalMode :: String -> Mode
 doEvalMode str = mkPostLoadMode (DoEval [str])
 mkPostLoadMode :: PostLoadMode -> Mode
 mkPostLoadMode = Right . Right
 isDoInteractiveMode :: Mode -> Bool
 isDoInteractiveMode (Right (Right DoInteractive)) = True
 isDoInteractiveMode _ = False
 isStopLnMode :: Mode -> Bool
 isStopLnMode (Right (Right (StopBefore StopLn))) = True
 isStopLnMode _ = False
 isDoMakeMode :: Mode -> Bool
 isDoMakeMode (Right (Right DoMake)) = True
 isDoMakeMode _ = False
 #ifdef GHCI
 isInteractiveMode :: PostLoadMode -> Bool
 isInteractiveMode DoInteractive = True
 isInteractiveMode _             = False
 #endif
 -- isInterpretiveMode: byte-code compiler involved
 isInterpretiveMode :: PostLoadMode -> Bool
 isInterpretiveMode DoInteractive = True
 isInterpretiveMode (DoEval _)    = True
 isInterpretiveMode _             = False
 needsInputsMode :: PostLoadMode -> Bool
 needsInputsMode DoMkDependHS    = True
 needsInputsMode (StopBefore _)  = True
 needsInputsMode DoMake          = True
 needsInputsMode _               = False
 -- True if we are going to attempt to link in this mode.
 -- (we might not actually link, depending on the GhcLink flag)
 isLinkMode :: PostLoadMode -> Bool
 isLinkMode (StopBefore StopLn) = True
 isLinkMode DoMake              = True
 isLinkMode DoInteractive       = True
 isLinkMode (DoEval _)          = True
 isLinkMode _                   = False
 isCompManagerMode :: PostLoadMode -> Bool
 isCompManagerMode DoMake        = True
 isCompManagerMode DoInteractive = True
 isCompManagerMode (DoEval _)    = True
 isCompManagerMode _             = False
--- a/yesod-bin/HsFile.hs
+++ b/yesod-bin/HsFile.hs
@ -0,0 +1,18 @@
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE OverloadedStrings #-}
 module HsFile (mkHsFile) where
 import Text.ProjectTemplate (createTemplate)
 import Conduit
 import qualified Data.ByteString as BS
 import Control.Monad.IO.Class (liftIO)
 import Data.String (fromString)
 mkHsFile :: IO ()
 mkHsFile = runConduitRes
         $ sourceDirectory "."
        .| readIt
        .| createTemplate
        .| mapM_C (liftIO . BS.putStr)
  where
    -- Reads a filepath from upstream and dumps a pair of (filepath, filecontents)
    readIt = mapC $ \i -> (fromString i, liftIO $ BS.readFile i)
--- a/yesod-bin/Keter.hs
+++ b/yesod-bin/Keter.hs
@ -1,22 +1,31 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE CPP #-}
 module Keter
    ( keter
    ) where
 import Data.Yaml
 #if MIN_VERSION_aeson(2, 0, 0)
 import qualified Data.Aeson.KeyMap as Map
 #else
 import qualified Data.HashMap.Strict as Map
 #endif
 import qualified Data.Text as T
 import System.Environment (getEnvironment)
 import System.Exit
-import System.Cmd
+import System.Process
 import Control.Monad
-import System.Directory
+import System.Directory hiding (findFiles)
-import Data.Maybe (mapMaybe)
+import Data.Maybe (mapMaybe,isJust,maybeToList)
-import qualified Filesystem.Path.CurrentOS as F
+import Data.Monoid
-import qualified Filesystem as F
+import System.FilePath ((</>))
 import qualified Codec.Archive.Tar as Tar
 import Control.Exception
 import qualified Data.ByteString.Lazy as L
 import Codec.Compression.GZip (compress)
 import qualified Data.Foldable as Fold
 import Control.Monad.Trans.Writer (tell, execWriter)
 run :: String -> [String] -> IO ()
 run a b = do
@ -25,19 +34,29 @@ run a b = do
 keter :: String -- ^ cabal command
      -> Bool -- ^ no build?
      -> Bool -- ^ no copy to?
      -> [String] -- ^ build args
      -> IO ()
-keter cabal noBuild = do
+keter cabal noBuild noCopyTo buildArgs = do
-    mvalue <- decodeFile "config/keter.yaml"
+    ketercfg <- keterConfig
    mvalue <- decodeFile ketercfg
    value <-
        case mvalue of
            Nothing -> error "No config/keter.yaml found"
            Just (Object value) ->
                case Map.lookup "host" value of
                    Just (String s) | "<<" `T.isPrefixOf` s ->
-                        error "Please set your hostname in config/keter.yaml"
+                        error $ "Please set your hostname in " ++ ketercfg
-                    _ -> return value
+                    _ ->
-            Just _ -> error "config/keter.yaml is not an object"
+                        case Map.lookup "user-edited" value of
                            Just (Bool False) ->
                                error $ "Please edit your Keter config file at "
                                     ++ ketercfg
                            _ -> return value
            Just _ -> error $ ketercfg ++ " is not an object"
    env' <- getEnvironment
    cwd' <- getCurrentDirectory
    files <- getDirectoryContents "."
    project <-
        case mapMaybe (T.stripSuffix ".cabal" . T.pack) files of
@ -45,25 +64,77 @@ keter cabal noBuild = do
            [] -> error "No cabal file found"
            _ -> error "Too many cabal files found"
-    exec <-
+    let findFiles (Object v) =
-        case Map.lookup "exec" value of
+            mapM_ go $ Map.toList v
-            Just (String s) -> return $ F.collapse $ "config" F.</> F.fromText s
+          where
-            _ -> error "exec not found in config/keter.yaml"
+            go ("exec", String s) = tellFile s
            go ("extraFiles", Array a) = Fold.mapM_ tellExtra a
            go (_, v') = findFiles v'
            tellFile s = tell [collapse $ "config" </> T.unpack s]
            tellExtra (String s) = tellFile s
            tellExtra _          = error "extraFiles should be a flat array"
        findFiles (Array v) = Fold.mapM_ findFiles v
        findFiles _ = return ()
        bundleFiles = execWriter $ findFiles $ Object value
        collapse = T.unpack . T.intercalate "/" . collapse' . T.splitOn "/" . T.pack
        collapse' (_:"..":rest) = collapse' rest
        collapse' (".":xs) = collapse' xs
        collapse' (x:xs) = x : collapse' xs
        collapse' [] = []
    unless noBuild $ do
-        run cabal ["clean"]
+        stackQueryRunSuccess <- do
-        run cabal ["configure"]
+            eres <- try $ readProcessWithExitCode "stack" ["query"] "" :: IO (Either IOException (ExitCode, String, String))
-        run cabal ["build"]
+            return $ either (\_ -> False) (\(ec, _, _) -> (ec == ExitSuccess)) eres
-    _ <- try' $ F.removeTree "static/tmp"
+        let inStackExec = isJust $ lookup "STACK_EXE" env'
            mStackYaml = lookup "STACK_YAML" env'
            useStack = inStackExec || isJust mStackYaml || stackQueryRunSuccess
-    archive <- Tar.pack "" [F.encodeString exec, "config", "static"]
+        if useStack
            then do let stackYaml = maybeToList $ fmap ("--stack-yaml="<>) mStackYaml
                        localBinPath = cwd' </> "dist/bin"
                    run "stack" $ stackYaml <> ["clean"]
                    createDirectoryIfMissing True localBinPath
                    run "stack"
                        (stackYaml
                         <> ["--local-bin-path",localBinPath,"build","--copy-bins"]
                         <> buildArgs)
            else do run cabal ["clean"]
                    run cabal ["configure"]
                    run cabal ("build" : buildArgs)
    _ <- try' $ removeDirectoryRecursive "static/tmp"
    archive <- Tar.pack "" $
        "config" : "static" : bundleFiles
    let fp = T.unpack project ++ ".keter"
    L.writeFile fp $ compress $ Tar.write archive
-    case Map.lookup "copy-to" value of
+    unless noCopyTo $ case Map.lookup "copy-to" value of
-        Just (String s) -> run "scp" [fp, T.unpack s]
+        Just (String s) ->
            let baseArgs = [fp, T.unpack s] :: [String]
                scpArgs =
                    case parseMaybe (.: "copy-to-args") value of
                        Just as -> as ++ baseArgs
                        Nothing -> baseArgs
                args =
                    case parseMaybe (.: "copy-to-port") value of
                        Just i -> "-P" : show (i :: Int) : scpArgs
                        Nothing -> scpArgs
            in run "scp" args
        _ -> return ()
  where
    -- Test for alternative config file extension (yaml or yml).
    keterConfig = do
        let yml = "config/keter.yml"
        ymlExists <- doesFileExist yml
        return $ if ymlExists then yml else "config/keter.yaml"
 try' :: IO a -> IO (Either SomeException a)
 try' = try
--- a/yesod-bin/Options.hs
+++ b/yesod-bin/Options.hs
@ -7,11 +7,13 @@ module Options (injectDefaults) where
 import           Control.Applicative
 import qualified Control.Exception         as E
 import           Control.Monad
 import           Control.Monad.Trans.Except
 import           Control.Monad.Trans.Reader
 import           Data.Char                 (isAlphaNum, isSpace, toLower)
 import           Data.List                 (foldl')
 import           Data.List.Split           (splitOn)
 import qualified Data.Map                  as M
-import           Data.Maybe                (catMaybes)
+import           Data.Maybe                (mapMaybe)
 import           Data.Monoid
 import           Options.Applicative
 import           Options.Applicative.Types
@ -52,10 +54,10 @@ updateA env key upd a =
 -- | really simple key/value file reader:   x.y = z -> (["x","y"],"z")
 configLines :: String -> [([String], String)]
-configLines = catMaybes . map (mkLine . takeWhile (/='#')) . lines
+configLines = mapMaybe (mkLine . takeWhile (/='#')) . lines
  where
    trim = let f = reverse . dropWhile isSpace in f . f
-    mkLine l | (k, ('=':v)) <- break (=='=') l = Just (splitOn "." (trim k), trim v)
+    mkLine l | (k, '=':v) <- break (=='=') l = Just (splitOn "." (trim k), trim v)
             | otherwise                       = Nothing
 -- | inject the environment into the parser
@ -64,14 +66,28 @@ configLines = catMaybes . map (mkLine . takeWhile (/='#')) . lines
 injectDefaultP :: M.Map [String] String -> [String] -> Parser a -> Parser a
 injectDefaultP _env _path n@(NilP{})   = n
 injectDefaultP env path p@(OptP o)
 #if MIN_VERSION_optparse_applicative(0,13,0)
  | (Option (CmdReader _ cmds f) props) <- o  =
 #else
  | (Option (CmdReader cmds f) props) <- o  =
 #endif
     let cmdMap = M.fromList (map (\c -> (c, mkCmd c)) cmds)
         mkCmd cmd =
           let (Just parseri) = f cmd
           in  parseri { infoParser = injectDefaultP env (path ++ [normalizeName cmd]) (infoParser parseri) }
 #if MIN_VERSION_optparse_applicative(0,13,0)
     in  OptP (Option (CmdReader Nothing cmds (`M.lookup` cmdMap)) props)
 #else
     in  OptP (Option (CmdReader cmds (`M.lookup` cmdMap)) props)
 #endif
  | (Option (OptReader names (CReader _ rdr) _) _) <- o =
-     p <|> either (const empty) pure (msum $ map (rdr <=< (maybe (Left $ ErrorMsg "Missing environment variable") Right . getEnvValue env path)) names)
+     p <|> either (const empty)
                  pure
                  (runExcept . msum $
                    map (maybe (throwE $ ErrorMsg "Missing environment variable")
                               (runReaderT (unReadM rdr))
                          . getEnvValue env path)
                        names)
  | (Option (FlagReader names a) _) <- o =
     p <|> if any ((==Just "1") . getEnvValue env path) names then pure a else empty
  | otherwise = p
--- a/yesod-bin/README.md
+++ b/yesod-bin/README.md
@ -0,0 +1,111 @@
 ## yesod-bin: the Yesod executable
 This executable is almost exclusively used for its `yesod devel`
 capabilities, providing a development server for web apps. It also
 provides some legacy functionality, almost all of which has been
 superceded by functionality in the
 [Haskell Stack build tool](http://haskellstack.org/). This README will
 speak exclusively about `yesod devel`.
 __CAVEAT__ There may be some issues using `yesod devel` in Docker-enabled
 projects. See [comment on
 Github](https://github.com/yesodweb/yesod/pull/1305#issuecomment-263204471).
 ### Development server
 The development server will automatically recompile your application
 whenever you make source code changes. It will then launch your app,
 and reverse-proxy to it. The reverse proxying ensures that you can
 connect to your application on a dedicated port, always get the latest
 version available, and won't get dropped connections when the app
 isn't yet ready. Instead, you'll get some very motivating messages:
 ![Motivation](https://i.sli.mg/nO6DvN.png)
 ## Common workflows
 The standard Yesod scaffoldings are configured to work with `yesod
 devel` out of the box (though see below for non-Yesod
 development). For the most part, from within your application
 directory, you'll just want to run:
 * `stack build yesod-bin`
 * `stack exec -- yesod devel`
 This will install the corresponding version of the `yesod` executable
 into your currently selected snapshot, and then use that
 executable. (Starting with version 1.5.0, you can be more lax and use
 a `yesod` executable compiled for a different snapshot. Once 1.5.0 is
 more widespread we'll probably update these instructions.)
 Some other common questions:
 * If you want to control which port you can access your application
  on, use the `--port` command line option, e.g. `stack exec -- yesod
  devel --port 4000`. Changing your port inside your source code _will
  not work_, because you need to change the reverse proxying port.
 * If you want to run a command after each successful build, you can
  use `stack exec -- yesod devel --success-hook "echo Yay!"`
 * If for some reason you want to disable the reverse proxy
  capabilities, use `stack exec -- yesod devel
  --disable-reverse-proxy`
 ## How it works
 The workflow of the devel server is pretty simple:
 * Launch a reverse proxy server
 * Use Stack file-watch capability to run a build loop on your code,
  rebuilding each time a file is modified
 * Have Stack call `yesod devel-signal` to write to a specific file
  (`yesod-devel/rebuild`) each time a rebuild is successful
 * Each time `yesod-devel/rebuild` is modified:
  * Kill the current child process
  * Get a new random port
  * Tell the reverse proxy server about the new port to forward to
  * Run the application's devel script with two environment variables
    set:
    * `PORT` gives the newly generated random port. The application
      needs to listen on that port.
    * `DISPLAY_PORT` gives the port that the reverse proxy is
      listening on, used for display purposes or generating URLs.
 Now some weird notes:
 * The devel script can be one of the following three files. `yesod
  devel` will search for them in the given order. That script must
  provide a `main` function.
  * `app/devel.hs`
  * `devel.hs`
  * `src/devel.hs`
 * Unfortunately, directly killing the `ghc` interpreter has never
  worked reliably, so we have an extra hack: when killing the process,
  `yesod devel` also writes to a file
  `yesod-devel/devel-terminate`. Your devel script should respect this
  file and shutdown whenever it exists.
  (It may be fixed in 1.6.0.5.)
 * If your .cabal file defines them, `yesod devel` will tell Stack to
  build with the flags `dev` and `library-only`. You can use this to
  speed up compile times (biggest win: skip building executables, thus
  the name `library-only`).
 If that all seems a little complicated, remember that the Yesod
 scaffolding handles all of this for you. But if you want to implement
 it yourself...
 ## Non-Yesod development
 If you'd like to use the `yesod devel` server for your non-Yesod
 application, or even for a Yesod application not based on the
 scaffolding, this section is for you! We've got a
 [sample application in the repository](https://github.com/yesodweb/yesod/tree/master/yesod-bin/devel-example)
 that demonstrates how to get this set up. It demonstrates a good way
 to jump through the hoops implied above.
 One important note: I highly recommend putting _all_ of the logic in
 your library, and then providing a `develMain :: IO ()` function which
 your `app/devel.hs` script reexports as `main`. I've found this to
 greatly simplify things overall, since you can ensure all of your
 dependencies are specified correctly in your `.cabal` file. Also, I
 recommend using `PackageImports` in that file, as the example app
 shows.
--- a/yesod-bin/Scaffolding/Scaffolder.hs
+++ b/yesod-bin/Scaffolding/Scaffolder.hs
@ -1,101 +0,0 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE TemplateHaskell   #-}
 module Scaffolding.Scaffolder (scaffold) where
 import           Control.Arrow         ((&&&))
 import qualified Data.ByteString.Char8 as S
 import           Data.Conduit          (runResourceT, yield, ($$), ($$+-))
 import           Data.FileEmbed        (embedFile)
 import           Data.String           (fromString)
 import qualified Data.Text             as T
 import qualified Data.Text.Lazy        as LT
 import qualified Data.Text.Lazy.IO     as TLIO
 import           Text.ProjectTemplate  (unpackTemplate, receiveFS)
 import           System.IO
 import           Text.Shakespeare.Text (renderTextUrl, textFile)
 import Network.HTTP.Conduit (withManager, http, parseUrl, responseBody)
 prompt :: (String -> Maybe a) -> IO a
 prompt f = do
    s <- getLine
    case f s of
        Just a -> return a
        Nothing -> do
            putStr "That was not a valid entry, please try again: "
            hFlush stdout
            prompt f
 data Backend = Sqlite
             | Postgresql
             | PostgresqlFay
             | Mysql
             | MongoDB
             | Simple
  deriving (Eq, Read, Show, Enum, Bounded)
 puts :: LT.Text -> IO ()
 puts s = TLIO.putStr (LT.init s) >> hFlush stdout
 backends :: [Backend]
 backends = [minBound .. maxBound]
 showBackend :: Backend -> String
 showBackend Sqlite = "s"
 showBackend Postgresql = "p"
 showBackend PostgresqlFay = "pf"
 showBackend Mysql = "mysql"
 showBackend MongoDB = "mongo"
 showBackend Simple = "simple"
 readBackend :: String -> Maybe Backend
 readBackend s = lookup s $ map (showBackend &&& id) backends
 backendBS :: Backend -> S.ByteString
 backendBS Sqlite = $(embedFile "hsfiles/sqlite.hsfiles")
 backendBS Postgresql = $(embedFile "hsfiles/postgres.hsfiles")
 backendBS PostgresqlFay = $(embedFile "hsfiles/postgres-fay.hsfiles")
 backendBS Mysql = $(embedFile "hsfiles/mysql.hsfiles")
 backendBS MongoDB = $(embedFile "hsfiles/mongo.hsfiles")
 backendBS Simple = $(embedFile "hsfiles/simple.hsfiles")
 -- | Is the character valid for a project name?
 validPN :: Char -> Bool
 validPN c
    | 'A' <= c && c <= 'Z' = True
    | 'a' <= c && c <= 'z' = True
    | '0' <= c && c <= '9' = True
 validPN '-' = True
 validPN _ = False
 scaffold :: IO ()
 scaffold = do
    puts $ renderTextUrl undefined $(textFile "input/welcome.cg")
    project <- prompt $ \s ->
        if all validPN s && not (null s) && s /= "test"
            then Just s
            else Nothing
    let dir = project
    puts $ renderTextUrl undefined $(textFile "input/database.cg")
    ebackend' <- prompt $ \s -> if s == "url" then Just (Left ()) else fmap Right $ readBackend s
    ebackend <-
        case ebackend' of
            Left () -> do
                puts "Please enter the URL:  "
                fmap Left $ prompt parseUrl
            Right backend -> return $ Right backend
    putStrLn "That's it! I'm creating your files now..."
    let sink = unpackTemplate
                (receiveFS $ fromString project)
                (T.replace "PROJECTNAME" (T.pack project))
    case ebackend of
        Left req -> withManager $ \m -> do
            res <- http req m
            responseBody res $$+- sink
        Right backend -> runResourceT $ yield (backendBS backend) $$ sink
    TLIO.putStr $ LT.replace "PROJECTNAME" (LT.pack project) $ renderTextUrl undefined $(textFile "input/done.cg")
--- a/yesod-bin/certificate.pem
+++ b/yesod-bin/certificate.pem
@ -0,0 +1,15 @@
 -----BEGIN CERTIFICATE-----
 MIICWDCCAcGgAwIBAgIJAJG1ZMlcMDW6MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
 aWRnaXRzIFB0eSBMdGQwHhcNMTExMDIyMTk0MjU3WhcNMTExMTIxMTk0MjU3WjBF
 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
 gQCfYZx7kV6ybogMyAf9MINm7Rwin5LKh+TpD1ZkbLgmqFVotQCdthgTK66SPXkx
 EXGI27biNzacJhX7Ml7/4o8sp2GslYKUO46DYvgi/nnNX/bzA5cDJSSGK11eQEVs
 +p0GEZ/6Juhpx/oQwMDMgo0UHkiH8QtKI8ojXnFF2MsLNwIDAQABo1AwTjAdBgNV
 HQ4EFgQUaA6FbOj/0VJMb4egNyIDZ/ZNV/YwHwYDVR0jBBgwFoAUaA6FbOj/0VJM
 b4egNyIDZ/ZNV/YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCTQyOk
 D86Z+yzedXjTLI6FT8QugmQne1YQ8P0w37P76z2reagSvNee2e9B1oTHoPeKZMs0
 k99oS9yJ/NOQ1Ms90P+q0yBVGxAs/gF65qKgE27YGXzNtNobj/D4OoxcFG+BsORw
 VvYSBV4FiVy9RwJsr7AMqkUBcOEPCuJHgTx58w==
 -----END CERTIFICATE-----
--- a/yesod-bin/devel-example/.gitignore
+++ b/yesod-bin/devel-example/.gitignore
@ -0,0 +1 @@
 yesod-devel/
--- a/yesod-bin/devel-example/README.md
+++ b/yesod-bin/devel-example/README.md
@ -0,0 +1,5 @@
 An example non-Yesod application that is compatible with `yesod devel`. Steps
 to use it:
 * `stack build yesod-bin`
 * `stack exec -- yesod devel`
--- a/yesod-bin/devel-example/Setup.hs
+++ b/yesod-bin/devel-example/Setup.hs
@ -0,0 +1,2 @@
 import Distribution.Simple
 main = defaultMain
--- a/yesod-bin/devel-example/app/Main.hs
+++ b/yesod-bin/devel-example/app/Main.hs
@ -0,0 +1,6 @@
 module Main where
 import DevelExample
 main :: IO ()
 main = prodMain
--- a/yesod-bin/devel-example/app/devel.hs
+++ b/yesod-bin/devel-example/app/devel.hs
@ -0,0 +1,5 @@
 {-# LANGUAGE PackageImports #-}
 import "devel-example" DevelExample (develMain)
 main :: IO ()
 main = develMain
--- a/yesod-bin/devel-example/devel-example.cabal
+++ b/yesod-bin/devel-example/devel-example.cabal
@ -0,0 +1,30 @@
 name:                devel-example
 version:             0.1.0.0
 build-type:          Simple
 cabal-version:       >=1.10
 flag library-only
  default: False
  description: Do not build the executable
 library
  hs-source-dirs:      src
  exposed-modules:     DevelExample
  build-depends:       base
                     , async
                     , directory
                     , http-types
                     , wai
                     , wai-extra
                     , warp
  default-language:    Haskell2010
 executable devel-example
  hs-source-dirs:      app
  main-is:             Main.hs
  ghc-options:         -threaded -rtsopts -with-rtsopts=-N
  build-depends:       base
                     , devel-example
  default-language:    Haskell2010
  if flag(library-only)
    buildable:         False
--- a/yesod-bin/devel-example/src/DevelExample.hs
+++ b/yesod-bin/devel-example/src/DevelExample.hs
@ -0,0 +1,47 @@
 {-# LANGUAGE OverloadedStrings #-}
 module DevelExample
    ( prodMain
    , develMain
    ) where
 import Control.Concurrent (threadDelay)
 import Control.Concurrent.Async (race_)
 import Network.HTTP.Types
 import Network.Wai
 import Network.Wai.Handler.Warp
 import Network.Wai.Middleware.RequestLogger
 import System.Directory (doesFileExist)
 import System.Environment
 myApp :: Application
 myApp _req send = send $ responseLBS
    status200
    [(hContentType, "text/html; charset=utf-8")]
    "<p>Well, this is really <b>boring</b>.</p>"
 prodMain :: IO ()
 prodMain = do
    putStrLn "Running in production mode on port 8080"
    run 8080 $ logStdout myApp
 develMain :: IO ()
 develMain = race_ watchTermFile $ do
    port <- fmap read $ getEnv "PORT"
    displayPort <- getEnv "DISPLAY_PORT"
    putStrLn $ "Running in development mode on port " ++ show port
    putStrLn $ "But you should connect to port " ++ displayPort
    run port $ logStdoutDev myApp
 -- | Would certainly be more efficient to use fsnotify, but this is
 -- simpler.
 watchTermFile :: IO ()
 watchTermFile =
    loop
  where
    loop = do
        exists <- doesFileExist "yesod-devel/devel-terminate"
        if exists
            then return ()
            else do
                threadDelay 100000
                loop
--- a/yesod-bin/devel-example/stack.yaml
+++ b/yesod-bin/devel-example/stack.yaml
@ -0,0 +1,8 @@
 resolver: lts-7.10
 packages:
 - .
 - ..
 extra-deps:
 - typed-process-0.1.0.0
--- a/yesod-bin/ghcwrapper.hs
+++ b/yesod-bin/ghcwrapper.hs
@ -1,60 +0,0 @@
 {-
  wrapper executable that captures arguments to ghc, ar or ld
 -}
 {-# LANGUAGE CPP #-}
 module Main where
 import           Control.Monad                     (when)
 import           Data.Maybe                        (fromMaybe)
 import           Distribution.Compiler             (CompilerFlavor (..))
 import           Distribution.Simple.Configure     (configCompiler)
 import           Distribution.Simple.Program       (arProgram,
                                                    defaultProgramConfiguration,
                                                    ghcProgram, ldProgram,
                                                    programPath)
 import           Distribution.Simple.Program.Db    (configureAllKnownPrograms,
                                                    lookupProgram)
 import           Distribution.Simple.Program.Types (Program (..))
 import           Distribution.Verbosity            (silent)
 import           System.Directory                  (doesDirectoryExist)
 import           System.Environment                (getArgs)
 import           System.Exit                       (ExitCode (..), exitWith)
 import           System.IO                         (hPutStrLn, stderr)
 import           System.Process                    (rawSystem, readProcess)
 #ifdef LDCMD
 cmd :: Program
 cmd = ldProgram
 outFile = "yesod-devel/ldargs.txt"
 #else
 #ifdef ARCMD
 cmd :: Program
 cmd = arProgram
 outFile ="yesod-devel/arargs.txt"
 #else
 cmd :: Program
 cmd = ghcProgram
 outFile = "yesod-devel/ghcargs.txt"
 #endif
 #endif
 runProgram :: Program -> [String] -> IO ExitCode
 runProgram pgm args = do
  (comp, pgmc) <- configCompiler (Just GHC) Nothing Nothing defaultProgramConfiguration silent
  pgmc' <- configureAllKnownPrograms silent pgmc
  case lookupProgram pgm pgmc' of
    Nothing -> do
      hPutStrLn stderr ("cannot find program '" ++ programName pgm ++ "'")
      return (ExitFailure 1)
    Just p -> rawSystem (programPath p) args
 main = do
  args <- getArgs
  e <- doesDirectoryExist "yesod-devel"
  when e $ writeFile outFile (show args ++ "\n")
  ex <- runProgram cmd args
  exitWith ex
--- a/yesod-bin/hsfiles/mongo.hsfiles
+++ b/yesod-bin/hsfiles/mongo.hsfiles
--- a/yesod-bin/hsfiles/mysql.hsfiles
+++ b/yesod-bin/hsfiles/mysql.hsfiles
--- a/yesod-bin/hsfiles/postgres-fay.hsfiles
+++ b/yesod-bin/hsfiles/postgres-fay.hsfiles
--- a/yesod-bin/hsfiles/postgres.hsfiles
+++ b/yesod-bin/hsfiles/postgres.hsfiles
--- a/yesod-bin/hsfiles/simple.hsfiles
+++ b/yesod-bin/hsfiles/simple.hsfiles
--- a/yesod-bin/hsfiles/sqlite.hsfiles
+++ b/yesod-bin/hsfiles/sqlite.hsfiles
--- a/yesod-bin/input/database.cg
+++ b/yesod-bin/input/database.cg
@ -1,13 +0,0 @@
 Yesod uses Persistent for its (you guessed it) persistence layer.
 This tool will build in either SQLite or PostgreSQL or MongoDB support for you.
 We recommend starting with SQLite: it has no dependencies.
    s      = sqlite
    p      = postgresql
    pf     = postgresql + Fay (experimental)
    mongo  = mongodb
    mysql  = MySQL
    simple = no database, no auth
    url    = Let me specify URL containing a site (advanced)
 So, what'll it be? 
--- a/yesod-bin/input/done.cg
+++ b/yesod-bin/input/done.cg
@ -1,32 +0,0 @@
 ---------------------------------------
                     ___
                            {-)   |\
                       [m,].-"-.   /
      [][__][__]         \(/\__/\)/
      [__][__][__][__]~~~~  |  |
      [][__][__][__][__][] /   |
      [__][__][__][__][__]| /| |
      [][__][__][__][__][]| || |  ~~~~
  ejm [__][__][__][__][__]__,__,  \__/
 ---------------------------------------
 The foundation for your web application has been built.
 There are a lot of resources to help you use Yesod.
 Start with the book: http://www.yesodweb.com/book
 Take part in the community: http://yesodweb.com/page/community
 Start your project:
   cd PROJECTNAME && cabal install && yesod devel
 or if you use cabal-dev:
   cd PROJECTNAME && cabal-dev install && yesod --dev devel
--- a/yesod-bin/input/welcome.cg
+++ b/yesod-bin/input/welcome.cg
@ -1,6 +0,0 @@
 Welcome to the Yesod scaffolder.
 I'm going to be creating a skeleton Yesod project for you.
 What do you want to call your project? We'll use this for the cabal name.
 Project name: 
--- a/yesod-bin/key.pem
+++ b/yesod-bin/key.pem
@ -0,0 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCfYZx7kV6ybogMyAf9MINm7Rwin5LKh+TpD1ZkbLgmqFVotQCd
 thgTK66SPXkxEXGI27biNzacJhX7Ml7/4o8sp2GslYKUO46DYvgi/nnNX/bzA5cD
 JSSGK11eQEVs+p0GEZ/6Juhpx/oQwMDMgo0UHkiH8QtKI8ojXnFF2MsLNwIDAQAB
 AoGAR8pgAgjo7tZ60ccIUjOX/LSxB6d5J2Eu6wvNjk6qZD9OuWtOa7up/HigmZ63
 CDMjQNI2/o6AOrWtEQkPYZNbibuifzg5V517nHGSqkqjoIgesAiwEsoKpeOgGTtM
 MM08oHbJ9uOnDnEEnDBiE0iE3jCTDfmwjqDMpUhu9dZ1EAECQQDKVpzSSV3pzMOp
 ixNxMpYxzcE+4K9jgM+MlxPBJSQhVrg/cRQWb26cKBi8LdSxF23hQTsFr+8qLwid
 Ah2AgUOBAkEAyaaCjrNRCiHRpd6YzWZ6GKkxbUvxSuOKX3N7hDaE2OFzQTv2Li8B
 5mrCsXnSZtOG+MBFdHU66UYie1OzDSDKtwJAKMsvkOID0ihbZmpIwDC/wUjHZkLs
 eXY14hVvgShY0XPnb7r/nspWlZsr6Xyf/hhIKfr5yFrBMFMNPIJ5qjflgQJAWsyV
 YTgxN4S+6BdxapvIQq58ySA3CGeo+Q4BAimibB4oTal4UpdsHZrZDB00toRs9Dlv
 jN70pfGkuS+ZIkIvxQJBAKSf5qpXWp4oZcThkieAiMeAhG96xqRPXhPUxq6QF+YG
 T4PF1sjlpZwqy7C+2oF3BqLP09mCW7YkH9Jgnl1zDF8=
 -----END RSA PRIVATE KEY-----
--- a/yesod-bin/main.hs
+++ b/yesod-bin/main.hs
@ -1,37 +1,19 @@
 {-# LANGUAGE CPP             #-}
-{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE RecordWildCards             #-}
 module Main (main) where
 import           Control.Monad          (unless)
 import           Data.Monoid
 import           Data.Version           (showVersion)
 import           Options.Applicative
-import           System.Exit            (ExitCode (ExitSuccess), exitWith)
+import           System.Exit            (exitFailure)
 import           System.Process         (rawSystem)
 import           AddHandler             (addHandler)
-import           Devel                  (DevelOpts (..), devel)
+import           Devel                  (DevelOpts (..), devel, develSignal)
 import           Keter                  (keter)
 import           Options                (injectDefaults)
 import qualified Paths_yesod_bin
 import           Scaffolding.Scaffolder
-import           Options.Applicative.Builder.Internal (Mod, OptionFields)
+import           HsFile                 (mkHsFile)
 #ifndef WINDOWS
 import           Build                  (touch)
 touch' :: IO ()
 touch' = touch
 windowsWarning :: String
 windowsWarning = ""
 #else
 touch' :: IO ()
 touch'  = return ()
 windowsWarning :: String
 windowsWarning = " (does not work on Windows)"
 #endif
 data CabalPgm = Cabal | CabalDev deriving (Show, Eq)
@ -42,24 +24,32 @@ data Options = Options
               }
  deriving (Show, Eq)
-data Command = Init
+data Command = Init [String]
             | HsFiles
             | Configure
             | Build { buildExtraArgs   :: [String] }
             | Touch
-             | Devel { _develDisableApi  :: Bool
+             | Devel { develSuccessHook :: Maybe String
-                     , _develSuccessHook :: Maybe String
+                     , develExtraArgs   :: [String]
-                     , _develFailHook    :: Maybe String
+                     , develPort        :: Int
-                     , _develRescan      :: Int
+                     , develTlsPort     :: Int
-                     , _develBuildDir    :: Maybe String
+                     , proxyTimeout     :: Int
-                     , develIgnore       :: [String]
+                     , noReverseProxy   :: Bool
-                     , develExtraArgs    :: [String]
+                     , develHost        :: Maybe String
-                     , _develPort        :: Int
+                     , cert             :: Maybe (FilePath, FilePath)
                     , _proxyTimeout     :: Int
                     , _noReverseProxy   :: Bool
                     }
             | DevelSignal
             | Test
             | AddHandler
-             | Keter { _keterNoRebuild :: Bool }
+                    { addHandlerRoute   :: Maybe String
                    , addHandlerPattern :: Maybe String
                    , addHandlerMethods :: [String]
                    }
             | Keter
                    { _keterNoRebuild :: Bool
                    , _keterNoCopyTo  :: Bool
                    , _keterBuildArgs :: [String]
                    }
             | Version
  deriving (Show, Eq)
@ -71,36 +61,56 @@ cabalCommand mopt
 main :: IO ()
 main = do
-  o <- execParser =<< injectDefaults "yesod" [ ("yesod.devel.extracabalarg" , \o args -> o { optCommand =
+  o <- execParser =<< injectDefaults "yesod"
-                                                    case optCommand o of
+         [ ("yesod.devel.extracabalarg" , \o args -> o { optCommand =
-                                                        d@Devel{} -> d { develExtraArgs = args }
+                case optCommand o of
-                                                        c -> c
+                    d@Devel{} -> d { develExtraArgs = args }
-                                                    })
+                    c -> c
-                                             , ("yesod.devel.ignore"        , \o args -> o { optCommand =
+                })
-                                                    case optCommand o of
+         , ("yesod.build.extracabalarg" , \o args -> o { optCommand =
-                                                        d@Devel{} -> d { develIgnore = args }
+                case optCommand o of
-                                                        c -> c
+                    b@Build{} -> b { buildExtraArgs = args }
-                                                    })
+                    c -> c
-                                             , ("yesod.build.extracabalarg" , \o args -> o { optCommand =
+                })
-                                                    case optCommand o of
+         ] optParser'
                                                        b@Build{} -> b { buildExtraArgs = args }
                                                        c -> c
                                                    })
                                             ] optParser'
  let cabal xs = rawSystem' (cabalCommand o) xs
  case optCommand o of
-    Init                    -> scaffold
+    Init _          -> initErrorMsg
-    Configure               -> cabal ["configure"]
+    HsFiles         -> mkHsFile
-    Build es                -> touch' >> cabal ("build":es)
+    Configure       -> cabalErrorMsg
-    Touch                   -> touch'
+    Build _         -> cabalErrorMsg
-    Devel da s f r b _ig es p t nrp -> devel (DevelOpts (optCabalPgm o == CabalDev) da (optVerbose o) r s f b p t (not nrp)) es
+    Touch           -> cabalErrorMsg
-    Keter noRebuild         -> keter (cabalCommand o) noRebuild
+    Keter{..}       -> keter (cabalCommand o) _keterNoRebuild _keterNoCopyTo _keterBuildArgs
-    Version                 -> do putStrLn ("yesod-bin version: " ++ showVersion Paths_yesod_bin.version)
+    Version         -> putStrLn ("yesod-bin version: " ++ showVersion Paths_yesod_bin.version)
-    AddHandler              -> addHandler
+    AddHandler{..}  -> addHandler addHandlerRoute addHandlerPattern addHandlerMethods
-    Test                    -> do touch'
+    Test            -> cabalErrorMsg
-                                  cabal ["configure", "--enable-tests", "-flibrary-only"]
+    Devel{..}       -> devel DevelOpts
-                                  cabal ["build"]
+                             { verbose      = optVerbose o
-                                  cabal ["test"]
+                             , successHook  = develSuccessHook
                             , develPort    = develPort
                             , develTlsPort = develTlsPort
                             , proxyTimeout = proxyTimeout
                             , useReverseProxy = not noReverseProxy
                             , develHost    = develHost
                             , cert         = cert
                             } develExtraArgs
    DevelSignal     -> develSignal
  where
    initErrorMsg = do
        mapM_ putStrLn
            [ "The init command has been removed."
            , "Please use 'stack new <project name> <template>' instead where the"
            , "available templates can be found by running 'stack templates'. For"
            , "a Yesod based application you should probably choose one of the"
            , "pre-canned Yesod templates."
            ]
        exitFailure
    cabalErrorMsg = do
        mapM_ putStrLn
            [ "The configure, build, touch, and test commands have been removed."
            , "Please use 'stack' for building your project."
            ]
        exitFailure
 optParser' :: ParserInfo Options
 optParser' = info (helper <*> optParser) ( fullDesc <> header "Yesod Web Framework command line utility" )
@ -109,66 +119,82 @@ optParser :: Parser Options
 optParser = Options
        <$> flag Cabal CabalDev ( long "dev"     <> short 'd' <> help "use cabal-dev" )
        <*> switch              ( long "verbose" <> short 'v' <> help "More verbose output" )
-        <*> subparser ( command "init"      (info (pure Init)
+        <*> subparser ( command "init"         (info (helper <*> initOptions)
-                            (progDesc "Scaffold a new site"))
+                            (progDesc "Command no longer available, please use 'stack new'"))
                      <> command "hsfiles" (info (pure HsFiles)
                            (progDesc "Create a hsfiles file for the current folder"))
                      <> command "configure" (info (pure Configure)
-                            (progDesc "Configure a project for building"))
+                            (progDesc "DEPRECATED"))
-                      <> command "build"     (info (Build <$> extraCabalArgs)
+                      <> command "build"     (info (helper <*> (Build <$> extraCabalArgs))
-                            (progDesc $ "Build project (performs TH dependency analysis)" ++ windowsWarning))
+                            (progDesc "DEPRECATED"))
                      <> command "touch"     (info (pure Touch)
-                            (progDesc $ "Touch any files with altered TH dependencies but do not build" ++ windowsWarning))
+                            (progDesc "DEPRECATED"))
-                      <> command "devel"     (info develOptions
+                      <> command "devel"     (info (helper <*> develOptions)
                            (progDesc "Run project with the devel server"))
                      <> command "devel-signal"     (info (helper <*> pure DevelSignal)
                            (progDesc "Used internally by the devel command"))
                      <> command "test"      (info (pure Test)
-                            (progDesc "Build and run the integration tests"))
+                            (progDesc "DEPRECATED"))
-                      <> command "add-handler" (info (pure AddHandler)
+                      <> command "add-handler" (info (helper <*> addHandlerOptions)
-                            (progDesc "Add a new handler and module to the project"))
+                            (progDesc ("Add a new handler and module to the project."
-                      <> command "keter"       (info keterOptions
+                            ++ " Interactively asks for input if you do not specify arguments.")))
                      <> command "keter"       (info (helper <*> keterOptions)
                            (progDesc "Build a keter bundle"))
                      <> command "version"     (info (pure Version)
                            (progDesc "Print the version of Yesod"))
                      )
 initOptions :: Parser Command
 initOptions = Init <$> many (argument str mempty)
 keterOptions :: Parser Command
-keterOptions = Keter <$> switch ( long "nobuild" <> short 'n' <> help "Skip rebuilding" )
+keterOptions = Keter
    <$> switch ( long "nobuild" <> short 'n' <> help "Skip rebuilding" )
    <*> switch ( long "nocopyto" <> help "Ignore copy-to directive in keter config file" )
    <*> optStrToList ( long "build-args" <> help "Build arguments" )
  where
    optStrToList m = option (words <$> str) $ value [] <> m
 develOptions :: Parser Command
-develOptions = Devel <$> switch ( long "disable-api"  <> short 'd'
+develOptions = Devel <$> optStr ( long "success-hook" <> short 's' <> metavar "COMMAND"
                            <> help "Disable fast GHC API rebuilding")
                     <*> optStr ( long "success-hook" <> short 's' <> metavar "COMMAND"
                            <> help "Run COMMAND after rebuild succeeds")
-                     <*> optStr ( long "failure-hook" <> short 'f' <> metavar "COMMAND"
+                     <*> extraStackArgs
-                            <> help "Run COMMAND when rebuild fails")
+                     <*> option auto ( long "port" <> short 'p' <> value 3000 <> metavar "N"
                     <*> option ( long "event-timeout" <> short 't' <> value 1 <> metavar "N"
                            <> help "Force rescan of files every N seconds" )
                     <*> optStr ( long "builddir" <> short 'b'
                            <> help "Set custom cabal build directory, default `dist'")
                     <*> many ( strOption ( long "ignore" <> short 'i' <> metavar "DIR"
                                   <> help "ignore file changes in DIR" )
                              )
                     <*> extraCabalArgs
                     <*> option ( long "port" <> short 'p' <> value 3000 <> metavar "N"
                            <> help "Devel server listening port" )
-                     <*> option ( long "proxy-timeout" <> short 'x' <> value 0 <> metavar "N"
+                     <*> option auto ( long "tls-port" <> short 'q' <> value 3443 <> metavar "N"
                            <> help "Devel server listening port (tls)" )
                     <*> option auto ( long "proxy-timeout" <> short 'x' <> value 0 <> metavar "N"
                            <> help "Devel server timeout before returning 'not ready' message (in seconds, 0 for none)" )
                     <*> switch ( long "disable-reverse-proxy" <> short 'n'
                            <> help "Disable reverse proxy" )
                     <*> optStr (long "host" <> metavar "HOST"
                            <> help "Host interface to bind to; IP address, '*' for all interfaces, '*4' for IP4, '*6' for IP6")
                     <*> optional ( (,)
                            <$> strOption (long "cert" <> metavar "CERT"
                                   <> help "Path to TLS certificate file, requires that --key is also defined")
                            <*> strOption (long "key" <> metavar "KEY"
                                   <> help "Path to TLS key file, requires that --cert is also defined") )
 extraStackArgs :: Parser [String]
 extraStackArgs = many (strOption ( long "extra-stack-arg" <> short 'e' <> metavar "ARG"
                                   <> help "pass extra argument ARG to stack")
                      )
 extraCabalArgs :: Parser [String]
 extraCabalArgs = many (strOption ( long "extra-cabal-arg" <> short 'e' <> metavar "ARG"
                                   <> help "pass extra argument ARG to cabal")
                      )
 addHandlerOptions :: Parser Command
 addHandlerOptions = AddHandler
    <$> optStr ( long "route" <> short 'r' <> metavar "ROUTE"
           <> help "Name of route (without trailing R). Required.")
    <*> optStr ( long "pattern" <> short 'p' <> metavar "PATTERN"
           <> help "Route pattern (ex: /entry/#EntryId). Defaults to \"\".")
    <*> many (strOption ( long "method" <> short 'm' <> metavar "METHOD"
                 <> help "Takes one method. Use this multiple times to add multiple methods. Defaults to none.")
             )
 -- | Optional @String@ argument
 optStr :: Mod OptionFields (Maybe String) -> Parser (Maybe String)
-optStr m =
+optStr m = option (Just <$> str) $ value Nothing <> m
    nullOption $ value Nothing <> reader (success . str)  <> m
  where
    success = Right
 -- | Like @rawSystem@, but exits if it receives a non-success result.
 rawSystem' :: String -> [String] -> IO ()
 rawSystem' x y = do
    res <- rawSystem x y
    unless (res == ExitSuccess) $ exitWith res
--- a/yesod-bin/refreshing.html
+++ b/yesod-bin/refreshing.html
@ -0,0 +1,86 @@
 <!doctype html>
 <html>
  <head>
    <meta charset='utf-8'>
    <title>Refreshing - Yesod devel</title>
    <style>
      body {
      background: #e6e6e6;
      color: #444;
      text-shadow: 1px 1px 1px #ffffff;
      font-size: 30px;
      font-family: georgia, serif;
      }
      .wrap {
      margin: auto;
      width: 25em;
      }
      h1 {
      margin-bottom: 0;
      }
      h2 {
      margin-top: 0;
      font-size: 1em;
      font-style: italic;
      color: #546369;
      }
      header {
      margin-top: 1em;
      padding-bottom: 0.25em;
      border-bottom: 1px solid #ccc;
      color: #1a6e8e;
      }
      footer {
      margin-top: 3em;
      padding-top: 0.25em;
      border-top: 1px solid #ccc;
      color: #666;
      font-size: 0.8em;
      }
      .msgs {
      font-size: 0.9em;
      }
      .msgs p {
      margin-bottom: 0.5em;
      }
      .msgs ul {
      margin-top: 0;
      line-height: 1.7em;
      }
      .msgs li {
      padding-left: 0.5em;
      }
    </style>
  </head>
  <body>
    <div class="wrap">
      <header><small>Yesod Devel</small></header>
      <h1>The application isn’t built</h1>
      <h2>We’ll keep trying to refresh every second</h2>
      <div class="msgs">
        <script> document.getElementsByClassName("msgs")[0].style.display = "none"; </script>
        <p>Meanwhile, here is a motivational message:</p>
        <ul>
          <li>You are a beautiful person making a beautiful web site.</li>
          <li>Keep going, you’ve nearly fixed the bug!</li>
          <li>Check your posture, don’t lean over too much.</li>
          <li>Get a glass of water, keep hydrated.</li>
        </ul>
      </div>
      <script>
        var msg = document.getElementsByClassName("msgs")[0];
        var lis = Array.prototype.slice.call(msg.querySelectorAll("li"));
        lis.forEach(function(li){ li.style.display = "none"; });
        lis[Math.floor(Math.random() * lis.length)].style.display = "block";
        msg.style.display = "block";
      </script>
      <footer>
        <small>
          <script>
            document.write(new Date())
          </script>
        </small>
      </footer>
    </div>
  </body>
 </html>
--- a/yesod-bin/yesod-bin.cabal
+++ b/yesod-bin/yesod-bin.cabal
@ -1,102 +1,76 @@
 name:            yesod-bin
-version:         1.2.1
+version:         1.6.2.2
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>
 maintainer:      Michael Snoyman <michael@snoyman.com>
 synopsis:        The yesod helper executable.
-description:     Provides scaffolding, devel server, and some simple code generation helpers.
+description:     See README.md for more information
 category:        Web, Yesod
 stability:       Stable
-cabal-version:   >= 1.6
+cabal-version:   >= 1.10
 build-type:      Simple
 homepage:        http://www.yesodweb.com/
 extra-source-files:
-  input/*.cg
+  README.md
-  hsfiles/mongo.hsfiles
+  ChangeLog.md
-  hsfiles/mysql.hsfiles
+  refreshing.html
-  hsfiles/postgres.hsfiles
+  *.pem
  hsfiles/postgres-fay.hsfiles
  hsfiles/simple.hsfiles
  hsfiles/sqlite.hsfiles
 executable             yesod-ghc-wrapper
    main-is: ghcwrapper.hs
    build-depends:
                    base                       >= 4         && < 5
                  , Cabal
 executable             yesod-ld-wrapper
    main-is: ghcwrapper.hs
    cpp-options:     -DLDCMD
    build-depends:
                    base                       >= 4         && < 5
                  , Cabal
 executable             yesod-ar-wrapper
    main-is: ghcwrapper.hs
    cpp-options:     -DARCMD
    build-depends:
                     base                       >= 4         && < 5
                   , Cabal
 executable             yesod
    default-language: Haskell2010
    if os(windows)
        cpp-options:     -DWINDOWS
-    build-depends:     base               >= 4.3          && < 5
+    if os(openbsd)
-                     , ghc                >= 7.0.3        && < 7.8
+        ld-options:      -Wl,-zwxneeded
                     , ghc-paths          >= 0.1
                     , parsec             >= 2.1          && < 4
                     , text               >= 0.11
                     , shakespeare-text   >= 1.0          && < 1.1
                     , shakespeare        >= 1.0.2        && < 1.1
                     , shakespeare-js     >= 1.0.2        && < 1.2
                     , shakespeare-css    >= 1.0.2        && < 1.1
                     , bytestring         >= 0.9.1.4
                     , time               >= 1.1.4
                     , template-haskell
                     , directory          >= 1.0
                     , Cabal
                     , unix-compat        >= 0.2          && < 0.5
                     , containers         >= 0.2
                     , attoparsec         >= 0.10
                     , http-types         >= 0.7
                     , blaze-builder      >= 0.2.1.4      && < 0.4
                     , filepath           >= 1.1
                     , process
                     , zlib               >= 0.5          && < 0.6
                     , tar                >= 0.4          && < 0.5
                     , system-filepath    >= 0.4          && < 0.5
                     , system-fileio      >= 0.3          && < 0.4
                     , unordered-containers
                     , yaml               >= 0.8          && < 0.9
                     , optparse-applicative >= 0.5
                     , fsnotify           >= 0.0          && < 0.1
                     , split              >= 0.2          && < 0.3
                     , file-embed
                     , conduit            >= 0.5          && < 1.1
                     , resourcet          >= 0.3          && < 0.5
                     , base64-bytestring
                     , lifted-base
                     , http-reverse-proxy >= 0.1.1
                     , network
                     , http-conduit
                     , network-conduit
                     , project-template   >= 0.1.1
                     , transformers
                     , warp               >= 1.3.7.5
                     , wai                >= 1.4
-    ghc-options:       -Wall -threaded
+    build-depends:     base               >= 4.10         && < 5
                     , Cabal              >= 1.18
                     , bytestring         >= 0.9.1.4
                     , conduit            >= 1.3
                     , conduit-extra      >= 1.3
                     , containers         >= 0.2
                     , data-default-class
                     , directory          >= 1.2.1
                     , file-embed
                     , filepath           >= 1.1
                     , fsnotify
                     , http-client        >= 0.4.7
                     , http-client-tls
                     , http-reverse-proxy >= 0.4
                     , http-types         >= 0.7
                     , network            >= 2.5
                     , optparse-applicative >= 0.11
                     , process
                     , project-template   >= 0.1.1
                     , say
                     , split              >= 0.2          && < 0.3
                     , stm
                     , streaming-commons
                     , tar                >= 0.4          && < 0.6
                     , text               >= 0.11
                     , time               >= 1.1.4
                     , transformers
                     , transformers-compat
                     , unliftio
                     , unordered-containers
                     , wai                >= 2.0
                     , wai-extra
                     , warp               >= 1.3.7.5
                     , warp-tls           >= 3.0.1
                     , yaml               >= 0.8          && < 0.12
                     , zlib               >= 0.5
                     , aeson
    ghc-options:       -Wall -threaded -rtsopts
    main-is:           main.hs
-    other-modules:     Scaffolding.Scaffolder
+    other-modules:     Devel
                       Devel
                       Build
                       GhcBuild
                       Keter
                       AddHandler
                       Paths_yesod_bin
                       Options
                       HsFile
 source-repository head
  type:     git
--- a/yesod-core/ChangeLog.md
+++ b/yesod-core/ChangeLog.md
@ -0,0 +1,463 @@
 # ChangeLog for yesod-core
 ## 1.6.25.1
 * Export the options that were created in 1.6.25.0 [#1825](https://github.com/yesodweb/yesod/pull/1825)
 ## 1.6.25.0
 * Add an options structure that allows the user to set which instances will be derived for a routes structure. [#1819](https://github.com/yesodweb/yesod/pull/1819)
 ## 1.6.24.5
 * Support Aeson 2.2 [#1818](https://github.com/yesodweb/yesod/pull/1818)
 ## 1.6.24.4
 * Fix test-suite compilation error for GHC >= 9.0.1 [#1812](https://github.com/yesodweb/yesod/pull/1812)
 ## 1.6.24.3
 * Fix subsite-to-subsite dispatch [#1805](https://github.com/yesodweb/yesod/pull/1805)
 ## 1.6.24.2
 * No star is type [#1797](https://github.com/yesodweb/yesod/pull/1797)
 ## 1.6.24.1
 * Adapt to removal of `ListT` from transformers-0.6. [#1796](https://github.com/yesodweb/yesod/pull/1796)
 ## 1.6.24.0
 * Make catching exceptions configurable and set the default back to rethrowing async exceptions. [#1772](https://github.com/yesodweb/yesod/pull/1772).
 ## 1.6.23.1
 * Fix typo in creation of the description `<meta>` tag in `defaultLayout`. [#1766](https://github.com/yesodweb/yesod/pull/1766)
 ## 1.6.23
 * Add idempotent versions of `setDescription`, `setDescriptionI`. These functions
  have odd behaviour when called multiple times, so they are now warned against.
  This can't be a silent change - if you want to switch to the new functions, make
  sure your layouts are updated to use `pageDescription` as well as `pageTitle`.
  [#1765](https://github.com/yesodweb/yesod/pull/1765)
 ## 1.6.22.1
 + Remove sometimes failing superfluous test. [#1756](https://github.com/yesodweb/yesod/pull/1756)
 ## 1.6.22.0
 * Add missing list to documentation for ``Yesod.Core.Dispatch.warp``. [#1745](https://github.com/yesodweb/yesod/pull/1745)
 * Add instances for `ToContent Void`, `ToTypedContent Void`. [#1752](https://github.com/yesodweb/yesod/pull/1752)
 * Handle async exceptions within yesod rather then warp. [#1753](https://github.com/yesodweb/yesod/pull/1753)
 * Support template-haskell 2.18 [#1754](https://github.com/yesodweb/yesod/pull/1754)
 ## 1.6.21.0
 * Export `Yesod.Core.Dispatch.defaultGen` so that users may reuse it for their own `YesodRunnerEnv`s [#1734](https://github.com/yesodweb/yesod/pull/1734)
 ## 1.6.20.2
 * Fix compatibility with template-haskell 2.17 [#1729](https://github.com/yesodweb/yesod/pull/1729)
 ## 1.6.20.1
 * Throw an error in `breadcrumbs` if the trail of breadcrumbs is circular. [#1727](https://github.com/yesodweb/yesod/issues/1727)
 ## 1.6.20
 * Generate CSRF tokens using a secure entropy source [#1726](https://github.com/yesodweb/yesod/pull/1726)
 * Change semantics of `yreGen` and `defaultGen`
 ## 1.6.19.0
 * Change order of priority in `languages`[#1721](https://github.com/yesodweb/yesod/pull/1721)
 ## 1.6.18.8
 * Fix test suite for wai-extra change around vary header
 ## 1.6.18.7
 * Fix functions generating Open Graph metadata[#1709](https://github.com/yesodweb/yesod/pull/1709)
 ## 1.6.18.6
 * Update documentation from `HandlerT` to `HandlerFor` [#1703](https://github.com/yesodweb/yesod/pull/1703)
 ## 1.6.18.5
 Document `ErrorResponse` [#1698](https://github.com/yesodweb/yesod/pull/1698)
 ## 1.6.18.4
 * Fixed a bug where `mkYesod` and other TH functions didn't work for datatypes with explicitly stated type variables, including the case with typeclass constraints. [https://github.com/yesodweb/yesod/pull/1697](#1697)
 ## 1.6.18.3
 * Remove mention of an oudated Yesod type (`GHandler`) from the docs for `handlerToIO`. [https://github.com/yesodweb/yesod/pull/1695](#1695)
 ## 1.6.18.2
 * Recommends `.yesodroutes` as the file extension for Yesod routes files. [#1686](https://github.com/yesodweb/yesod/pull/1686)
 ## 1.6.18.1
 * Increase the size of CSRF token
 ## 1.6.18
 * Add functions for setting description and OG meta [#1663](https://github.com/yesodweb/yesod/pull/1663)
 * Use `DeriveLift` to implement the `Lift` instances for `ResourceTree`,
  `Resource`, `Piece`, and `Dispatch`. Among other benefits, this provides
  implementations of `liftTyped` on `template-haskell-2.16` (GHC 8.10) or
  later. [#1664](https://github.com/yesodweb/yesod/pull/1664)
 ## 1.6.17.3
 * Support for `unliftio-core` 0.2
 ## 1.6.17.2
 * Support template-haskell 2.16, build with GHC 8.10 [#1657](https://github.com/yesodweb/yesod/pull/1657)
 ## 1.6.17.1
 * Remove unnecessary deriving of Typeable
 ## 1.6.17
 * Adds `contentTypeIsJson` [#1646](https://github.com/yesodweb/yesod/pull/1646)
 ## 1.6.16.1
 * Compiles with GHC 8.8.1
 ## 1.6.16
 * Add `jsAttributesHandler` to run arbitrary Handler code before building the
  attributes map for the script tag generated by `widgetFile` [#1622](https://github.com/yesodweb/yesod/pull/1622)
 ## 1.6.15
 * Move `redirectToPost` JavaScript form submission from HTML element to
  `<script>` tag for CSP reasons [#1620](https://github.com/yesodweb/yesod/pull/1620)
 ## 1.6.14
 * Introduce `JSONResponse`. [issue #1481](https://github.com/yesodweb/yesod/issues/1481) and [PR #1592](https://github.com/yesodweb/yesod/pull/1592)
 ## 1.6.13
 * Introduce `maxContentLengthIO`. [issue #1588](https://github.com/yesodweb/yesod/issues/1588) and [PR #1589](https://github.com/yesodweb/yesod/pull/1589)
 ## 1.6.12
 * Use at most one valid session cookie per request [#1581](https://github.com/yesodweb/yesod/pull/1581)
 ## 1.6.11
 * Deprecate insecure JSON parsing functions [#1576](https://github.com/yesodweb/yesod/pull/1576)
 ## 1.6.10.1
 * Fix test suite compilation for [commercialhaskell/stackage#4319](https://github.com/commercialhaskell/stackage/issues/4319)
 ## 1.6.10
 * Adds functions to get and set values in the per-request caches. [#1573](https://github.com/yesodweb/yesod/pull/1573)
 ## 1.6.9
 * Add `sendResponseNoContent` [#1565](https://github.com/yesodweb/yesod/pull/1565)
 ## 1.6.8.1
 * Add missing test file to tarball [#1563](https://github.com/yesodweb/yesod/issues/1563)
 ## 1.6.8
 * In the route syntax, allow trailing backslashes to indicate line
    continuation. [#1558](https://github.com/yesodweb/yesod/pull/1558)
 ## 1.6.7
 * If no matches are found, `selectRep` chooses first representation regardless
    of the presence or absence of a `Content-Type` header in the request
    [#1540](https://github.com/yesodweb/yesod/pull/1540)
 * Sets the `X-XSS-Protection` header to `1; mode=block` [#1550](https://github.com/yesodweb/yesod/pull/1550)
 * Add `PrimMonad` instances for `HandlerFor` and `WidgetFor` [from
  StackOverflow](https://stackoverflow.com/q/52692508/369198)
 ## 1.6.6
 * `defaultErrorHandler` handles text/plain requests [#1522](https://github.com/yesodweb/yesod/pull/1520)
 ## 1.6.5
 * Add `fileSourceByteString` [#1503](https://github.com/yesodweb/yesod/pull/1503)
 ## 1.6.4
 * Add `addContentDispositionFileName` [#1504](https://github.com/yesodweb/yesod/pull/1504)
 ## 1.6.3
 * Add missing export for `SubHandlerFor`
 ## 1.6.2
 * Derive a `Show` instance for `ResourceTree` and `FlatResource` [#1492](https://github.com/yesodweb/yesod/pull/1492)
 	* Some third party packages, like `yesod-routes-flow` derive their own `Show` instance, and this will break those packages.
 ## 1.6.1
 * Add a `Semigroup LiteApp` instance, and explicitly define `(<>)` in the
  already existing `Semigroup` instances for `WidgetFor`, `Head`, `Body`,
  `GWData`, and `UniqueList`.
 ## 1.6.0
 * Upgrade to conduit 1.3.0
 * Switch to `MonadUnliftIO`
 * Drop `mwc-random` and `blaze-builder` dependencies
 * Strictify some internal data structures
 * Add `CI` wrapper to first field in `Header` data constructor
  [#1418](https://github.com/yesodweb/yesod/issues/1418)
 * Internal only change, users of stable API are unaffected: `WidgetT`
  holds its data in an `IORef` so that it is isomorphic to `ReaderT`,
  avoiding state-loss issues..
 * Overhaul of `HandlerT`/`WidgetT` to no longer be transformers.
 * Fix Haddock comment & simplify implementation for `contentTypeTypes` [#1476](https://github.com/yesodweb/yesod/issues/1476)
 ## 1.4.37.3
 * Improve error message when request body is too large [#1477](https://github.com/yesodweb/yesod/pull/1477)
 ## 1.4.37.2
 * Improve error messages for the CSRF checking functions [#1455](https://github.com/yesodweb/yesod/issues/1455)
 ## 1.4.37.1
 * Fix documentation on `languages` function, update `getMessageRender` to use said function. [#1457](https://github.com/yesodweb/yesod/pull/1457)
 ## 1.4.37
 * Add `setWeakEtag` function in Yesod.Core.Handler module.
 ## 1.4.36
 * Add `replaceOrAddHeader` function in Yesod.Core.Handler module. [1416](https://github.com/yesodweb/yesod/issues/1416)
 ## 1.4.35.1
 * TH fix for GHC 8.2
 ## 1.4.35
 * Contexts can be included in generated TH instances. [1365](https://github.com/yesodweb/yesod/issues/1365)
 * Type variables can be included in routes.
 ## 1.4.34
 * Add `WaiSubsiteWithAuth`. [#1394](https://github.com/yesodweb/yesod/pull/1394)
 ## 1.4.33
 * Adds curly brackets to route parser. [#1363](https://github.com/yesodweb/yesod/pull/1363)
 ## 1.4.32
 * Fix warnings
 * Route parsing handles CRLF line endings
 * Add 'getPostParams' in Yesod.Core.Handler
 * Haddock rendering improved.
 ## 1.4.31
 * Add `parseCheckJsonBody` and `requireCheckJsonBody`
 ## 1.4.30
 * Add `defaultMessageWidget`
 ## 1.4.29
 * Exports some internals and fix version bounds [#1318](https://github.com/yesodweb/yesod/pull/1318)
 ## 1.4.28
 * Add ToWidget instances for strict text, lazy text, and text builder [#1310](https://github.com/yesodweb/yesod/pull/1310)
 ## 1.4.27
 * Added `jsAttributes` [#1308](https://github.com/yesodweb/yesod/pull/1308)
 ## 1.4.26
 * Modify `languages` so that, if you previously called `setLanguage`, the newly
  set language will be reflected.
 ## 1.4.25
 * Add instance of MonadHandler and MonadWidget for ExceptT [#1278](https://github.com/yesodweb/yesod/pull/1278)
 ## 1.4.24
 * cached and cachedBy will not overwrite global state changes [#1268](https://github.com/yesodweb/yesod/pull/1268)
 ## 1.4.23.1
 * Don't allow sending multiple cookies with the same name to the client, in accordance with [RFC 6265](https://tools.ietf.org/html/rfc6265). This fixes an issue where multiple CSRF tokens were sent to the client. [#1258](https://github.com/yesodweb/yesod/pull/1258)
 * Default CSRF tokens to the root path "/", fixing an issue where multiple tokens were stored in cookies, and using the wrong one led to CSRF errors [#1248](https://github.com/yesodweb/yesod/pull/1248)
 ## 1.4.23
 * urlParamRenderOverride method for Yesod class [#1257](https://github.com/yesodweb/yesod/pull/1257)
 * Add laxSameSiteSessions and strictSameSiteSessions [#1226](https://github.com/yesodweb/yesod/pull/1226)
 ## 1.4.22
 * Proper handling of impure exceptions within `HandlerError` values
 ## 1.4.21
 * Add support for `Encoding` from `aeson-0.11` [#1241](https://github.com/yesodweb/yesod/pull/1241)
 ## 1.4.20.2
 * GHC 8 support
 ## 1.4.20.1
 * Log a warning when a CSRF error occurs [#1200](https://github.com/yesodweb/yesod/pull/1200)
 ## 1.4.20
 * `addMessage`, `addMessageI`, and `getMessages` functions
 ## 1.4.19.1
 * Allow lines of dashes in route files [#1182](https://github.com/yesodweb/yesod/pull/1182)
 ## 1.4.19
 * Auth logout not working with defaultCsrfMiddleware [#1151](https://github.com/yesodweb/yesod/issues/1151)
 ## 1.4.18.2
 * Allow subsites within hierarchical routes [#1144](https://github.com/yesodweb/yesod/pull/1144)
 ## 1.4.18
 * Add hook to apply arbitrary function to all handlers [#1122](https://github.com/yesodweb/yesod/pull/1122)
 ## 1.4.17
 * Add `getApprootText`
 ## 1.4.16
 * Add `guessApproot` and `guessApprootOr`
 ## 1.4.15.1
 * bugfix neverExpires leaked threads
 ## 1.4.15
 * mkYesod avoids using reify when it isn't necessary. This avoids needing to define the site type below the call to mkYesod.
 ## 1.4.14
 * Add CSRF protection functions and middleware based on HTTP cookies and headers [#1017](https://github.com/yesodweb/yesod/pull/1017)
 * Add mkYesodWith, which allows creating sites with polymorphic type parameters [#1055](https://github.com/yesodweb/yesod/pull/1055)
 * Do not define the site type below a call to mkYesod (or any variant), as it will be required at splicing time for reification.
  This was allowed before because reification was not in use. Reification was introduced to allow parametrized types to be used
  by mkYesod (and variants), with potentially polymorphic variables.
 ## 1.4.13
 * Add getsYesod function [#1042](https://github.com/yesodweb/yesod/pull/1042)
 * Add IsString instance for WidgetT site m () [#1038](https://github.com/yesodweb/yesod/pull/1038)
 ## 1.4.12
 * Don't show source location for logs that don't have that information [#1027](https://github.com/yesodweb/yesod/pull/1027)
 ## 1.4.11
 * Expose `stripHandlerT` and `subHelper`
 ## 1.4.10
 * Export log formatting [#1001](https://github.com/yesodweb/yesod/pull/1001)
 ## 1.4.9.1
 * Deal better with multiple cookie headers
 ## 1.4.9
 * Add simple authentication helpers [#962](https://github.com/yesodweb/yesod/pull/962)
 ## 1.4.8.3
 * Use 307 redirect for cleaning paths and non-GET requests [#951](https://github.com/yesodweb/yesod/issues/951)
 ## 1.4.8.2
 * Allow blaze-builder 0.4
 ## 1.4.8.1
 * Bump upper bound on path-pieces
 ## 1.4.8
 * Add a bunch of `Semigroup` instances
 ## 1.4.7.3
 * Remove defunct reference to SpecialResponse [#925](https://github.com/yesodweb/yesod/issues/925)
 ## 1.4.7
 SSL-only session security [#894](https://github.com/yesodweb/yesod/pull/894)
 ## 1.4.6.2
 monad-control 1.0
 ## 1.4.6
 Added the `Yesod.Core.Unsafe` module.
 ## 1.4.5
 * `envClientSessionBackend`
 * Add `MonadLoggerIO` instances (conditional on monad-logger 0.3.10 being used).
 ## 1.4.4.5
 Support time 1.5
 ## 1.4.4.2
 `neverExpires` uses dates one year in the future (instead of in 2037).
 ## 1.4.4.1
 Improvements to etag/if-none-match support #868 #869
 ## 1.4.4
 Add the `notModified` and `setEtag` functions.
 ## 1.4.3
 Switch to mwc-random for token generation.
--- a/yesod-core/README
+++ b/yesod-core/README
@ -1 +0,0 @@
 Learn more at http://docs.yesodweb.com/
--- a/yesod-core/README.md
+++ b/yesod-core/README.md
@ -0,0 +1,7 @@
 ## yesod-core
 This is the main package for Yesod, providing all core functionality on which
 other packages can be built. It provides dispatch, handler functions, widgets,
 etc.
 Yesod is well documented on [its website](http://www.yesodweb.com/).
--- a/yesod-core/Yesod/Core/Class/Dispatch.hs
+++ b/yesod-core/Yesod/Core/Class/Dispatch.hs
@ -1,43 +0,0 @@
 {-# LANGUAGE MultiParamTypeClasses #-}
 {-# LANGUAGE RecordWildCards #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE ViewPatterns #-}
 {-# LANGUAGE FlexibleInstances #-}
 {-# LANGUAGE TypeFamilies #-}
 {-# LANGUAGE FlexibleContexts  #-}
 module Yesod.Core.Class.Dispatch where
 import Yesod.Routes.Class
 import qualified Network.Wai as W
 import Yesod.Core.Types
 import Yesod.Core.Content
 import Yesod.Core.Class.Yesod
 import Yesod.Core.Class.Handler
 import Yesod.Core.Internal.Run
 -- | This class is automatically instantiated when you use the template haskell
 -- mkYesod function. You should never need to deal with it directly.
 class Yesod site => YesodDispatch site where
    yesodDispatch :: YesodRunnerEnv site -> W.Application
 class YesodSubDispatch sub m where
    yesodSubDispatch :: YesodSubRunnerEnv sub (HandlerSite m) m
                     -> W.Application
 instance YesodSubDispatch WaiSubsite master where
    yesodSubDispatch YesodSubRunnerEnv {..} req =
        app req
      where
        WaiSubsite app = ysreGetSub $ yreSite $ ysreParentEnv
 -- | A helper function for creating YesodSubDispatch instances, used by the
 -- internal generated code.
 subHelper :: Monad m -- NOTE: This is incredibly similar in type signature to yesodRunner, should probably be pointed out/explained.
          => HandlerT child (HandlerT parent m) TypedContent
          -> YesodSubRunnerEnv child parent (HandlerT parent m)
          -> Maybe (Route child)
          -> W.Application
 subHelper handlert YesodSubRunnerEnv {..} route =
    ysreParentRunner base ysreParentEnv (fmap ysreToParentRoute route)
  where
    base = stripHandlerT (fmap toTypedContent handlert) ysreGetSub ysreToParentRoute route
--- a/yesod-core/Yesod/Core/Class/Handler.hs
+++ b/yesod-core/Yesod/Core/Class/Handler.hs
@ -1,92 +0,0 @@
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE TypeFamilies #-}
 {-# LANGUAGE ConstraintKinds #-}
 {-# LANGUAGE TupleSections #-}
 {-# LANGUAGE FlexibleInstances #-}
 {-# LANGUAGE FlexibleContexts #-}
 {-# LANGUAGE UndecidableInstances #-}
 module Yesod.Core.Class.Handler
    ( MonadHandler (..)
    , MonadWidget (..)
    ) where
 import Yesod.Core.Types
 import Data.Monoid (mempty)
 import Control.Monad (liftM)
 import Control.Monad.IO.Class (MonadIO, liftIO)
 import Control.Monad.Trans.Resource (MonadResource, MonadResourceBase, ExceptionT (..))
 import Control.Monad.Trans.Class (lift)
 import Data.Monoid (Monoid)
 import Data.Conduit.Internal (Pipe, ConduitM)
 import Control.Monad.Trans.Identity ( IdentityT)
 import Control.Monad.Trans.List     ( ListT    )
 import Control.Monad.Trans.Maybe    ( MaybeT   )
 import Control.Monad.Trans.Error    ( ErrorT, Error)
 import Control.Monad.Trans.Reader   ( ReaderT  )
 import Control.Monad.Trans.State    ( StateT   )
 import Control.Monad.Trans.Writer   ( WriterT  )
 import Control.Monad.Trans.RWS      ( RWST     )
 import qualified Control.Monad.Trans.RWS.Strict    as Strict ( RWST   )
 import qualified Control.Monad.Trans.State.Strict  as Strict ( StateT )
 import qualified Control.Monad.Trans.Writer.Strict as Strict ( WriterT )
 class MonadResource m => MonadHandler m where
    type HandlerSite m
    liftHandlerT :: HandlerT (HandlerSite m) IO a -> m a
 replaceToParent :: HandlerData site route -> HandlerData site ()
 replaceToParent hd = hd { handlerToParent = const () }
 instance MonadResourceBase m => MonadHandler (HandlerT site m) where
    type HandlerSite (HandlerT site m) = site
    liftHandlerT (HandlerT f) = HandlerT $ liftIO . f . replaceToParent
 {-# RULES "liftHandlerT (HandlerT site IO)" forall action. liftHandlerT action = id #-}
 instance MonadResourceBase m => MonadHandler (WidgetT site m) where
    type HandlerSite (WidgetT site m) = site
    liftHandlerT (HandlerT f) = WidgetT $ liftIO . liftM (, mempty) . f . replaceToParent
 {-# RULES "liftHandlerT (WidgetT site IO)" forall f. liftHandlerT (HandlerT f) = WidgetT $ liftM (, mempty) . f #-}
 #define GO(T) instance MonadHandler m => MonadHandler (T m) where type HandlerSite (T m) = HandlerSite m; liftHandlerT = lift . liftHandlerT
 #define GOX(X, T) instance (X, MonadHandler m) => MonadHandler (T m) where type HandlerSite (T m) = HandlerSite m; liftHandlerT = lift . liftHandlerT
 GO(IdentityT)
 GO(ListT)
 GO(MaybeT)
 GOX(Error e, ErrorT e)
 GO(ReaderT r)
 GO(StateT s)
 GOX(Monoid w, WriterT w)
 GOX(Monoid w, RWST r w s)
 GOX(Monoid w, Strict.RWST r w s)
 GO(Strict.StateT s)
 GOX(Monoid w, Strict.WriterT w)
 GO(ExceptionT)
 GO(Pipe l i o u)
 GO(ConduitM i o)
 #undef GO
 #undef GOX
 class MonadHandler m => MonadWidget m where
    liftWidgetT :: WidgetT (HandlerSite m) IO a -> m a
 instance MonadResourceBase m => MonadWidget (WidgetT site m) where
    liftWidgetT (WidgetT f) = WidgetT $ liftIO . f . replaceToParent
 #define GO(T) instance MonadWidget m => MonadWidget (T m) where liftWidgetT = lift . liftWidgetT
 #define GOX(X, T) instance (X, MonadWidget m) => MonadWidget (T m) where liftWidgetT = lift . liftWidgetT
 GO(IdentityT)
 GO(ListT)
 GO(MaybeT)
 GOX(Error e, ErrorT e)
 GO(ReaderT r)
 GO(StateT s)
 GOX(Monoid w, WriterT w)
 GOX(Monoid w, RWST r w s)
 GOX(Monoid w, Strict.RWST r w s)
 GO(Strict.StateT s)
 GOX(Monoid w, Strict.WriterT w)
 GO(ExceptionT)
 GO(Pipe l i o u)
 GO(ConduitM i o)
 #undef GO
 #undef GOX
--- a/yesod-core/Yesod/Core/Class/Yesod.hs
+++ b/yesod-core/Yesod/Core/Class/Yesod.hs
@ -1,633 +0,0 @@
 {-# LANGUAGE FlexibleContexts  #-}
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE QuasiQuotes       #-}
 {-# LANGUAGE TemplateHaskell   #-}
 module Yesod.Core.Class.Yesod where
 import           Control.Monad.Logger               (logErrorS)
 import           Yesod.Core.Content
 import           Yesod.Core.Handler
 import           Yesod.Routes.Class
 import           Blaze.ByteString.Builder           (Builder)
 import           Blaze.ByteString.Builder.Char.Utf8 (fromText)
 import           Control.Arrow                      ((***), second)
 import           Control.Monad                      (forM, when, void)
 import           Control.Monad.IO.Class             (MonadIO (liftIO))
 import           Control.Monad.Logger               (LogLevel (LevelInfo, LevelOther),
                                                     LogSource)
 import qualified Data.ByteString.Char8              as S8
 import qualified Data.ByteString.Lazy               as L
 import Data.Aeson (object, (.=))
 import           Data.List                          (foldl')
 import           Data.List                          (nub)
 import qualified Data.Map                           as Map
 import           Data.Maybe                         (fromMaybe)
 import           Data.Monoid
 import           Data.Text                          (Text)
 import qualified Data.Text                          as T
 import qualified Data.Text.Encoding                 as TE
 import qualified Data.Text.Encoding.Error           as TEE
 import           Data.Text.Lazy.Builder             (toLazyText)
 import           Data.Text.Lazy.Encoding            (encodeUtf8)
 import           Data.Word                          (Word64)
 import           Language.Haskell.TH.Syntax         (Loc (..))
 import           Network.HTTP.Types                 (encodePath)
 import qualified Network.Wai                        as W
 import           Data.Default                       (def)
 import           Network.Wai.Parse                  (lbsBackEnd,
                                                     tempFileBackEnd)
 import           System.IO                          (stdout)
 import           System.Log.FastLogger              (LogStr (..), Logger,
                                                     loggerDate, loggerPutStr,
                                                     mkLogger)
 import           System.Log.FastLogger.Date         (ZonedDate)
 import           Text.Blaze                         (customAttribute, textTag,
                                                     toValue, (!))
 import           Text.Blaze                         (preEscapedToMarkup)
 import qualified Text.Blaze.Html5                   as TBH
 import           Text.Hamlet
 import           Text.Julius
 import qualified Web.ClientSession                  as CS
 import           Web.Cookie                         (parseCookies)
 import           Web.Cookie                         (SetCookie (..))
 import           Yesod.Core.Types
 import           Yesod.Core.Internal.Session
 import           Yesod.Core.Widget
 import Control.Monad.Trans.Class (lift)
 -- | Define settings for a Yesod applications. All methods have intelligent
 -- defaults, and therefore no implementation is required.
 class RenderRoute site => Yesod site where
    -- | An absolute URL to the root of the application. Do not include
    -- trailing slash.
    --
    -- Default value: 'ApprootRelative'. This is valid under the following
    -- conditions:
    --
    -- * Your application is served from the root of the domain.
    --
    -- * You do not use any features that require absolute URLs, such as Atom
    -- feeds and XML sitemaps.
    --
    -- If this is not true, you should override with a different
    -- implementation.
    approot :: Approot site
    approot = ApprootRelative
    -- | Output error response pages.
    --
    -- Default value: 'defaultErrorHandler'.
    errorHandler :: ErrorResponse -> HandlerT site IO TypedContent
    errorHandler = defaultErrorHandler
    -- | Applies some form of layout to the contents of a page.
    defaultLayout :: WidgetT site IO () -> HandlerT site IO Html
    defaultLayout w = do
        p <- widgetToPageContent w
        mmsg <- getMessage
        giveUrlRenderer [hamlet|
            $newline never
            $doctype 5
            <html>
                <head>
                    <title>#{pageTitle p}
                    ^{pageHead p}
                <body>
                    $maybe msg <- mmsg
                        <p .message>#{msg}
                    ^{pageBody p}
            |]
    -- | Override the rendering function for a particular URL. One use case for
    -- this is to offload static hosting to a different domain name to avoid
    -- sending cookies.
    urlRenderOverride :: site -> Route site -> Maybe Builder
    urlRenderOverride _ _ = Nothing
    -- | Determine if a request is authorized or not.
    --
    -- Return 'Authorized' if the request is authorized,
    -- 'Unauthorized' a message if unauthorized.
    -- If authentication is required, return 'AuthenticationRequired'.
    isAuthorized :: Route site
                 -> Bool -- ^ is this a write request?
                 -> HandlerT site IO AuthResult
    isAuthorized _ _ = return Authorized
    -- | Determines whether the current request is a write request. By default,
    -- this assumes you are following RESTful principles, and determines this
    -- from request method. In particular, all except the following request
    -- methods are considered write: GET HEAD OPTIONS TRACE.
    --
    -- This function is used to determine if a request is authorized; see
    -- 'isAuthorized'.
    isWriteRequest :: Route site -> HandlerT site IO Bool
    isWriteRequest _ = do
        wai <- waiRequest
        return $ W.requestMethod wai `notElem`
            ["GET", "HEAD", "OPTIONS", "TRACE"]
    -- | The default route for authentication.
    --
    -- Used in particular by 'isAuthorized', but library users can do whatever
    -- they want with it.
    authRoute :: site -> Maybe (Route site)
    authRoute _ = Nothing
    -- | A function used to clean up path segments. It returns 'Right' with a
    -- clean path or 'Left' with a new set of pieces the user should be
    -- redirected to. The default implementation enforces:
    --
    -- * No double slashes
    --
    -- * There is no trailing slash.
    --
    -- Note that versions of Yesod prior to 0.7 used a different set of rules
    -- involing trailing slashes.
    cleanPath :: site -> [Text] -> Either [Text] [Text]
    cleanPath _ s =
        if corrected == s
            then Right $ map dropDash s
            else Left corrected
      where
        corrected = filter (not . T.null) s
        dropDash t
            | T.all (== '-') t = T.drop 1 t
            | otherwise = t
    -- | Builds an absolute URL by concatenating the application root with the
    -- pieces of a path and a query string, if any.
    -- Note that the pieces of the path have been previously cleaned up by 'cleanPath'.
    joinPath :: site
             -> T.Text -- ^ application root
             -> [T.Text] -- ^ path pieces
             -> [(T.Text, T.Text)] -- ^ query string
             -> Builder
    joinPath _ ar pieces' qs' =
        fromText ar `mappend` encodePath pieces qs
      where
        pieces = if null pieces' then [""] else map addDash pieces'
        qs = map (TE.encodeUtf8 *** go) qs'
        go "" = Nothing
        go x = Just $ TE.encodeUtf8 x
        addDash t
            | T.all (== '-') t = T.cons '-' t
            | otherwise = t
    -- | This function is used to store some static content to be served as an
    -- external file. The most common case of this is stashing CSS and
    -- JavaScript content in an external file; the "Yesod.Widget" module uses
    -- this feature.
    --
    -- The return value is 'Nothing' if no storing was performed; this is the
    -- default implementation. A 'Just' 'Left' gives the absolute URL of the
    -- file, whereas a 'Just' 'Right' gives the type-safe URL. The former is
    -- necessary when you are serving the content outside the context of a
    -- Yesod application, such as via memcached.
    addStaticContent :: Text -- ^ filename extension
                     -> Text -- ^ mime-type
                     -> L.ByteString -- ^ content
                     -> HandlerT site IO (Maybe (Either Text (Route site, [(Text, Text)])))
    addStaticContent _ _ _ = return Nothing
    -- | Maximum allowed length of the request body, in bytes.
    --
    -- If @Nothing@, no maximum is applied.
    --
    -- Default: 2 megabytes.
    maximumContentLength :: site -> Maybe (Route site) -> Maybe Word64
    maximumContentLength _ _ = Just $ 2 * 1024 * 1024 -- 2 megabytes
    -- | Creates a @Logger@ to use for log messages.
    --
    -- Note that a common technique (endorsed by the scaffolding) is to create
    -- a @Logger@ value and place it in your foundation datatype, and have this
    -- method return that already created value. That way, you can use that
    -- same @Logger@ for printing messages during app initialization.
    --
    -- Default: Sends to stdout and automatically flushes on each write.
    makeLogger :: site -> IO Logger
    makeLogger _ = mkLogger True stdout
    -- | Send a message to the @Logger@ provided by @getLogger@.
    --
    -- Default implementation: checks if the message should be logged using
    -- 'shouldLog' and, if so, formats using 'formatLogMessage'.
    messageLoggerSource :: site
                        -> Logger
                        -> Loc -- ^ position in source code
                        -> LogSource
                        -> LogLevel
                        -> LogStr -- ^ message
                        -> IO ()
    messageLoggerSource a logger loc source level msg =
        when (shouldLog a source level) $
            formatLogMessage (loggerDate logger) loc source level msg >>= loggerPutStr logger
    -- | Where to Load sripts from. We recommend the default value,
    -- 'BottomOfBody'.  Alternatively use the built in async yepnope loader:
    --
    -- > BottomOfHeadAsync $ loadJsYepnope $ Right $ StaticR js_modernizr_js
    --
    -- Or write your own async js loader.
    jsLoader :: site -> ScriptLoadPosition site
    jsLoader _ = BottomOfBody
    -- | Create a session backend. Returning 'Nothing' disables
    -- sessions. If you'd like to change the way that the session
    -- cookies are created, take a look at
    -- 'customizeSessionCookies'.
    --
    -- Default: Uses clientsession with a 2 hour timeout.
    makeSessionBackend :: site -> IO (Maybe SessionBackend)
    makeSessionBackend _ = fmap Just $ defaultClientSessionBackend 120 CS.defaultKeyFile
    -- | How to store uploaded files.
    --
    -- Default: When the request body is greater than 50kb, store in a temp
    -- file. For chunked request bodies, store in a temp file. Otherwise, store
    -- in memory.
    fileUpload :: site -> W.RequestBodyLength -> FileUpload
    fileUpload _ (W.KnownLength size)
        | size <= 50000 = FileUploadMemory lbsBackEnd
    fileUpload _ _ = FileUploadDisk tempFileBackEnd
    -- | Should we log the given log source/level combination.
    --
    -- Default: Logs everything at or above 'logLevel'
    shouldLog :: site -> LogSource -> LogLevel -> Bool
    shouldLog _ _ level = level >= LevelInfo
    -- | A Yesod middleware, which will wrap every handler function. This
    -- allows you to run code before and after a normal handler.
    --
    -- Default: the 'defaultYesodMiddleware' function.
    --
    -- Since: 1.1.6
    yesodMiddleware :: ToTypedContent res => HandlerT site IO res -> HandlerT site IO res
    yesodMiddleware = defaultYesodMiddleware
 -- | Default implementation of 'yesodMiddleware'. Adds the response header
 -- \"Vary: Accept, Accept-Language\" and performs authorization checks.
 --
 -- Since 1.2.0
 defaultYesodMiddleware :: Yesod site => HandlerT site IO res -> HandlerT site IO res
 defaultYesodMiddleware handler = do
    addHeader "Vary" "Accept, Accept-Language"
    authorizationCheck
    handler
 -- | Check if a given request is authorized via 'isAuthorized' and
 -- 'isWriteRequest'.
 --
 -- Since 1.2.0
 authorizationCheck :: Yesod site => HandlerT site IO ()
 authorizationCheck = do
    getCurrentRoute >>= maybe (return ()) checkUrl
  where
    checkUrl url = do
        isWrite <- isWriteRequest url
        ar <- isAuthorized url isWrite
        case ar of
            Authorized -> return ()
            AuthenticationRequired -> do
                master <- getYesod
                case authRoute master of
                    Nothing -> void $ notAuthenticated
                    Just url' -> do
                      void $ selectRep $ do
                          provideRepType typeHtml $ do
                              setUltDestCurrent
                              void $ redirect url'
                          provideRepType typeJson $
                              void $ notAuthenticated
            Unauthorized s' -> permissionDenied s'
 -- | Convert a widget to a 'PageContent'.
 widgetToPageContent :: (Eq (Route site), Yesod site)
                    => WidgetT site IO ()
                    -> HandlerT site IO (PageContent (Route site))
 widgetToPageContent w = do
    master <- getYesod
    hd <- HandlerT return
    ((), GWData (Body body) (Last mTitle) scripts' stylesheets' style jscript (Head head')) <- lift $ unWidgetT w hd
    let title = maybe mempty unTitle mTitle
        scripts = runUniqueList scripts'
        stylesheets = runUniqueList stylesheets'
    render <- getUrlRenderParams
    let renderLoc x =
            case x of
                Nothing -> Nothing
                Just (Left s) -> Just s
                Just (Right (u, p)) -> Just $ render u p
    css <- forM (Map.toList style) $ \(mmedia, content) -> do
        let rendered = toLazyText $ content render
        x <- addStaticContent "css" "text/css; charset=utf-8"
           $ encodeUtf8 rendered
        return (mmedia,
            case x of
                Nothing -> Left $ preEscapedToMarkup rendered
                Just y -> Right $ either id (uncurry render) y)
    jsLoc <-
        case jscript of
            Nothing -> return Nothing
            Just s -> do
                x <- addStaticContent "js" "text/javascript; charset=utf-8"
                   $ encodeUtf8 $ renderJavascriptUrl render s
                return $ renderLoc x
    -- modernizr should be at the end of the <head> http://www.modernizr.com/docs/#installing
    -- the asynchronous loader means your page doesn't have to wait for all the js to load
    let (mcomplete, asyncScripts) = asyncHelper render scripts jscript jsLoc
        regularScriptLoad = [hamlet|
            $newline never
            $forall s <- scripts
                ^{mkScriptTag s}
            $maybe j <- jscript
                $maybe s <- jsLoc
                    <script src="#{s}">
                $nothing
                    <script>^{jelper j}
        |]
        headAll = [hamlet|
            $newline never
            \^{head'}
            $forall s <- stylesheets
                ^{mkLinkTag s}
            $forall s <- css
                $maybe t <- right $ snd s
                    $maybe media <- fst s
                        <link rel=stylesheet media=#{media} href=#{t}>
                    $nothing
                        <link rel=stylesheet href=#{t}>
                $maybe content <- left $ snd s
                    $maybe media <- fst s
                        <style media=#{media}>#{content}
                    $nothing
                        <style>#{content}
            $case jsLoader master
              $of BottomOfBody
              $of BottomOfHeadAsync asyncJsLoader
                  ^{asyncJsLoader asyncScripts mcomplete}
              $of BottomOfHeadBlocking
                  ^{regularScriptLoad}
        |]
    let bodyScript = [hamlet|
            $newline never
            ^{body}
            ^{regularScriptLoad}
        |]
    return $ PageContent title headAll $
        case jsLoader master of
            BottomOfBody -> bodyScript
            _ -> body
  where
    renderLoc' render' (Local url) = render' url []
    renderLoc' _ (Remote s) = s
    addAttr x (y, z) = x ! customAttribute (textTag y) (toValue z)
    mkScriptTag (Script loc attrs) render' =
        foldl' addAttr TBH.script (("src", renderLoc' render' loc) : attrs) $ return ()
    mkLinkTag (Stylesheet loc attrs) render' =
        foldl' addAttr TBH.link
            ( ("rel", "stylesheet")
            : ("href", renderLoc' render' loc)
            : attrs
            )
    runUniqueList :: Eq x => UniqueList x -> [x]
    runUniqueList (UniqueList x) = nub $ x []
 -- | The default error handler for 'errorHandler'.
 defaultErrorHandler :: Yesod site => ErrorResponse -> HandlerT site IO TypedContent
 defaultErrorHandler NotFound = selectRep $ do
    provideRep $ defaultLayout $ do
        r <- waiRequest
        let path' = TE.decodeUtf8With TEE.lenientDecode $ W.rawPathInfo r
        setTitle "Not Found"
        toWidget [hamlet|
            <h1>Not Found
            <p>#{path'}
        |]
    provideRep $ return $ object ["message" .= ("Not Found" :: Text)]
 -- For API requests.
 -- For a user with a browser,
 -- if you specify an authRoute the user will be redirected there and
 -- this page will not be shown.
 defaultErrorHandler NotAuthenticated = selectRep $ do
    provideRep $ defaultLayout $ do
        setTitle "Not logged in"
        toWidget [hamlet|
            <h1>Not logged in
            <p style="display:none;">Set the authRoute and the user will be redirected there.
        |]
    provideRep $ do
        -- 401 *MUST* include a WWW-Authenticate header
        -- however, there is no standard to indicate a redirection
        --
        -- change this to Basic or Digest if you allow those forms of authentications
        addHeader "WWW-Authenticate" "RedirectJSON realm=\"application\", param=\"authentication_url\""
        -- The client will just use the authentication_url in the JSON
        site <- getYesod
        rend <- getUrlRender
        return $ object $ [
          "message" .= ("Not logged in"::Text)
          ] ++
          case authRoute site of
              Nothing -> []
              Just url -> ["authentication_url" .= rend url]
 defaultErrorHandler (PermissionDenied msg) = selectRep $ do
    provideRep $ defaultLayout $ do
        setTitle "Permission Denied"
        toWidget [hamlet|
            <h1>Permission denied
            <p>#{msg}
        |]
    provideRep $
        return $ object $ [
          "message" .= ("Permission Denied. " <> msg)
          ]
 defaultErrorHandler (InvalidArgs ia) = selectRep $ do
    provideRep $ defaultLayout $ do
        setTitle "Invalid Arguments"
        toWidget [hamlet|
            <h1>Invalid Arguments
            <ul>
                $forall msg <- ia
                    <li>#{msg}
        |]
    provideRep $ return $ object ["message" .= ("Invalid Arguments" :: Text), "errors" .= ia]
 defaultErrorHandler (InternalError e) = do
    $logErrorS "yesod-core" e
    selectRep $ do
        provideRep $ defaultLayout $ do
            setTitle "Internal Server Error"
            toWidget [hamlet|
                <h1>Internal Server Error
                <pre>#{e}
            |]
        provideRep $ return $ object ["message" .= ("Internal Server Error" :: Text), "error" .= e]
 defaultErrorHandler (BadMethod m) = selectRep $ do
    provideRep $ defaultLayout $ do
        setTitle"Bad Method"
        toWidget [hamlet|
            <h1>Method Not Supported
            <p>Method <code>#{S8.unpack m}</code> not supported
        |]
    provideRep $ return $ object ["message" .= ("Bad method" :: Text), "method" .= m]
 asyncHelper :: (url -> [x] -> Text)
         -> [Script (url)]
         -> Maybe (JavascriptUrl (url))
         -> Maybe Text
         -> (Maybe (HtmlUrl url), [Text])
 asyncHelper render scripts jscript jsLoc =
    (mcomplete, scripts'')
  where
    scripts' = map goScript scripts
    scripts'' =
        case jsLoc of
            Just s -> scripts' ++ [s]
            Nothing -> scripts'
    goScript (Script (Local url) _) = render url []
    goScript (Script (Remote s) _) = s
    mcomplete =
        case jsLoc of
            Just{} -> Nothing
            Nothing ->
                case jscript of
                    Nothing -> Nothing
                    Just j -> Just $ jelper j
 formatLogMessage :: IO ZonedDate
                 -> Loc
                 -> LogSource
                 -> LogLevel
                 -> LogStr -- ^ message
                 -> IO [LogStr]
 formatLogMessage getdate loc src level msg = do
    now <- getdate
    return
        [ LB now
        , LB " ["
        , LS $
            case level of
                LevelOther t -> T.unpack t
                _ -> drop 5 $ show level
        , LS $
            if T.null src
                then ""
                else "#" ++ T.unpack src
        , LB "] "
        , msg
        , LB " @("
        , LS $ fileLocationToString loc
        , LB ")\n"
        ]
 -- | Customize the cookies used by the session backend.  You may
 -- use this function on your definition of 'makeSessionBackend'.
 --
 -- For example, you could set the cookie domain so that it
 -- would work across many subdomains:
 --
 -- @
 -- makeSessionBackend = fmap (customizeSessionCookie addDomain) ...
 --   where
 --     addDomain cookie = cookie { 'setCookieDomain' = Just \".example.com\" }
 -- @
 --
 -- Default: Do not customize anything ('id').
 customizeSessionCookies :: (SetCookie -> SetCookie) -> (SessionBackend -> SessionBackend)
 customizeSessionCookies customizeCookie backend = backend'
  where
    customizeHeader (AddCookie cookie) = AddCookie (customizeCookie cookie)
    customizeHeader other              = other
    customizeSaveSession = (fmap . fmap . fmap) customizeHeader
    backend' =
      backend {
        sbLoadSession = \req ->
          second customizeSaveSession `fmap` sbLoadSession backend req
      }
 defaultClientSessionBackend :: Int -- ^ minutes
                            -> FilePath -- ^ key file
                            -> IO SessionBackend
 defaultClientSessionBackend minutes fp = do
  key <- CS.getKey fp
  let timeout = fromIntegral (minutes * 60)
  (getCachedDate, _closeDateCacher) <- clientSessionDateCacher timeout
  return $ clientSessionBackend key getCachedDate
 jsToHtml :: Javascript -> Html
 jsToHtml (Javascript b) = preEscapedToMarkup $ toLazyText b
 jelper :: JavascriptUrl url -> HtmlUrl url
 jelper = fmap jsToHtml
 left :: Either a b -> Maybe a
 left (Left x) = Just x
 left _ = Nothing
 right :: Either a b -> Maybe b
 right (Right x) = Just x
 right _ = Nothing
 clientSessionBackend :: CS.Key  -- ^ The encryption key
                     -> IO ClientSessionDateCache -- ^ See 'clientSessionDateCacher'
                     -> SessionBackend
 clientSessionBackend key getCachedDate =
  SessionBackend {
    sbLoadSession = loadClientSession key getCachedDate "_SESSION"
  }
 loadClientSession :: CS.Key
                  -> IO ClientSessionDateCache -- ^ See 'clientSessionDateCacher'
                  -> S8.ByteString -- ^ session name
                  -> W.Request
                  -> IO (SessionMap, SaveSession)
 loadClientSession key getCachedDate sessionName req = load
  where
    load = do
      date <- getCachedDate
      return (sess date, save date)
    sess date = fromMaybe Map.empty $ do
      raw <- lookup "Cookie" $ W.requestHeaders req
      val <- lookup sessionName $ parseCookies raw
      let host = "" -- fixme, properly lock sessions to client address
      decodeClientSession key date host val
    save date sess' = do
      -- We should never cache the IV!  Be careful!
      iv <- liftIO CS.randomIV
      return [AddCookie def
          { setCookieName = sessionName
          , setCookieValue = encodeClientSession key iv date host sess'
          , setCookiePath = Just "/"
          , setCookieExpires = Just (csdcExpires date)
          , setCookieDomain = Nothing
          , setCookieHttpOnly = True
          }]
        where
          host = "" -- fixme, properly lock sessions to client address
 -- taken from file-location package
 -- turn the TH Loc loaction information into a human readable string
 -- leaving out the loc_end parameter
 fileLocationToString :: Loc -> String
 fileLocationToString loc = (loc_package loc) ++ ':' : (loc_module loc) ++
  ' ' : (loc_filename loc) ++ ':' : (line loc) ++ ':' : (char loc)
  where
    line = show . fst . loc_start
    char = show . snd . loc_start
--- a/yesod-core/Yesod/Core/Handler.hs
+++ b/yesod-core/Yesod/Core/Handler.hs
--- a/yesod-core/Yesod/Core/Internal/Run.hs
+++ b/yesod-core/Yesod/Core/Internal/Run.hs
@ -1,286 +0,0 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE PatternGuards     #-}
 {-# LANGUAGE RankNTypes        #-}
 {-# LANGUAGE RecordWildCards   #-}
 {-# LANGUAGE TemplateHaskell   #-}
 {-# LANGUAGE FlexibleContexts  #-}
 module Yesod.Core.Internal.Run where
 import Yesod.Core.Internal.Response
 import           Blaze.ByteString.Builder     (toByteString)
 import           Control.Applicative          ((<$>))
 import           Control.Exception            (fromException)
 import           Control.Exception.Lifted     (catch)
 import           Control.Monad.IO.Class       (MonadIO)
 import           Control.Monad.IO.Class       (liftIO)
 import           Control.Monad.Logger         (LogLevel (LevelError), LogSource,
                                               liftLoc)
 import           Control.Monad.Trans.Resource (runResourceT, withInternalState, runInternalState)
 import qualified Data.ByteString              as S
 import qualified Data.ByteString.Char8        as S8
 import qualified Data.IORef                   as I
 import qualified Data.Map                     as Map
 import           Data.Maybe                   (isJust)
 import           Data.Maybe                   (fromMaybe)
 import           Data.Monoid                  (appEndo, mempty)
 import           Data.Text                    (Text)
 import qualified Data.Text                    as T
 import           Data.Text.Encoding           (encodeUtf8)
 import           Data.Text.Encoding           (decodeUtf8With)
 import           Data.Text.Encoding.Error     (lenientDecode)
 import           Language.Haskell.TH.Syntax   (Loc, qLocation)
 import qualified Network.HTTP.Types           as H
 import           Network.Wai
 import           Prelude                      hiding (catch)
 import           System.Log.FastLogger        (Logger)
 import           System.Log.FastLogger        (LogStr, toLogStr)
 import           System.Random                (newStdGen)
 import           Yesod.Core.Content
 import           Yesod.Core.Class.Yesod
 import           Yesod.Core.Types
 import           Yesod.Core.Internal.Request  (parseWaiRequest,
                                               tooLargeResponse)
 import           Yesod.Routes.Class           (Route, renderRoute)
 -- | Function used internally by Yesod in the process of converting a
 -- 'HandlerT' into an 'Application'. Should not be needed by users.
 runHandler :: ToTypedContent c
           => RunHandlerEnv site
           -> HandlerT site IO c
           -> YesodApp
 runHandler rhe@RunHandlerEnv {..} handler yreq = withInternalState $ \resState -> do
    let toErrorHandler e =
            case fromException e of
                Just (HCError x) -> x
                _ -> InternalError $ T.pack $ show e
    istate <- liftIO $ I.newIORef GHState
        { ghsSession = reqSession yreq
        , ghsRBC = Nothing
        , ghsIdent = 1
        , ghsCache = mempty
        , ghsHeaders = mempty
        }
    let hd = HandlerData
            { handlerRequest = yreq
            , handlerEnv     = rhe
            , handlerState   = istate
            , handlerToParent = const ()
            , handlerResource = resState
            }
    contents' <- catch (fmap Right $ unHandlerT handler hd)
        (\e -> return $ Left $ maybe (HCError $ toErrorHandler e) id
                      $ fromException e)
    state <- liftIO $ I.readIORef istate
    let finalSession = ghsSession state
    let headers = ghsHeaders state
    let contents = either id (HCContent H.status200 . toTypedContent) contents'
    let handleError e = flip runInternalState resState $ do
            yar <- rheOnError e yreq
                { reqSession = finalSession
                }
            case yar of
                YRPlain _ hs ct c sess ->
                    let hs' = appEndo headers hs
                     in return $ YRPlain (getStatus e) hs' ct c sess
                YRWai _ -> return yar
    let sendFile' ct fp p =
            return $ YRPlain H.status200 (appEndo headers []) ct (ContentFile fp p) finalSession
    case contents of
        HCContent status (TypedContent ct c) -> do
            ec' <- liftIO $ evaluateContent c
            case ec' of
                Left e -> handleError e
                Right c' -> return $ YRPlain status (appEndo headers []) ct c' finalSession
        HCError e -> handleError e
        HCRedirect status loc -> do
            let disable_caching x =
                      Header "Cache-Control" "no-cache, must-revalidate"
                    : Header "Expires" "Thu, 01 Jan 1970 05:05:05 GMT"
                    : x
                hs = (if status /= H.movedPermanently301 then disable_caching else id)
                      $ Header "Location" (encodeUtf8 loc) : appEndo headers []
            return $ YRPlain
                status hs typePlain emptyContent
                finalSession
        HCSendFile ct fp p -> catch
            (sendFile' ct fp p)
            (handleError . toErrorHandler)
        HCCreated loc -> do
            let hs = Header "Location" (encodeUtf8 loc) : appEndo headers []
            return $ YRPlain
                H.status201
                hs
                typePlain
                emptyContent
                finalSession
        HCWai r -> return $ YRWai r
 safeEh :: (Loc -> LogSource -> LogLevel -> LogStr -> IO ())
       -> ErrorResponse
       -> YesodApp
 safeEh log' er req = do
    liftIO $ log' $(qLocation >>= liftLoc) "yesod-core" LevelError
           $ toLogStr $ "Error handler errored out: " ++ show er
    return $ YRPlain
        H.status500
        []
        typePlain
        (toContent ("Internal Server Error" :: S.ByteString))
        (reqSession req)
 -- | Run a 'HandlerT' completely outside of Yesod.  This
 -- function comes with many caveats and you shouldn't use it
 -- unless you fully understand what it's doing and how it works.
 --
 -- As of now, there's only one reason to use this function at
 -- all: in order to run unit tests of functions inside 'HandlerT'
 -- but that aren't easily testable with a full HTTP request.
 -- Even so, it's better to use @wai-test@ or @yesod-test@ instead
 -- of using this function.
 --
 -- This function will create a fake HTTP request (both @wai@'s
 -- 'Request' and @yesod@'s 'Request') and feed it to the
 -- @HandlerT@.  The only useful information the @HandlerT@ may
 -- get from the request is the session map, which you must supply
 -- as argument to @runFakeHandler@.  All other fields contain
 -- fake information, which means that they can be accessed but
 -- won't have any useful information.  The response of the
 -- @HandlerT@ is completely ignored, including changes to the
 -- session, cookies or headers.  We only return you the
 -- @HandlerT@'s return value.
 runFakeHandler :: (Yesod site, MonadIO m) =>
                  SessionMap
               -> (site -> Logger)
               -> site
               -> HandlerT site IO a
               -> m (Either ErrorResponse a)
 runFakeHandler fakeSessionMap logger site handler = liftIO $ do
  ret <- I.newIORef (Left $ InternalError "runFakeHandler: no result")
  let handler' = do liftIO . I.writeIORef ret . Right =<< handler
                    return ()
  let yapp = runHandler
         RunHandlerEnv
            { rheRender = yesodRender site $ resolveApproot site fakeWaiRequest
            , rheRoute = Nothing
            , rheSite = site
            , rheUpload = fileUpload site
            , rheLog = messageLoggerSource site $ logger site
            , rheOnError = errHandler
            }
        handler'
      errHandler err req = do
          liftIO $ I.writeIORef ret (Left err)
          return $ YRPlain
                     H.status500
                     []
                     typePlain
                     (toContent ("runFakeHandler: errHandler" :: S8.ByteString))
                     (reqSession req)
      fakeWaiRequest =
        Request
          { requestMethod  = "POST"
          , httpVersion    = H.http11
          , rawPathInfo    = "/runFakeHandler/pathInfo"
          , rawQueryString = ""
          , serverName     = "runFakeHandler-serverName"
          , serverPort     = 80
          , requestHeaders = []
          , isSecure       = False
          , remoteHost     = error "runFakeHandler-remoteHost"
          , pathInfo       = ["runFakeHandler", "pathInfo"]
          , queryString    = []
          , requestBody    = mempty
          , vault          = mempty
          , requestBodyLength = KnownLength 0
          }
      fakeRequest =
        YesodRequest
          { reqGetParams  = []
          , reqCookies    = []
          , reqWaiRequest = fakeWaiRequest
          , reqLangs      = []
          , reqToken      = Just "NaN" -- not a nonce =)
          , reqAccept     = []
          , reqSession    = fakeSessionMap
          }
  _ <- runResourceT $ yapp fakeRequest
  I.readIORef ret
 {-# WARNING runFakeHandler "Usually you should *not* use runFakeHandler unless you really understand how it works and why you need it." #-}
 yesodRunner :: (ToTypedContent res, Yesod site)
            => HandlerT site IO res
            -> YesodRunnerEnv site
            -> Maybe (Route site)
            -> Application
 yesodRunner handler' YesodRunnerEnv {..} route req
  | Just maxLen <- mmaxLen, KnownLength len <- requestBodyLength req, maxLen < len = return tooLargeResponse
  | otherwise = do
    let dontSaveSession _ = return []
    (session, saveSession) <- liftIO $ do
        maybe (return (Map.empty, dontSaveSession)) (\sb -> sbLoadSession sb req) yreSessionBackend
    let mkYesodReq = parseWaiRequest req session (isJust yreSessionBackend) mmaxLen
    yreq <-
        case mkYesodReq of
            Left yreq -> return yreq
            Right needGen -> liftIO $ needGen <$> newStdGen
    let ra = resolveApproot yreSite req
    let log' = messageLoggerSource yreSite yreLogger
        -- We set up two environments: the first one has a "safe" error handler
        -- which will never throw an exception. The second one uses the
        -- user-provided errorHandler function. If that errorHandler function
        -- errors out, it will use the safeEh below to recover.
        rheSafe = RunHandlerEnv
            { rheRender = yesodRender yreSite ra
            , rheRoute = route
            , rheSite = yreSite
            , rheUpload = fileUpload yreSite
            , rheLog = log'
            , rheOnError = safeEh log'
            }
        rhe = rheSafe
            { rheOnError = runHandler rheSafe . errorHandler
            }
    yar <- runHandler rhe handler yreq
    liftIO $ yarToResponse yar saveSession yreq
  where
    mmaxLen = maximumContentLength yreSite route
    handler = yesodMiddleware handler'
 yesodRender :: Yesod y
            => y
            -> ResolvedApproot
            -> Route y
            -> [(Text, Text)] -- ^ url query string
            -> Text
 yesodRender y ar url params =
    decodeUtf8With lenientDecode $ toByteString $
    fromMaybe
        (joinPath y ar ps
          $ params ++ params')
        (urlRenderOverride y url)
  where
    (ps, params') = renderRoute url
 resolveApproot :: Yesod master => master -> Request -> ResolvedApproot
 resolveApproot master req =
    case approot of
        ApprootRelative -> ""
        ApprootStatic t -> t
        ApprootMaster f -> f master
        ApprootRequest f -> f master req
 stripHandlerT :: HandlerT child (HandlerT parent m) a
              -> (parent -> child)
              -> (Route child -> Route parent)
              -> Maybe (Route child)
              -> HandlerT parent m a
 stripHandlerT (HandlerT f) getSub toMaster newRoute = HandlerT $ \hd -> do
    let env = handlerEnv hd
    ($ hd) $ unHandlerT $ f hd
        { handlerEnv = env
            { rheSite = getSub $ rheSite env
            , rheRoute = newRoute
            , rheRender = \url params -> rheRender env (toMaster url) params
            }
        , handlerToParent = toMaster
        }
--- a/yesod-core/Yesod/Core/Internal/TH.hs
+++ b/yesod-core/Yesod/Core/Internal/TH.hs
@ -1,136 +0,0 @@
 {-# LANGUAGE TemplateHaskell #-}
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE TypeFamilies #-}
 {-# LANGUAGE FlexibleInstances #-}
 {-# LANGUAGE MultiParamTypeClasses #-}
 module Yesod.Core.Internal.TH where
 import Prelude hiding (exp)
 import Yesod.Core.Handler
 import Language.Haskell.TH
 import Language.Haskell.TH.Syntax
 import qualified Network.Wai as W
 import Data.ByteString.Lazy.Char8 ()
 import Data.List (foldl')
 import Yesod.Routes.TH
 import Yesod.Routes.Parse
 import Yesod.Core.Types
 import Yesod.Core.Content
 import Yesod.Core.Class.Dispatch
 import Yesod.Core.Internal.Run
 -- | Generates URL datatype and site function for the given 'Resource's. This
 -- is used for creating sites, /not/ subsites. See 'mkYesodSub' for the latter.
 -- Use 'parseRoutes' to create the 'Resource's.
 mkYesod :: String -- ^ name of the argument datatype
        -> [ResourceTree String]
        -> Q [Dec]
 mkYesod name = fmap (uncurry (++)) . mkYesodGeneral name [] False
 -- | Sometimes, you will want to declare your routes in one file and define
 -- your handlers elsewhere. For example, this is the only way to break up a
 -- monolithic file into smaller parts. Use this function, paired with
 -- 'mkYesodDispatch', to do just that.
 mkYesodData :: String -> [ResourceTree String] -> Q [Dec]
 mkYesodData name res = mkYesodDataGeneral name False res
 mkYesodSubData :: String -> [ResourceTree String] -> Q [Dec]
 mkYesodSubData name res = mkYesodDataGeneral name True res
 mkYesodDataGeneral :: String -> Bool -> [ResourceTree String] -> Q [Dec]
 mkYesodDataGeneral name isSub res = do
    let (name':rest) = words name
    fmap fst $ mkYesodGeneral name' rest isSub res
 -- | See 'mkYesodData'.
 mkYesodDispatch :: String -> [ResourceTree String] -> Q [Dec]
 mkYesodDispatch name = fmap snd . mkYesodGeneral name [] False
 -- | Get the Handler and Widget type synonyms for the given site.
 masterTypeSyns :: Type -> [Dec]
 masterTypeSyns site =
    [ TySynD (mkName "Handler") []
      $ ConT ''HandlerT `AppT` site `AppT` ConT ''IO
    , TySynD (mkName "Widget")  []
      $ ConT ''WidgetT `AppT` site `AppT` ConT ''IO `AppT` ConT ''()
    ]
 mkYesodGeneral :: String                   -- ^ foundation type
               -> [String]                 -- ^ arguments for the type
               -> Bool                     -- ^ it this a subsite
               -> [ResourceTree String]
               -> Q([Dec],[Dec])
 mkYesodGeneral name args isSub resS = do
    renderRouteDec <- mkRenderRouteInstance site res
    routeAttrsDec  <- mkRouteAttrsInstance site res
    dispatchDec    <- mkDispatchInstance site res
    parse <- mkParseRouteInstance site res
    let rname = mkName $ "resources" ++ name
    eres <- lift resS
    let resourcesDec =
            [ SigD rname $ ListT `AppT` (ConT ''ResourceTree `AppT` ConT ''String)
            , FunD rname [Clause [] (NormalB eres) []]
            ]
    let dataDec = concat
            [ [parse]
            , renderRouteDec
            , [routeAttrsDec]
            , resourcesDec
            , if isSub then [] else masterTypeSyns site
            ]
    return (dataDec, dispatchDec)
  where site    = foldl' AppT (ConT $ mkName name) (map (VarT . mkName) args)
        res     = map (fmap parseType) resS
 mkMDS :: Q Exp -> MkDispatchSettings
 mkMDS rh = MkDispatchSettings
    { mdsRunHandler = rh
    , mdsSubDispatcher =
        [|\parentRunner getSub toParent env -> yesodSubDispatch
                                 YesodSubRunnerEnv
                                    { ysreParentRunner = parentRunner
                                    , ysreGetSub = getSub
                                    , ysreToParentRoute = toParent
                                    , ysreParentEnv = env
                                    }
                              |]
    , mdsGetPathInfo = [|W.pathInfo|]
    , mdsSetPathInfo = [|\p r -> r { W.pathInfo = p }|]
    , mdsMethod = [|W.requestMethod|]
    , mds404 = [|notFound >> return ()|]
    , mds405 = [|badMethod >> return ()|]
    , mdsGetHandler = defaultGetHandler
    }
 -- | If the generation of @'YesodDispatch'@ instance require finer
 -- control of the types, contexts etc. using this combinator. You will
 -- hardly need this generality. However, in certain situations, like
 -- when writing library/plugin for yesod, this combinator becomes
 -- handy.
 mkDispatchInstance :: Type                -- ^ The master site type
                   -> [ResourceTree a]    -- ^ The resource
                   -> DecsQ
 mkDispatchInstance master res = do
    clause' <- mkDispatchClause (mkMDS [|yesodRunner|]) res
    let thisDispatch = FunD 'yesodDispatch [clause']
    return [InstanceD [] yDispatch [thisDispatch]]
  where
    yDispatch = ConT ''YesodDispatch `AppT` master
 mkYesodSubDispatch :: [ResourceTree a] -> Q Exp
 mkYesodSubDispatch res = do
    clause' <- mkDispatchClause (mkMDS [|subHelper . fmap toTypedContent|]) res
    inner <- newName "inner"
    let innerFun = FunD inner [clause']
    helper <- newName "helper"
    let fun = FunD helper
                [ Clause
                    []
                    (NormalB $ VarE inner)
                    [innerFun]
                ]
    return $ LetE [fun] (VarE helper)
--- a/yesod-core/Yesod/Core/Json.hs
+++ b/yesod-core/Yesod/Core/Json.hs
@ -1,130 +0,0 @@
 {-# LANGUAGE TypeSynonymInstances, OverloadedStrings #-}
 {-# OPTIONS_GHC -fno-warn-orphans #-}
 module Yesod.Core.Json
    ( -- * Convert from a JSON value
      defaultLayoutJson
    , jsonToRepJson
    , returnJson
    , provideJson
      -- * Convert to a JSON value
    , parseJsonBody
    , parseJsonBody_
      -- * Produce JSON values
    , J.Value (..)
    , J.ToJSON (..)
    , J.FromJSON (..)
    , array
    , object
    , (.=)
    , (J..:)
      -- * Convenience functions
    , jsonOrRedirect
    , acceptsJson
    ) where
 import Yesod.Core.Handler (HandlerT, getRequest, invalidArgs, redirect, selectRep, provideRep, rawRequestBody, ProvidedRep)
 import Control.Monad.Trans.Writer (Writer)
 import Data.Monoid (Endo)
 import Yesod.Core.Content (TypedContent)
 import Yesod.Core.Types (reqAccept)
 import Yesod.Core.Class.Yesod (defaultLayout, Yesod)
 import Yesod.Core.Class.Handler
 import Yesod.Core.Widget (WidgetT)
 import Yesod.Routes.Class
 import qualified Data.Aeson as J
 import qualified Data.Aeson.Parser as JP
 import Data.Aeson ((.=), object)
 import Data.Conduit.Attoparsec (sinkParser)
 import Data.Text (pack)
 import qualified Data.Vector as V
 import Data.Conduit
 import qualified Data.ByteString.Char8 as B8
 import Data.Maybe (listToMaybe)
 import Control.Monad (liftM)
 -- | Provide both an HTML and JSON representation for a piece of
 -- data, using the default layout for the HTML output
 -- ('defaultLayout').
 --
 -- /Since: 0.3.0/
 defaultLayoutJson :: (Yesod site, J.ToJSON a)
                  => WidgetT site IO ()  -- ^ HTML
                  -> HandlerT site IO a  -- ^ JSON
                  -> HandlerT site IO TypedContent
 defaultLayoutJson w json = selectRep $ do
    provideRep $ defaultLayout w
    provideRep $ fmap J.toJSON json
 -- | Wraps a data type in a 'RepJson'.  The data type must
 -- support conversion to JSON via 'J.ToJSON'.
 --
 -- /Since: 0.3.0/
 jsonToRepJson :: (Monad m, J.ToJSON a) => a -> m J.Value
 jsonToRepJson = return . J.toJSON
 {-# DEPRECATED jsonToRepJson "Use returnJson instead" #-}
 -- | Convert a value to a JSON representation via aeson\'s 'J.toJSON' function.
 --
 -- Since 1.2.1
 returnJson :: (Monad m, J.ToJSON a) => a -> m J.Value
 returnJson = return . J.toJSON
 -- | Provide a JSON representation for usage with 'selectReps', using aeson\'s
 -- 'J.toJSON' function to perform the conversion.
 --
 -- Since 1.2.1
 provideJson :: (Monad m, J.ToJSON a) => a -> Writer (Endo [ProvidedRep m]) ()
 provideJson = provideRep . return . J.toJSON
 -- | Parse the request body to a data type as a JSON value.  The
 -- data type must support conversion from JSON via 'J.FromJSON'.
 -- If you want the raw JSON value, just ask for a @'J.Result'
 -- 'J.Value'@.
 --
 -- /Since: 0.3.0/
 parseJsonBody :: (MonadHandler m, J.FromJSON a) => m (J.Result a)
 parseJsonBody = do
    eValue <- runExceptionT $ rawRequestBody $$ sinkParser JP.value'
    return $ case eValue of
        Left e -> J.Error $ show e
        Right value -> J.fromJSON value
 -- | Same as 'parseJsonBody', but return an invalid args response on a parse
 -- error.
 parseJsonBody_ :: (MonadHandler m, J.FromJSON a) => m a
 parseJsonBody_ = do
    ra <- parseJsonBody
    case ra of
        J.Error s -> invalidArgs [pack s]
        J.Success a -> return a
 -- | Convert a list of values to an 'J.Array'.
 array :: J.ToJSON a => [a] -> J.Value
 array = J.Array . V.fromList . map J.toJSON
 -- | jsonOrRedirect simplifies the scenario where a POST handler sends a different
 -- response based on Accept headers:
 --
 --     1. 200 with JSON data if the client prefers
 --     @application\/json@ (e.g. AJAX, see 'acceptsJSON').
 --
 --     2. 3xx otherwise, following the PRG pattern.
 jsonOrRedirect :: (MonadHandler m, J.ToJSON a)
               => Route (HandlerSite m) -- ^ Redirect target
               -> a            -- ^ Data to send via JSON
               -> m J.Value
 jsonOrRedirect r j = do
    q <- acceptsJson
    if q then return (J.toJSON j)
         else redirect r
 -- | Returns @True@ if the client prefers @application\/json@ as
 -- indicated by the @Accept@ HTTP header.
 acceptsJson :: MonadHandler m => m Bool
 acceptsJson =  (maybe False ((== "application/json") . B8.takeWhile (/= ';'))
            .  listToMaybe
            .  reqAccept)
           `liftM` getRequest
--- a/yesod-core/Yesod/Core/Types.hs
+++ b/yesod-core/Yesod/Core/Types.hs
@ -1,447 +0,0 @@
 {-# LANGUAGE DeriveDataTypeable         #-}
 {-# LANGUAGE TupleSections #-}
 {-# LANGUAGE FlexibleInstances          #-}
 {-# LANGUAGE GeneralizedNewtypeDeriving #-}
 {-# LANGUAGE MultiParamTypeClasses      #-}
 {-# LANGUAGE TypeFamilies               #-}
 {-# LANGUAGE UndecidableInstances #-}
 module Yesod.Core.Types where
 import qualified Blaze.ByteString.Builder           as BBuilder
 import qualified Blaze.ByteString.Builder.Char.Utf8
 import           Control.Applicative                (Applicative (..))
 import           Control.Applicative                ((<$>))
 import           Control.Arrow                      (first)
 import           Control.Exception                  (Exception)
 import           Control.Monad                      (liftM, ap)
 import           Control.Monad.Base                 (MonadBase (liftBase))
 import           Control.Monad.IO.Class             (MonadIO (liftIO))
 import           Control.Monad.Logger               (LogLevel, LogSource,
                                                     MonadLogger (..))
 import           Control.Monad.Trans.Control        (MonadBaseControl (..))
 import           Control.Monad.Trans.Resource       (MonadResource (..), InternalState, runInternalState)
 import           Data.ByteString                    (ByteString)
 import qualified Data.ByteString.Lazy               as L
 import           Data.Conduit                       (Flush, MonadThrow (..),
                                                     MonadUnsafeIO (..),
                                                     ResourceT, Source)
 import           Data.Dynamic                       (Dynamic)
 import           Data.IORef                         (IORef)
 import           Data.Map                           (Map, unionWith)
 import qualified Data.Map                           as Map
 import           Data.Monoid                        (Endo (..), Last (..),
                                                     Monoid (..))
 import           Data.Serialize                     (Serialize (..),
                                                     putByteString)
 import           Data.String                        (IsString (fromString))
 import           Data.Text                          (Text)
 import qualified Data.Text                          as T
 import qualified Data.Text.Lazy.Builder             as TBuilder
 import           Data.Time                          (UTCTime)
 import           Data.Typeable                      (Typeable)
 import           Data.Typeable                      (TypeRep)
 import           Language.Haskell.TH.Syntax         (Loc)
 import qualified Network.HTTP.Types                 as H
 import           Network.Wai                        (FilePart,
                                                     RequestBodyLength)
 import qualified Network.Wai                        as W
 import qualified Network.Wai.Parse                  as NWP
 import           System.Log.FastLogger              (LogStr, Logger, toLogStr)
 import           Text.Blaze.Html                    (Html)
 import           Text.Hamlet                        (HtmlUrl)
 import           Text.Julius                        (JavascriptUrl)
 import           Web.Cookie                         (SetCookie)
 import           Yesod.Core.Internal.Util           (getTime, putTime)
 import           Control.Monad.Trans.Class          (MonadTrans (..))
 import           Yesod.Routes.Class                 (RenderRoute (..), ParseRoute (..))
 -- Sessions
 type SessionMap = Map Text ByteString
 type SaveSession = SessionMap -- ^ The session contents after running the handler
                -> IO [Header]
 newtype SessionBackend = SessionBackend
    { sbLoadSession :: W.Request
                    -> IO (SessionMap, SaveSession) -- ^ Return the session data and a function to save the session
    }
 data SessionCookie = SessionCookie (Either UTCTime ByteString) ByteString SessionMap
    deriving (Show, Read)
 instance Serialize SessionCookie where
    put (SessionCookie a b c) = do
        either putTime putByteString a
        put b
        put (map (first T.unpack) $ Map.toList c)
    get = do
        a <- getTime
        b <- get
        c <- map (first T.pack) <$> get
        return $ SessionCookie (Left a) b (Map.fromList c)
 data ClientSessionDateCache =
  ClientSessionDateCache {
    csdcNow               :: !UTCTime
  , csdcExpires           :: !UTCTime
  , csdcExpiresSerialized :: !ByteString
  } deriving (Eq, Show)
 -- | The parsed request information. This type augments the standard WAI
 -- 'W.Request' with additional information.
 data YesodRequest = YesodRequest
    { reqGetParams  :: ![(Text, Text)]
      -- ^ Same as 'W.queryString', but decoded to @Text@.
    , reqCookies    :: ![(Text, Text)]
    , reqWaiRequest :: !W.Request
    , reqLangs      :: ![Text]
      -- ^ Languages which the client supports. This is an ordered list by preference.
    , reqToken      :: !(Maybe Text)
      -- ^ A random, session-specific token used to prevent CSRF attacks.
    , reqSession    :: !SessionMap
      -- ^ Initial session sent from the client.
      --
      -- Since 1.2.0
    , reqAccept     :: ![ContentType]
      -- ^ An ordered list of the accepted content types.
      --
      -- Since 1.2.0
    }
 -- | An augmented WAI 'W.Response'. This can either be a standard @Response@,
 -- or a higher-level data structure which Yesod will turn into a @Response@.
 data YesodResponse
    = YRWai !W.Response
    | YRPlain !H.Status ![Header] !ContentType !Content !SessionMap
 -- | A tuple containing both the POST parameters and submitted files.
 type RequestBodyContents =
    ( [(Text, Text)]
    , [(Text, FileInfo)]
    )
 data FileInfo = FileInfo
    { fileName        :: !Text
    , fileContentType :: !Text
    , fileSourceRaw   :: !(Source (ResourceT IO) ByteString)
    , fileMove        :: !(FilePath -> IO ())
    }
 data FileUpload = FileUploadMemory !(NWP.BackEnd L.ByteString)
                | FileUploadDisk !(NWP.BackEnd FilePath)
                | FileUploadSource !(NWP.BackEnd (Source (ResourceT IO) ByteString))
 -- | How to determine the root of the application for constructing URLs.
 --
 -- Note that future versions of Yesod may add new constructors without bumping
 -- the major version number. As a result, you should /not/ pattern match on
 -- @Approot@ values.
 data Approot master = ApprootRelative -- ^ No application root.
                    | ApprootStatic !Text
                    | ApprootMaster !(master -> Text)
                    | ApprootRequest !(master -> W.Request -> Text)
 type ResolvedApproot = Text
 data AuthResult = Authorized | AuthenticationRequired | Unauthorized Text
    deriving (Eq, Show, Read)
 data ScriptLoadPosition master
    = BottomOfBody
    | BottomOfHeadBlocking
    | BottomOfHeadAsync (BottomOfHeadAsync master)
 type BottomOfHeadAsync master
       = [Text] -- ^ urls to load asynchronously
      -> Maybe (HtmlUrl (Route master)) -- ^ widget of js to run on async completion
      -> (HtmlUrl (Route master)) -- ^ widget to insert at the bottom of <head>
 newtype Cache = Cache (Map TypeRep Dynamic)
    deriving Monoid
 type Texts = [Text]
 -- | Wrap up a normal WAI application as a Yesod subsite.
 newtype WaiSubsite = WaiSubsite { runWaiSubsite :: W.Application }
 data RunHandlerEnv site = RunHandlerEnv
    { rheRender   :: !(Route site -> [(Text, Text)] -> Text)
    , rheRoute    :: !(Maybe (Route site))
    , rheSite     :: !site
    , rheUpload   :: !(RequestBodyLength -> FileUpload)
    , rheLog      :: !(Loc -> LogSource -> LogLevel -> LogStr -> IO ())
    , rheOnError  :: !(ErrorResponse -> YesodApp)
      -- ^ How to respond when an error is thrown internally.
      --
      -- Since 1.2.0
    }
 data HandlerData site parentRoute = HandlerData
    { handlerRequest  :: !YesodRequest
    , handlerEnv      :: !(RunHandlerEnv site)
    , handlerState    :: !(IORef GHState)
    , handlerToParent :: !(Route site -> parentRoute)
    , handlerResource :: !InternalState
    }
 data YesodRunnerEnv site = YesodRunnerEnv
    { yreLogger         :: !Logger
    , yreSite           :: !site
    , yreSessionBackend :: !(Maybe SessionBackend)
    }
 data YesodSubRunnerEnv sub parent parentMonad = YesodSubRunnerEnv
    { ysreParentRunner  :: !(ParentRunner parent parentMonad)
    , ysreGetSub        :: !(parent -> sub)
    , ysreToParentRoute :: !(Route sub -> Route parent)
    , ysreParentEnv     :: !(YesodRunnerEnv parent) -- FIXME maybe get rid of this and remove YesodRunnerEnv in ParentRunner?
    }
 type ParentRunner parent m
    = m TypedContent
   -> YesodRunnerEnv parent
   -> Maybe (Route parent)
   -> W.Application
 -- | A generic handler monad, which can have a different subsite and master
 -- site. We define a newtype for better error message.
 newtype HandlerT site m a = HandlerT
    { unHandlerT :: HandlerData site (MonadRoute m) -> m a
    }
 type family MonadRoute (m :: * -> *)
 type instance MonadRoute IO = ()
 type instance MonadRoute (HandlerT site m) = (Route site)
 data GHState = GHState
    { ghsSession :: SessionMap
    , ghsRBC     :: Maybe RequestBodyContents
    , ghsIdent   :: Int
    , ghsCache   :: Cache
    , ghsHeaders :: Endo [Header]
    }
 -- | An extension of the basic WAI 'W.Application' datatype to provide extra
 -- features needed by Yesod. Users should never need to use this directly, as
 -- the 'HandlerT' monad and template haskell code should hide it away.
 type YesodApp = YesodRequest -> ResourceT IO YesodResponse
 -- | A generic widget, allowing specification of both the subsite and master
 -- site datatypes. While this is simply a @WriterT@, we define a newtype for
 -- better error messages.
 newtype WidgetT site m a = WidgetT
    { unWidgetT :: HandlerData site (MonadRoute m) -> m (a, GWData (Route site))
    }
 instance (a ~ (), Monad m) => Monoid (WidgetT site m a) where
    mempty = return ()
    mappend x y = x >> y
 type RY master = Route master -> [(Text, Text)] -> Text
 -- | Newtype wrapper allowing injection of arbitrary content into CSS.
 --
 -- Usage:
 --
 -- > toWidget $ CssBuilder "p { color: red }"
 --
 -- Since: 1.1.3
 newtype CssBuilder = CssBuilder { unCssBuilder :: TBuilder.Builder }
 -- | Content for a web page. By providing this datatype, we can easily create
 -- generic site templates, which would have the type signature:
 --
 -- > PageContent url -> HtmlUrl url
 data PageContent url = PageContent
    { pageTitle :: Html
    , pageHead  :: HtmlUrl url
    , pageBody  :: HtmlUrl url
    }
 data Content = ContentBuilder !BBuilder.Builder !(Maybe Int) -- ^ The content and optional content length.
             | ContentSource !(Source (ResourceT IO) (Flush BBuilder.Builder))
             | ContentFile !FilePath !(Maybe FilePart)
             | ContentDontEvaluate !Content
 data TypedContent = TypedContent !ContentType !Content
 type RepHtml = Html
 {-# DEPRECATED RepHtml "Please use Html instead" #-}
 newtype RepJson = RepJson Content
 newtype RepPlain = RepPlain Content
 newtype RepXml = RepXml Content
 type ContentType = ByteString -- FIXME Text?
 -- | Prevents a response body from being fully evaluated before sending the
 -- request.
 --
 -- Since 1.1.0
 newtype DontFullyEvaluate a = DontFullyEvaluate { unDontFullyEvaluate :: a }
 -- | Responses to indicate some form of an error occurred. These are different
 -- from 'SpecialResponse' in that they allow for custom error pages.
 data ErrorResponse =
      NotFound
    | InternalError Text
    | InvalidArgs [Text]
    | NotAuthenticated
    | PermissionDenied Text
    | BadMethod H.Method
    deriving (Show, Eq, Typeable)
 ----- header stuff
 -- | Headers to be added to a 'Result'.
 data Header =
    AddCookie SetCookie
    | DeleteCookie ByteString ByteString
    | Header ByteString ByteString
    deriving (Eq, Show)
 data Location url = Local url | Remote Text
    deriving (Show, Eq)
 -- | A diff list that does not directly enforce uniqueness.
 -- When creating a widget Yesod will use nub to make it unique.
 newtype UniqueList x = UniqueList ([x] -> [x])
 data Script url = Script { scriptLocation :: Location url, scriptAttributes :: [(Text, Text)] }
    deriving (Show, Eq)
 data Stylesheet url = Stylesheet { styleLocation :: Location url, styleAttributes :: [(Text, Text)] }
    deriving (Show, Eq)
 newtype Title = Title { unTitle :: Html }
 newtype Head url = Head (HtmlUrl url)
    deriving Monoid
 newtype Body url = Body (HtmlUrl url)
    deriving Monoid
 type CssBuilderUrl a = (a -> [(Text, Text)] -> Text) -> TBuilder.Builder
 data GWData a = GWData
    { gwdBody        :: !(Body a)
    , gwdTitle       :: !(Last Title)
    , gwdScripts     :: !(UniqueList (Script a))
    , gwdStylesheets :: !(UniqueList (Stylesheet a))
    , gwdCss         :: !(Map (Maybe Text) (CssBuilderUrl a)) -- media type
    , gwdJavascript  :: !(Maybe (JavascriptUrl a))
    , gwdHead        :: !(Head a)
    }
 instance Monoid (GWData a) where
    mempty = GWData mempty mempty mempty mempty mempty mempty mempty
    mappend (GWData a1 a2 a3 a4 a5 a6 a7)
            (GWData b1 b2 b3 b4 b5 b6 b7) = GWData
        (a1 `mappend` b1)
        (a2 `mappend` b2)
        (a3 `mappend` b3)
        (a4 `mappend` b4)
        (unionWith mappend a5 b5)
        (a6 `mappend` b6)
        (a7 `mappend` b7)
 data HandlerContents =
      HCContent H.Status !TypedContent
    | HCError ErrorResponse
    | HCSendFile ContentType FilePath (Maybe FilePart)
    | HCRedirect H.Status Text
    | HCCreated Text
    | HCWai W.Response
    deriving Typeable
 instance Show HandlerContents where
    show (HCContent status (TypedContent t _)) = "HCContent " ++ show (status, t)
    show (HCError e) = "HCError " ++ show e
    show (HCSendFile ct fp mfp) = "HCSendFile " ++ show (ct, fp, mfp)
    show (HCRedirect s t) = "HCRedirect " ++ show (s, t)
    show (HCCreated t) = "HCCreated " ++ show t
    show (HCWai _) = "HCWai"
 instance Exception HandlerContents
 -- Instances for WidgetT
 instance Monad m => Functor (WidgetT site m) where
    fmap = liftM
 instance Monad m => Applicative (WidgetT site m) where
    pure = return
    (<*>) = ap
 instance Monad m => Monad (WidgetT site m) where
    return a = WidgetT $ const $ return (a, mempty)
    WidgetT x >>= f = WidgetT $ \r -> do
        (a, wa) <- x r
        (b, wb) <- unWidgetT (f a) r
        return (b, wa `mappend` wb)
 instance MonadIO m => MonadIO (WidgetT site m) where
    liftIO = lift . liftIO
 instance MonadBase b m => MonadBase b (WidgetT site m) where
    liftBase = WidgetT . const . liftBase . fmap (, mempty)
 instance MonadBaseControl b m => MonadBaseControl b (WidgetT site m) where
    data StM (WidgetT site m) a = StW (StM m (a, GWData (Route site)))
    liftBaseWith f = WidgetT $ \reader ->
        liftBaseWith $ \runInBase ->
            liftM (\x -> (x, mempty))
            (f $ liftM StW . runInBase . flip unWidgetT reader)
    restoreM (StW base) = WidgetT $ const $ restoreM base
 instance MonadTrans (WidgetT site) where
    lift = WidgetT . const . liftM (, mempty)
 instance MonadThrow m => MonadThrow (WidgetT site m) where
    monadThrow = lift . monadThrow
 instance (Applicative m, MonadIO m, MonadUnsafeIO m, MonadThrow m) => MonadResource (WidgetT site m) where
    liftResourceT f = WidgetT $ \hd -> liftIO $ fmap (, mempty) $ runInternalState f (handlerResource hd)
 instance MonadIO m => MonadLogger (WidgetT site m) where
    monadLoggerLog a b c d = WidgetT $ \hd ->
        liftIO $ fmap (, mempty) $ rheLog (handlerEnv hd) a b c (toLogStr d)
 instance MonadTrans (HandlerT site) where
    lift = HandlerT . const
 -- Instances for HandlerT
 instance Monad m => Functor (HandlerT site m) where
    fmap = liftM
 instance Monad m => Applicative (HandlerT site m) where
    pure = return
    (<*>) = ap
 instance Monad m => Monad (HandlerT site m) where
    return = HandlerT . const . return
    HandlerT x >>= f = HandlerT $ \r -> x r >>= \x' -> unHandlerT (f x') r
 instance MonadIO m => MonadIO (HandlerT site m) where
    liftIO = lift . liftIO
 instance MonadBase b m => MonadBase b (HandlerT site m) where
    liftBase = lift . liftBase
 -- | Note: although we provide a @MonadBaseControl@ instance, @lifted-base@'s
 -- @fork@ function is incompatible with the underlying @ResourceT@ system.
 -- Instead, if you must fork a separate thread, you should use
 -- @resourceForkIO@.
 --
 -- Using fork usually leads to an exception that says
 -- \"Control.Monad.Trans.Resource.register\': The mutable state is being accessed
 -- after cleanup. Please contact the maintainers.\"
 instance MonadBaseControl b m => MonadBaseControl b (HandlerT site m) where
    data StM (HandlerT site m) a = StH (StM m a)
    liftBaseWith f = HandlerT $ \reader ->
        liftBaseWith $ \runInBase ->
            f $ liftM StH . runInBase . (\(HandlerT r) -> r reader)
    restoreM (StH base) = HandlerT $ const $ restoreM base
 instance MonadThrow m => MonadThrow (HandlerT site m) where
    monadThrow = lift . monadThrow
 instance (MonadIO m, MonadUnsafeIO m, MonadThrow m) => MonadResource (HandlerT site m) where
    liftResourceT f = HandlerT $ \hd -> liftIO $ runInternalState f (handlerResource hd)
 instance MonadIO m => MonadLogger (HandlerT site m) where
    monadLoggerLog a b c d = HandlerT $ \hd ->
        liftIO $ rheLog (handlerEnv hd) a b c (toLogStr d)
 instance Monoid (UniqueList x) where
    mempty = UniqueList id
    UniqueList x `mappend` UniqueList y = UniqueList $ x . y
 instance IsString Content where
    fromString = flip ContentBuilder Nothing . Blaze.ByteString.Builder.Char.Utf8.fromString
 instance RenderRoute WaiSubsite where
    data Route WaiSubsite = WaiSubsiteRoute [Text] [(Text, Text)]
        deriving (Show, Eq, Read, Ord)
    renderRoute (WaiSubsiteRoute ps qs) = (ps, qs)
 instance ParseRoute WaiSubsite where
    parseRoute (x, y) = Just $ WaiSubsiteRoute x y
--- a/yesod-core/bench/THHelper.hs
+++ b/yesod-core/bench/THHelper.hs
@ -0,0 +1,24 @@
 {-# LANGUAGE TemplateHaskell, QuasiQuotes #-}
 module THHelper where
 import Language.Haskell.TH.Syntax
 import Data.Char (toLower)
 import Yesod.Routes.TH
 import Yesod.Routes.Parse
 settings = MkDispatchSettings
    [|\w x y z -> (w, x, y, z)|]
    [|undefined|]
    [|fst|]
    [|\x (_, y) -> (x, y)|]
    [|snd|]
    [|Nothing|]
    [|Nothing|]
    (\(Just method) name -> return $ VarE $ mkName $ map toLower method ++ name)
 resources = [parseRoutes|
 / HomeR GET
 /foo FooR GET
 /bar/#Int BarR GET
 /baz BazR GET
 |]
--- a/yesod-core/bench/non-th.hs
+++ b/yesod-core/bench/non-th.hs
@ -0,0 +1,75 @@
 {-# LANGUAGE OverloadedStrings #-}
 import Yesod.Routes.Dispatch
 import Data.Text (Text, words)
 import Prelude hiding (words)
 import Web.PathPieces
 import Criterion.Main
 import Control.DeepSeq
 import Control.Monad (forM_, unless)
 data TestRoute = Foo | Bar !Int | Baz
    deriving Eq
 instance NFData TestRoute
 samples = take 10000 $ cycle
    [ words "foo"
    , words "foo bar"
    , words ""
    , words "bar baz"
    , words "bar 4"
    , words "bar 1234566789"
    , words "baz"
    , words "baz 4"
    , words "something else"
    ]
 simple :: [Text] -> Maybe TestRoute
 simple ["foo"] = Just Foo
 simple ["bar", x] = fmap Bar (fromPathPiece x)
 simple ["baz"] = Just Baz
 simple ["FOO"] = Just Foo
 simple ["BAR", x] = fmap Bar (fromPathPiece x)
 simple ["BAZ"] = Just Baz
 simple ["Foo"] = Just Foo
 simple ["Bar", x] = fmap Bar (fromPathPiece x)
 simple ["Baz"] = Just Baz
 simple ["Xfoo"] = Just Foo
 simple ["Xbar", x] = fmap Bar (fromPathPiece x)
 simple ["Xbaz"] = Just Baz
 simple ["XFOO"] = Just Foo
 simple ["XBAR", x] = fmap Bar (fromPathPiece x)
 simple ["XBAZ"] = Just Baz
 simple ["XFoo"] = Just Foo
 simple ["XBar", x] = fmap Bar (fromPathPiece x)
 simple ["XBaz"] = Just Baz
 simple _ = Nothing
 dispatch :: [Text] -> Maybe TestRoute
 dispatch = toDispatch
    [ Route [Static "foo"] False (const (Just Foo))
    , Route [Static "bar", Dynamic] False (\[_, x] -> (fmap Bar (fromPathPiece x)))
    , Route [Static "baz"] False (const (Just Baz))
    , Route [Static "FOO"] False (const (Just Foo))
    , Route [Static "BAR", Dynamic] False (\[_, x] -> (fmap Bar (fromPathPiece x)))
    , Route [Static "BAZ"] False (const (Just Baz))
    , Route [Static "Foo"] False (const (Just Foo))
    , Route [Static "Bar", Dynamic] False (\[_, x] -> (fmap Bar (fromPathPiece x)))
    , Route [Static "Baz"] False (const (Just Baz))
    , Route [Static "Xfoo"] False (const (Just Foo))
    , Route [Static "Xbar", Dynamic] False (\[_, x] -> (fmap Bar (fromPathPiece x)))
    , Route [Static "Xbaz"] False (const (Just Baz))
    , Route [Static "XFOO"] False (const (Just Foo))
    , Route [Static "XBAR", Dynamic] False (\[_, x] -> (fmap Bar (fromPathPiece x)))
    , Route [Static "XBAZ"] False (const (Just Baz))
    , Route [Static "XFoo"] False (const (Just Foo))
    , Route [Static "XBar", Dynamic] False (\[_, x] -> (fmap Bar (fromPathPiece x)))
    , Route [Static "XBaz"] False (const (Just Baz))
    ]
 main :: IO ()
 main = do
    forM_ samples $ \sample -> unless (simple sample == dispatch sample) (error $ show sample)
    defaultMain
        [ bench "simple" $ nf (map simple) samples
        , bench "dispatch" $ nf (map dispatch) samples
        ]
--- a/yesod-core/bench/th.hs
+++ b/yesod-core/bench/th.hs
@ -0,0 +1,68 @@
 {-# LANGUAGE TemplateHaskell, QuasiQuotes, OverloadedStrings, TupleSections, ViewPatterns #-}
 import Yesod.Routes.TH
 import Yesod.Routes.Parse
 import THHelper
 import Language.Haskell.TH.Syntax
 import Criterion.Main
 import Data.Text (words)
 import Prelude hiding (words)
 import Control.DeepSeq
 import Yesod.Routes.TH.Simple
 import Test.Hspec
 import Control.Monad (forM_, unless)
 $(do
    let (cons, decs) = mkRouteCons $ map (fmap parseType) resources
    clause1 <- mkDispatchClause settings resources
    clause2 <- mkSimpleDispatchClause settings resources
    return $ concat
        [ [FunD (mkName "dispatch1") [clause1]]
        , [FunD (mkName "dispatch2") [clause2]]
        , decs
        , [DataD [] (mkName "Route") [] cons [''Show, ''Eq]]
        ]
    )
 instance NFData Route where
    rnf HomeR = ()
    rnf FooR = ()
    rnf (BarR i) = i `seq` ()
    rnf BazR = ()
 getHomeR :: Maybe Int
 getHomeR = Just 1
 getFooR :: Maybe Int
 getFooR = Just 2
 getBarR :: Int -> Maybe Int
 getBarR i = Just (i + 3)
 getBazR :: Maybe Int
 getBazR = Just 4
 samples = take 10000 $ cycle
    [ words "foo"
    , words "foo bar"
    , words ""
    , words "bar baz"
    , words "bar 4"
    , words "bar 1234566789"
    , words "baz"
    , words "baz 4"
    , words "something else"
    ]
 dispatch2a = dispatch2 `asTypeOf` dispatch1
 main :: IO ()
 main = do
    forM_ samples $ \sample ->
        unless (dispatch1 True (sample, "GET") == dispatch2a True (sample, "GET"))
            (error $ show sample)
    defaultMain
        [ bench "dispatch1" $ nf (map (dispatch1 True . (, "GET"))) samples
        , bench "dispatch2" $ nf (map (dispatch2a True . (, "GET"))) samples
        , bench "dispatch1a" $ nf (map (dispatch1 True . (, "GET"))) samples
        , bench "dispatch2a" $ nf (map (dispatch2a True . (, "GET"))) samples
        ]
--- a/yesod-core/bench/widget.hs
+++ b/yesod-core/bench/widget.hs
@ -0,0 +1,69 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE FlexibleContexts #-}
 -- | BigTable benchmark implemented using Hamlet.
 --
 {-# LANGUAGE QuasiQuotes #-}
 module Main where
 import Gauge.Main
 import Text.Hamlet
 import qualified Data.ByteString.Lazy as L
 import qualified Text.Blaze.Html.Renderer.Utf8 as Utf8
 import Data.Monoid (mconcat)
 import Text.Blaze.Html5 (table, tr, td)
 import Text.Blaze.Html (toHtml)
 import Data.Int
 main :: IO ()
 main = defaultMain
    [ bench "bigTable html" $ nf bigTableHtml bigTableData
    , bench "bigTable hamlet" $ nf bigTableHamlet bigTableData
    --, bench "bigTable widget" $ nfIO (bigTableWidget bigTableData)
    , bench "bigTable blaze" $ nf bigTableBlaze bigTableData
    ]
  where
    rows :: Int
    rows = 1000
    bigTableData :: [[Int]]
    bigTableData = replicate rows [1..10]
    {-# NOINLINE bigTableData #-}
 bigTableHtml :: Show a => [[a]] -> Int64
 bigTableHtml rows = L.length $ Utf8.renderHtml $ ($ id) [hamlet|
 <table>
    $forall row <- rows
        <tr>
            $forall cell <- row
                <td>#{show cell}
 |]
 bigTableHamlet :: Show a => [[a]] ->  Int64
 bigTableHamlet rows = L.length $ Utf8.renderHtml $ ($ id) [hamlet|
 <table>
    $forall row <- rows
        <tr>
            $forall cell <- row
                <td>#{show cell}
 |]
    {-
 bigTableWidget :: Show a => [[a]] -> IO Int64
 bigTableWidget rows = fmap (L.length . Utf8.renderHtml . ($ render)) (run [whamlet|
 <table>
    $forall row <- rows
        <tr>
            $forall cell <- row
                <td>#{show cell}
 |])
  where
  render _ _ = "foo"
  run (WidgetT w) = do
    (_, GWData { gwdBody = Body x }) <- w undefined
    return x
    -}
 bigTableBlaze :: Show a => [[a]] -> Int64
 bigTableBlaze t = L.length $ Utf8.renderHtml $ table $ Data.Monoid.mconcat $ map row t
  where
    row r = tr $ mconcat $ map (td . toHtml . show) r
--- a/yesod-core/src/Yesod/Core.hs
+++ b/yesod-core/src/Yesod/Core.hs
@ -1,4 +1,3 @@
 {-# LANGUAGE TemplateHaskell #-}
 {-# LANGUAGE UndecidableInstances #-}
 {-# LANGUAGE FlexibleInstances #-}
 {-# LANGUAGE FlexibleContexts #-}
@ -19,15 +18,21 @@ module Yesod.Core
    , Approot (..)
    , FileUpload (..)
    , ErrorResponse (..)
-      -- * Utitlities
+      -- * Utilities
    , maybeAuthorized
    , widgetToPageContent
      -- * Defaults
    , defaultErrorHandler
    , defaultYesodMiddleware
    , authorizationCheck
      -- * Data types
    , AuthResult (..)
    , unauthorizedI
      -- * Logging
    , defaultMakeLogger
    , defaultMessageLoggerSource
    , defaultShouldLogIO
    , formatLogMessage
    , LogLevel (..)
    , logDebug
    , logInfo
@ -43,22 +48,35 @@ module Yesod.Core
    , SessionBackend (..)
    , customizeSessionCookies
    , defaultClientSessionBackend
    , envClientSessionBackend
    , clientSessionBackend
    , sslOnlySessions
    , laxSameSiteSessions
    , strictSameSiteSessions
    , sslOnlyMiddleware
    , clientSessionDateCacher
    , loadClientSession
    , Header(..)
    -- * CSRF protection
    , defaultCsrfMiddleware
    , defaultCsrfSetCookieMiddleware
    , csrfSetCookieMiddleware
    , defaultCsrfCheckMiddleware
    , csrfCheckMiddleware
    -- * JS loaders
    , ScriptLoadPosition (..)
    , BottomOfHeadAsync
-      -- * Subsites
+    -- * Generalizing type classes
    , MonadHandler (..)
    , MonadWidget (..)
-    , getRouteToParent
+      -- * Approot
-    , defaultLayoutSub
+    , guessApproot
    , guessApprootOr
    , getApprootText
      -- * Misc
    , yesodVersion
    , yesodRender
-    , runFakeHandler
+    , Yesod.Core.runFakeHandler
      -- * LiteApp
    , module Yesod.Core.Internal.LiteApp
      -- * Low-level
@ -74,8 +92,7 @@ module Yesod.Core
    , module Text.Blaze.Html
    , MonadTrans (..)
    , MonadIO (..)
-    , MonadBase (..)
+    , MonadUnliftIO (..)
    , MonadBaseControl
    , MonadResource (..)
    , MonadLogger
      -- * Commonly referenced functions/datatypes
@ -114,17 +131,15 @@ import Text.Blaze.Html (Html, toHtml, preEscapedToMarkup)
 import Control.Monad.Logger
 import Control.Monad.Trans.Class (MonadTrans (..))
 import Yesod.Core.Internal.Session
-import Yesod.Core.Internal.Run (yesodRunner)
+import Yesod.Core.Internal.Run (yesodRunner, yesodRender)
 import Yesod.Core.Class.Yesod
 import Yesod.Core.Class.Dispatch
 import Yesod.Core.Class.Breadcrumbs
-import Yesod.Core.Internal.Run (yesodRender, runFakeHandler)
+import qualified Yesod.Core.Internal.Run
 import qualified Paths_yesod_core
 import Data.Version (showVersion)
 import Yesod.Routes.Class
-import Control.Monad.IO.Class (MonadIO (..))
+import UnliftIO (MonadIO (..), MonadUnliftIO (..))
 import Control.Monad.Base (MonadBase (..))
 import Control.Monad.Trans.Control (MonadBaseControl (..))
 import Control.Monad.Trans.Resource (MonadResource (..))
 import Yesod.Core.Internal.LiteApp
@ -134,6 +149,15 @@ import Text.Lucius
 import Text.Julius
 import Network.Wai (Application)
 runFakeHandler :: (Yesod site, MonadIO m) =>
                  SessionMap
               -> (site -> Logger)
               -> site
               -> HandlerT site IO a
               -> m (Either ErrorResponse a)
 runFakeHandler = Yesod.Core.Internal.Run.runFakeHandler
 {-# DEPRECATED runFakeHandler "import runFakeHandler from Yesod.Core.Unsafe" #-}
 -- | Return an 'Unauthorized' value, with the given i18n message.
 unauthorizedI :: (MonadHandler m, RenderMessage (HandlerSite m) msg) => msg -> m AuthResult
 unauthorizedI msg = do
@ -155,14 +179,6 @@ maybeAuthorized r isWrite = do
    x <- isAuthorized r isWrite
    return $ if x == Authorized then Just r else Nothing
 getRouteToParent :: Monad m => HandlerT child (HandlerT parent m) (Route child -> Route parent)
 getRouteToParent = HandlerT $ return . handlerToParent
 defaultLayoutSub :: Yesod parent
                 => WidgetT child IO ()
                 -> HandlerT child (HandlerT parent IO) Html
 defaultLayoutSub cwidget = widgetToParentWidget cwidget >>= lift . defaultLayout
 showIntegral :: Integral a => a -> String
 showIntegral x = show (fromIntegral x :: Integer)
--- a/yesod-core/src/Yesod/Core/Class/Breadcrumbs.hs
+++ b/yesod-core/src/Yesod/Core/Class/Breadcrumbs.hs
@ -1,4 +1,5 @@
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE FlexibleContexts #-}
 module Yesod.Core.Class.Breadcrumbs where
 import Yesod.Core.Handler
@ -11,11 +12,11 @@ import Data.Text (Text)
 class YesodBreadcrumbs site where
    -- | Returns the title and the parent resource, if available. If you return
    -- a 'Nothing', then this is considered a top-level page.
-    breadcrumb :: Route site -> HandlerT site IO (Text , Maybe (Route site))
+    breadcrumb :: Route site -> HandlerFor site (Text , Maybe (Route site))
 -- | Gets the title of the current page and the hierarchy of parent pages,
 -- along with their respective titles.
-breadcrumbs :: YesodBreadcrumbs site => HandlerT site IO (Text, [(Route site, Text)])
+breadcrumbs :: (YesodBreadcrumbs site, Show (Route site), Eq (Route site)) => HandlerFor site (Text, [(Route site, Text)])
 breadcrumbs = do
    x <- getCurrentRoute
    case x of
@ -26,6 +27,8 @@ breadcrumbs = do
            return (title, z)
  where
    go back Nothing = return back
-    go back (Just this) = do
+    go back (Just this)
-        (title, next) <- breadcrumb this
+      | this `elem` map fst back = error $ "yesod-core: infinite recursion in breadcrumbs at " ++ show this
-        go ((this, title) : back) next
+      | otherwise = do
          (title, next) <- breadcrumb this
          go ((this, title) : back) next
--- a/yesod-core/src/Yesod/Core/Class/Dispatch.hs
+++ b/yesod-core/src/Yesod/Core/Class/Dispatch.hs
@ -0,0 +1,52 @@
 {-# LANGUAGE MultiParamTypeClasses #-}
 {-# LANGUAGE RecordWildCards #-}
 {-# LANGUAGE RankNTypes #-}
 {-# LANGUAGE FlexibleInstances #-}
 {-# LANGUAGE TypeFamilies #-}
 {-# LANGUAGE FlexibleContexts  #-}
 module Yesod.Core.Class.Dispatch where
 import qualified Network.Wai as W
 import Yesod.Core.Types
 import Yesod.Core.Content (ToTypedContent (..))
 import Yesod.Core.Handler (sendWaiApplication)
 import Yesod.Core.Class.Yesod
 -- | This class is automatically instantiated when you use the template haskell
 -- mkYesod function. You should never need to deal with it directly.
 class Yesod site => YesodDispatch site where
    yesodDispatch :: YesodRunnerEnv site -> W.Application
 class YesodSubDispatch sub master where
    yesodSubDispatch :: YesodSubRunnerEnv sub master -> W.Application
 instance YesodSubDispatch WaiSubsite master where
    yesodSubDispatch YesodSubRunnerEnv {..} = app
      where
        WaiSubsite app = ysreGetSub $ yreSite ysreParentEnv
 instance YesodSubDispatch WaiSubsiteWithAuth master where
  yesodSubDispatch YesodSubRunnerEnv {..} req =
      ysreParentRunner handlert ysreParentEnv (fmap ysreToParentRoute route) req
    where
      route = Just $ WaiSubsiteWithAuthRoute (W.pathInfo req) []
      WaiSubsiteWithAuth set = ysreGetSub $ yreSite $ ysreParentEnv
      handlert = sendWaiApplication set
 subHelper
  :: ToTypedContent content
  => SubHandlerFor child master content
  -> YesodSubRunnerEnv child master
  -> Maybe (Route child)
  -> W.Application
 subHelper (SubHandlerFor f) YesodSubRunnerEnv {..} mroute =
    ysreParentRunner handler ysreParentEnv (fmap ysreToParentRoute mroute)
  where
    handler = fmap toTypedContent $ HandlerFor $ \hd ->
      let rhe = handlerEnv hd
          rhe' = rhe
            { rheRoute = mroute
            , rheChild = ysreGetSub $ yreSite ysreParentEnv
            , rheRouteToMaster = ysreToParentRoute
            }
       in f hd { handlerEnv = rhe' }
--- a/yesod-core/src/Yesod/Core/Class/Handler.hs
+++ b/yesod-core/src/Yesod/Core/Class/Handler.hs
@ -0,0 +1,126 @@
 {-# LANGUAGE CPP #-}
 {-# LANGUAGE TypeFamilies #-}
 {-# LANGUAGE ConstraintKinds #-}
 {-# LANGUAGE TupleSections #-}
 {-# LANGUAGE FlexibleInstances #-}
 {-# LANGUAGE FlexibleContexts #-}
 {-# LANGUAGE UndecidableInstances #-}
 module Yesod.Core.Class.Handler
    ( MonadHandler (..)
    , MonadWidget (..)
    , liftHandlerT
    , liftWidgetT
    ) where
 import Yesod.Core.Types
 import Control.Monad.Logger (MonadLogger)
 import Control.Monad.Trans.Resource (MonadResource)
 import Control.Monad.Trans.Class (lift)
 import Data.Conduit.Internal (Pipe, ConduitM)
 import Control.Monad.Trans.Identity ( IdentityT)
 #if !MIN_VERSION_transformers(0,6,0)
 import Control.Monad.Trans.List     ( ListT    )
 #endif
 import Control.Monad.Trans.Maybe    ( MaybeT   )
 import Control.Monad.Trans.Except   ( ExceptT  )
 import Control.Monad.Trans.Reader   ( ReaderT  )
 import Control.Monad.Trans.State    ( StateT   )
 import Control.Monad.Trans.Writer   ( WriterT  )
 import Control.Monad.Trans.RWS      ( RWST     )
 import qualified Control.Monad.Trans.RWS.Strict    as Strict ( RWST   )
 import qualified Control.Monad.Trans.State.Strict  as Strict ( StateT )
 import qualified Control.Monad.Trans.Writer.Strict as Strict ( WriterT )
 -- FIXME should we just use MonadReader instances instead?
 class (MonadResource m, MonadLogger m) => MonadHandler m where
    type HandlerSite m
    type SubHandlerSite m
    liftHandler :: HandlerFor (HandlerSite m) a -> m a
    liftSubHandler :: SubHandlerFor (SubHandlerSite m) (HandlerSite m) a -> m a
 liftHandlerT :: MonadHandler m => HandlerFor (HandlerSite m) a -> m a
 liftHandlerT = liftHandler
 {-# DEPRECATED liftHandlerT "Use liftHandler instead" #-}
 instance MonadHandler (HandlerFor site) where
    type HandlerSite (HandlerFor site) = site
    type SubHandlerSite (HandlerFor site) = site
    liftHandler = id
    {-# INLINE liftHandler #-}
    liftSubHandler (SubHandlerFor f) = HandlerFor f
    {-# INLINE liftSubHandler #-}
 instance MonadHandler (SubHandlerFor sub master) where
    type HandlerSite (SubHandlerFor sub master) = master
    type SubHandlerSite (SubHandlerFor sub master) = sub
    liftHandler (HandlerFor f) = SubHandlerFor $ \hd -> f hd
      { handlerEnv =
          let rhe = handlerEnv hd
           in rhe
                { rheRoute = fmap (rheRouteToMaster rhe) (rheRoute rhe)
                , rheRouteToMaster = id
                , rheChild = rheSite rhe
                }
      }
    {-# INLINE liftHandler #-}
    liftSubHandler = id
    {-# INLINE liftSubHandler #-}
 instance MonadHandler (WidgetFor site) where
    type HandlerSite (WidgetFor site) = site
    type SubHandlerSite (WidgetFor site) = site
    liftHandler (HandlerFor f) = WidgetFor $ f . wdHandler
    {-# INLINE liftHandler #-}
    liftSubHandler (SubHandlerFor f) = WidgetFor $ f . wdHandler
    {-# INLINE liftSubHandler #-}
 #define GO(T) instance MonadHandler m => MonadHandler (T m) where type HandlerSite (T m) = HandlerSite m; type SubHandlerSite (T m) = SubHandlerSite m; liftHandler = lift . liftHandler; liftSubHandler = lift . liftSubHandler
 #define GOX(X, T) instance (X, MonadHandler m) => MonadHandler (T m) where type HandlerSite (T m) = HandlerSite m; type SubHandlerSite (T m) = SubHandlerSite m; liftHandler = lift . liftHandler; liftSubHandler = lift . liftSubHandler
 GO(IdentityT)
 #if !MIN_VERSION_transformers(0,6,0)
 GO(ListT)
 #endif
 GO(MaybeT)
 GO(ExceptT e)
 GO(ReaderT r)
 GO(StateT s)
 GOX(Monoid w, WriterT w)
 GOX(Monoid w, RWST r w s)
 GOX(Monoid w, Strict.RWST r w s)
 GO(Strict.StateT s)
 GOX(Monoid w, Strict.WriterT w)
 GO(Pipe l i o u)
 GO(ConduitM i o)
 #undef GO
 #undef GOX
 class MonadHandler m => MonadWidget m where
    liftWidget :: WidgetFor (HandlerSite m) a -> m a
 instance MonadWidget (WidgetFor site) where
    liftWidget = id
    {-# INLINE liftWidget #-}
 liftWidgetT :: MonadWidget m => WidgetFor (HandlerSite m) a -> m a
 liftWidgetT = liftWidget
 {-# DEPRECATED liftWidgetT "Use liftWidget instead" #-}
 #define GO(T) instance MonadWidget m => MonadWidget (T m) where liftWidget = lift . liftWidget
 #define GOX(X, T) instance (X, MonadWidget m) => MonadWidget (T m) where liftWidget = lift . liftWidget
 GO(IdentityT)
 #if !MIN_VERSION_transformers(0,6,0)
 GO(ListT)
 #endif
 GO(MaybeT)
 GO(ExceptT e)
 GO(ReaderT r)
 GO(StateT s)
 GOX(Monoid w, WriterT w)
 GOX(Monoid w, RWST r w s)
 GOX(Monoid w, Strict.RWST r w s)
 GO(Strict.StateT s)
 GOX(Monoid w, Strict.WriterT w)
 GO(Pipe l i o u)
 GO(ConduitM i o)
 #undef GO
 #undef GOX
--- a/yesod-core/src/Yesod/Core/Class/Yesod.hs
+++ b/yesod-core/src/Yesod/Core/Class/Yesod.hs
@ -0,0 +1,949 @@
 {-# LANGUAGE FlexibleContexts    #-}
 {-# LANGUAGE OverloadedStrings   #-}
 {-# LANGUAGE QuasiQuotes         #-}
 {-# LANGUAGE TemplateHaskell     #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 module Yesod.Core.Class.Yesod where
 import           Yesod.Core.Content
 import           Yesod.Core.Handler
 import           Yesod.Routes.Class
 import           Data.ByteString.Builder            (Builder)
 import           Data.Text.Encoding                 (encodeUtf8Builder)
 import           Control.Arrow                      ((***), second)
 import           Control.Exception                  (bracket)
 import           Control.Monad                      (forM, when, void)
 import           Control.Monad.IO.Class             (MonadIO (liftIO))
 import           Control.Monad.Logger               (LogLevel (LevelInfo, LevelOther),
                                                     LogSource, logErrorS)
 import           Control.Monad.Trans.Resource       (InternalState, createInternalState, closeInternalState)
 import qualified Data.ByteString.Char8              as S8
 import qualified Data.ByteString.Lazy               as L
 import Data.Aeson (object, (.=))
 import           Data.List                          (foldl', nub)
 import qualified Data.Map                           as Map
 import           Data.Maybe                         (catMaybes)
 import           Data.Monoid
 import           Data.Text                          (Text)
 import qualified Data.Text                          as T
 import qualified Data.Text.Encoding                 as TE
 import qualified Data.Text.Encoding.Error           as TEE
 import           Data.Text.Lazy.Builder             (toLazyText)
 import           Data.Text.Lazy.Encoding            (encodeUtf8)
 import           Data.Word                          (Word64)
 import           Language.Haskell.TH.Syntax         (Loc (..))
 import           Network.HTTP.Types                 (encodePath)
 import qualified Network.Wai                        as W
 import           Network.Wai.Parse                  (lbsBackEnd,
                                                     tempFileBackEnd)
 import           Network.Wai.Logger                 (ZonedDate, clockDateCacher)
 import           System.Log.FastLogger
 import           Text.Blaze                         (customAttribute, textTag,
                                                     toValue, (!),
                                                     preEscapedToMarkup)
 import qualified Text.Blaze.Html5                   as TBH
 import           Text.Hamlet
 import           Text.Julius
 import qualified Web.ClientSession                  as CS
 import           Web.Cookie                         (SetCookie (..), parseCookies, sameSiteLax,
                                                     sameSiteStrict, SameSiteOption, defaultSetCookie)
 import           Yesod.Core.Types
 import           Yesod.Core.Internal.Session
 import           Yesod.Core.Widget
 import Data.CaseInsensitive (CI)
 import qualified Network.Wai.Handler.Warp as Warp
 import qualified Network.Wai.Request
 import Data.IORef
 import UnliftIO (SomeException, catch, MonadUnliftIO)
 -- | Define settings for a Yesod applications. All methods have intelligent
 -- defaults, and therefore no implementation is required.
 class RenderRoute site => Yesod site where
    -- | An absolute URL to the root of the application. Do not include
    -- trailing slash.
    --
    -- Default value: 'guessApproot'. If you know your application root
    -- statically, it will be more efficient and more reliable to instead use
    -- 'ApprootStatic' or 'ApprootMaster'. If you do not need full absolute
    -- URLs, you can use 'ApprootRelative' instead.
    --
    -- Note: Prior to yesod-core 1.5, the default value was 'ApprootRelative'.
    approot :: Approot site
    approot = guessApproot
    -- | @since 1.6.24.0
    --  allows the user to specify how exceptions are cought.
    --  by default all async exceptions are thrown and synchronous
    --  exceptions render a 500 page.
    -- To catch all exceptions (even async) to render a 500 page, 
    -- set this to 'UnliftIO.Exception.catchSyncOrAsync'. Beware
    -- this may have negative effects with functions like 'timeout'.
    catchHandlerExceptions :: MonadUnliftIO m => site -> m a -> (SomeException -> m a) -> m a
    catchHandlerExceptions _ = catch
    -- | Output error response pages.
    --
    -- Default value: 'defaultErrorHandler'.
    errorHandler :: ErrorResponse -> HandlerFor site TypedContent
    errorHandler = defaultErrorHandler
    -- | Applies some form of layout to the contents of a page.
    defaultLayout :: WidgetFor site () -> HandlerFor site Html
    defaultLayout w = do
        p <- widgetToPageContent w
        msgs <- getMessages
        withUrlRenderer [hamlet|
            $newline never
            $doctype 5
            <html>
                <head>
                    <title>#{pageTitle p}
                    $maybe description <- pageDescription p
                      <meta name="description" content="#{description}">
                    ^{pageHead p}
                <body>
                    $forall (status, msg) <- msgs
                        <p class="message #{status}">#{msg}
                    ^{pageBody p}
            |]
    -- | Override the rendering function for a particular URL and query string
    -- parameters. One use case for this is to offload static hosting to a
    -- different domain name to avoid sending cookies.
    --
    -- For backward compatibility default implementation is in terms of
    -- 'urlRenderOverride', probably ineffective
    --
    -- Since 1.4.23
    urlParamRenderOverride :: site
                           -> Route site
                           -> [(T.Text, T.Text)] -- ^ query string
                           -> Maybe Builder
    urlParamRenderOverride _ _ _ = Nothing
    -- | Determine if a request is authorized or not.
    --
    -- Return 'Authorized' if the request is authorized,
    -- 'Unauthorized' a message if unauthorized.
    -- If authentication is required, return 'AuthenticationRequired'.
    isAuthorized :: Route site
                 -> Bool -- ^ is this a write request?
                 -> HandlerFor site AuthResult
    isAuthorized _ _ = return Authorized
    -- | Determines whether the current request is a write request. By default,
    -- this assumes you are following RESTful principles, and determines this
    -- from request method. In particular, all except the following request
    -- methods are considered write: GET HEAD OPTIONS TRACE.
    --
    -- This function is used to determine if a request is authorized; see
    -- 'isAuthorized'.
    isWriteRequest :: Route site -> HandlerFor site Bool
    isWriteRequest _ = do
        wai <- waiRequest
        return $ W.requestMethod wai `notElem`
            ["GET", "HEAD", "OPTIONS", "TRACE"]
    -- | The default route for authentication.
    --
    -- Used in particular by 'isAuthorized', but library users can do whatever
    -- they want with it.
    authRoute :: site -> Maybe (Route site)
    authRoute _ = Nothing
    -- | A function used to clean up path segments. It returns 'Right' with a
    -- clean path or 'Left' with a new set of pieces the user should be
    -- redirected to. The default implementation enforces:
    --
    -- * No double slashes
    --
    -- * There is no trailing slash.
    --
    -- Note that versions of Yesod prior to 0.7 used a different set of rules
    -- involing trailing slashes.
    cleanPath :: site -> [Text] -> Either [Text] [Text]
    cleanPath _ s =
        if corrected == s
            then Right $ map dropDash s
            else Left corrected
      where
        corrected = filter (not . T.null) s
        dropDash t
            | T.all (== '-') t = T.drop 1 t
            | otherwise = t
    -- | Builds an absolute URL by concatenating the application root with the
    -- pieces of a path and a query string, if any.
    -- Note that the pieces of the path have been previously cleaned up by 'cleanPath'.
    joinPath :: site
             -> T.Text -- ^ application root
             -> [T.Text] -- ^ path pieces
             -> [(T.Text, T.Text)] -- ^ query string
             -> Builder
    joinPath _ ar pieces' qs' =
        encodeUtf8Builder ar `mappend` encodePath pieces qs
      where
        pieces = if null pieces' then [""] else map addDash pieces'
        qs = map (TE.encodeUtf8 *** go) qs'
        go "" = Nothing
        go x = Just $ TE.encodeUtf8 x
        addDash t
            | T.all (== '-') t = T.cons '-' t
            | otherwise = t
    -- | This function is used to store some static content to be served as an
    -- external file. The most common case of this is stashing CSS and
    -- JavaScript content in an external file; the "Yesod.Widget" module uses
    -- this feature.
    --
    -- The return value is 'Nothing' if no storing was performed; this is the
    -- default implementation. A 'Just' 'Left' gives the absolute URL of the
    -- file, whereas a 'Just' 'Right' gives the type-safe URL. The former is
    -- necessary when you are serving the content outside the context of a
    -- Yesod application, such as via memcached.
    addStaticContent :: Text -- ^ filename extension
                     -> Text -- ^ mime-type
                     -> L.ByteString -- ^ content
                     -> HandlerFor site (Maybe (Either Text (Route site, [(Text, Text)])))
    addStaticContent _ _ _ = return Nothing
    -- | Maximum allowed length of the request body, in bytes.
    -- This method may be ignored if 'maximumContentLengthIO' is overridden.
    --
    -- If @Nothing@, no maximum is applied.
    --
    -- Default: 2 megabytes.
    maximumContentLength :: site -> Maybe (Route site) -> Maybe Word64
    maximumContentLength _ _ = Just $ 2 * 1024 * 1024 -- 2 megabytes
    -- | Maximum allowed length of the request body, in bytes. This is similar
    -- to 'maximumContentLength', but the result lives in @IO@. This allows
    -- you to dynamically change the maximum file size based on some external
    -- source like a database or an @IORef@.
    --
    -- The default implementation uses 'maximumContentLength'. Future version of yesod will
    -- remove 'maximumContentLength' and use this method exclusively.
    --
    -- @since 1.6.13
    maximumContentLengthIO :: site -> Maybe (Route site) -> IO (Maybe Word64)
    maximumContentLengthIO a b = pure $ maximumContentLength a b
    -- | Creates a @Logger@ to use for log messages.
    --
    -- Note that a common technique (endorsed by the scaffolding) is to create
    -- a @Logger@ value and place it in your foundation datatype, and have this
    -- method return that already created value. That way, you can use that
    -- same @Logger@ for printing messages during app initialization.
    --
    -- Default: the 'defaultMakeLogger' function.
    makeLogger :: site -> IO Logger
    makeLogger _ = defaultMakeLogger
    -- | Send a message to the @Logger@ provided by @getLogger@.
    --
    -- Default: the 'defaultMessageLoggerSource' function, using
    -- 'shouldLogIO' to check whether we should log.
    messageLoggerSource :: site
                        -> Logger
                        -> Loc -- ^ position in source code
                        -> LogSource
                        -> LogLevel
                        -> LogStr -- ^ message
                        -> IO ()
    messageLoggerSource site = defaultMessageLoggerSource $ shouldLogIO site
    -- | Where to Load sripts from. We recommend the default value,
    -- 'BottomOfBody'.
    jsLoader :: site -> ScriptLoadPosition site
    jsLoader _ = BottomOfBody
    -- | Default attributes to put on the JavaScript <script> tag
    -- generated for julius files
    jsAttributes :: site -> [(Text, Text)]
    jsAttributes _ = []
    -- | Same as @jsAttributes@ but allows you to run arbitrary Handler code
    --
    -- This is useful if you need to add a randomised nonce value to the script
    -- tag generated by @widgetFile@. If this function is overridden then
    -- @jsAttributes@ is ignored.
    --
    -- @since 1.6.16
    jsAttributesHandler :: HandlerFor site [(Text, Text)]
    jsAttributesHandler = jsAttributes <$> getYesod
    -- | Create a session backend. Returning 'Nothing' disables
    -- sessions. If you'd like to change the way that the session
    -- cookies are created, take a look at
    -- 'customizeSessionCookies'.
    --
    -- Default: Uses clientsession with a 2 hour timeout.
    makeSessionBackend :: site -> IO (Maybe SessionBackend)
    makeSessionBackend _ = Just <$> defaultClientSessionBackend 120 CS.defaultKeyFile
    -- | How to store uploaded files.
    --
    -- Default: When the request body is greater than 50kb, store in a temp
    -- file. For chunked request bodies, store in a temp file. Otherwise, store
    -- in memory.
    fileUpload :: site -> W.RequestBodyLength -> FileUpload
    fileUpload _ (W.KnownLength size)
        | size <= 50000 = FileUploadMemory lbsBackEnd
    fileUpload _ _ = FileUploadDisk tempFileBackEnd
    -- | Should we log the given log source/level combination.
    --
    -- Default: the 'defaultShouldLogIO' function.
    --
    -- Since 1.2.4
    shouldLogIO :: site -> LogSource -> LogLevel -> IO Bool
    shouldLogIO _ = defaultShouldLogIO
    -- | A Yesod middleware, which will wrap every handler function. This
    -- allows you to run code before and after a normal handler.
    --
    -- Default: the 'defaultYesodMiddleware' function.
    --
    -- Since: 1.1.6
    yesodMiddleware :: ToTypedContent res => HandlerFor site res -> HandlerFor site res
    yesodMiddleware = defaultYesodMiddleware
    -- | How to allocate an @InternalState@ for each request.
    --
    -- The default implementation is almost always what you want. However, if
    -- you know that you are never taking advantage of the @MonadResource@
    -- instance in your handler functions, setting this to a dummy
    -- implementation can provide a small optimization. Only do this if you
    -- really know what you're doing, otherwise you can turn safe code into a
    -- runtime error!
    --
    -- Since 1.4.2
    yesodWithInternalState :: site -> Maybe (Route site) -> (InternalState -> IO a) -> IO a
    yesodWithInternalState _ _ = bracket createInternalState closeInternalState
    {-# INLINE yesodWithInternalState #-}
    -- | Convert a title and HTML snippet into a 'Widget'. Used
    -- primarily for wrapping up error messages for better display.
    --
    -- @since 1.4.30
    defaultMessageWidget :: Html -> HtmlUrl (Route site) -> WidgetFor site ()
    defaultMessageWidget title body = do
        setTitle title
        toWidget
            [hamlet|
                <h1>#{title}
                ^{body}
            |]
 -- | Default implementation of 'makeLogger'. Sends to stdout and
 -- automatically flushes on each write.
 --
 -- Since 1.4.10
 defaultMakeLogger :: IO Logger
 defaultMakeLogger = do
    loggerSet' <- newStdoutLoggerSet defaultBufSize
    (getter, _) <- clockDateCacher
    return $! Logger loggerSet' getter
 -- | Default implementation of 'messageLoggerSource'. Checks if the
 -- message should be logged using the provided function, and if so,
 -- formats using 'formatLogMessage'. You can use 'defaultShouldLogIO'
 -- as the provided function.
 --
 -- Since 1.4.10
 defaultMessageLoggerSource ::
       (LogSource -> LogLevel -> IO Bool) -- ^ Check whether we should
                                          -- log this
    -> Logger
    -> Loc -- ^ position in source code
    -> LogSource
    -> LogLevel
    -> LogStr -- ^ message
    -> IO ()
 defaultMessageLoggerSource ckLoggable logger loc source level msg = do
    loggable <- ckLoggable source level
    when loggable $
        formatLogMessage (loggerDate logger) loc source level msg >>=
        loggerPutStr logger
 -- | Default implementation of 'shouldLog'. Logs everything at or
 -- above 'LevelInfo'.
 --
 -- Since 1.4.10
 defaultShouldLogIO :: LogSource -> LogLevel -> IO Bool
 defaultShouldLogIO _ level = return $ level >= LevelInfo
 -- | Default implementation of 'yesodMiddleware'. Adds the response header
 -- \"Vary: Accept, Accept-Language\", \"X-XSS-Protection: 1; mode=block\", and
 -- performs authorization checks.
 --
 -- Since 1.2.0
 defaultYesodMiddleware :: Yesod site => HandlerFor site res -> HandlerFor site res
 defaultYesodMiddleware handler = do
    addHeader "Vary" "Accept, Accept-Language"
    addHeader "X-XSS-Protection" "1; mode=block"
    authorizationCheck
    handler
 -- | Defends against session hijacking by setting the secure bit on session
 -- cookies so that browsers will not transmit them over http. With this
 -- setting on, it follows that the server will regard requests made over
 -- http as sessionless, because the session cookie will not be included in
 -- the request. Use this as part of a total security measure which also
 -- includes disabling HTTP traffic to the site or issuing redirects from
 -- HTTP urls, and composing 'sslOnlyMiddleware' with the site's
 -- 'yesodMiddleware'.
 --
 -- Since 1.4.7
 sslOnlySessions :: IO (Maybe SessionBackend) -> IO (Maybe SessionBackend)
 sslOnlySessions = (fmap . fmap) secureSessionCookies
  where
    setSecureBit cookie = cookie { setCookieSecure = True }
    secureSessionCookies = customizeSessionCookies setSecureBit
 -- | Helps defend against CSRF attacks by setting the SameSite attribute on
 -- session cookies to Lax. With the Lax setting, the cookie will be sent with same-site
 -- requests, and with cross-site top-level navigations.
 --
 -- This option is liable to change in future versions of Yesod as the spec evolves.
 -- View more information <https://datatracker.ietf.org/doc/draft-west-first-party-cookies/ here>.
 --
 -- @since 1.4.23
 laxSameSiteSessions :: IO (Maybe SessionBackend) -> IO (Maybe SessionBackend)
 laxSameSiteSessions = sameSiteSession sameSiteLax
 -- | Helps defend against CSRF attacks by setting the SameSite attribute on
 -- session cookies to Strict. With the Strict setting, the cookie will only be
 -- sent with same-site requests.
 --
 -- This option is liable to change in future versions of Yesod as the spec evolves.
 -- View more information <https://datatracker.ietf.org/doc/draft-west-first-party-cookies/ here>.
 --
 -- @since 1.4.23
 strictSameSiteSessions :: IO (Maybe SessionBackend) -> IO (Maybe SessionBackend)
 strictSameSiteSessions = sameSiteSession sameSiteStrict
 sameSiteSession :: SameSiteOption -> IO (Maybe SessionBackend) -> IO (Maybe SessionBackend)
 sameSiteSession s = (fmap . fmap) secureSessionCookies
  where
    sameSite cookie = cookie { setCookieSameSite = Just s }
    secureSessionCookies = customizeSessionCookies sameSite
 -- | Apply a Strict-Transport-Security header with the specified timeout to
 -- all responses so that browsers will rewrite all http links to https
 -- until the timeout expires. For security, the max-age of the STS header
 -- should always equal or exceed the client sessions timeout. This defends
 -- against SSL-stripping man-in-the-middle attacks. It is only effective if
 -- a secure connection has already been made; Strict-Transport-Security
 -- headers are ignored over HTTP.
 --
 -- Since 1.4.7
 sslOnlyMiddleware :: Int -- ^ minutes
                  -> HandlerFor site res
                  -> HandlerFor site res
 sslOnlyMiddleware timeout handler = do
    addHeader "Strict-Transport-Security"
              $ T.pack $ concat [ "max-age="
                                , show $ timeout * 60
                                , "; includeSubDomains"
                                ]
    handler
 -- | Check if a given request is authorized via 'isAuthorized' and
 -- 'isWriteRequest'.
 --
 -- Since 1.2.0
 authorizationCheck :: Yesod site => HandlerFor site ()
 authorizationCheck = getCurrentRoute >>= maybe (return ()) checkUrl
  where
    checkUrl url = do
        isWrite <- isWriteRequest url
        ar <- isAuthorized url isWrite
        case ar of
            Authorized -> return ()
            AuthenticationRequired -> do
                master <- getYesod
                case authRoute master of
                    Nothing -> void notAuthenticated
                    Just url' ->
                      void $ selectRep $ do
                          provideRepType typeHtml $ do
                              setUltDestCurrent
                              void $ redirect url'
                          provideRepType typeJson $
                              void notAuthenticated
            Unauthorized s' -> permissionDenied s'
 -- | Calls 'csrfCheckMiddleware' with 'isWriteRequest', 'defaultCsrfHeaderName', and 'defaultCsrfParamName' as parameters.
 --
 -- Since 1.4.14
 defaultCsrfCheckMiddleware :: Yesod site => HandlerFor site res -> HandlerFor site res
 defaultCsrfCheckMiddleware handler =
    csrfCheckMiddleware
        handler
        (getCurrentRoute >>= maybe (return False) isWriteRequest)
        defaultCsrfHeaderName
        defaultCsrfParamName
 -- | Looks up the CSRF token from the request headers or POST parameters. If the value doesn't match the token stored in the session,
 -- this function throws a 'PermissionDenied' error.
 --
 -- For details, see the "AJAX CSRF protection" section of "Yesod.Core.Handler".
 --
 -- Since 1.4.14
 csrfCheckMiddleware :: HandlerFor site res
                    -> HandlerFor site Bool -- ^ Whether or not to perform the CSRF check.
                    -> CI S8.ByteString -- ^ The header name to lookup the CSRF token from.
                    -> Text -- ^ The POST parameter name to lookup the CSRF token from.
                    -> HandlerFor site res
 csrfCheckMiddleware handler shouldCheckFn headerName paramName = do
    shouldCheck <- shouldCheckFn
    when shouldCheck (checkCsrfHeaderOrParam headerName paramName)
    handler
 -- | Calls 'csrfSetCookieMiddleware' with the 'defaultCsrfCookieName'.
 --
 -- The cookie's path is set to @/@, making it valid for your whole website.
 --
 -- Since 1.4.14
 defaultCsrfSetCookieMiddleware :: HandlerFor site res -> HandlerFor site res
 defaultCsrfSetCookieMiddleware handler = setCsrfCookie >> handler
 -- | Takes a 'SetCookie' and overrides its value with a CSRF token, then sets the cookie. See 'setCsrfCookieWithCookie'.
 --
 -- For details, see the "AJAX CSRF protection" section of "Yesod.Core.Handler".
 --
 -- Make sure to set the 'setCookiePath' to the root path of your application, otherwise you'll generate a new CSRF token for every path of your app. If your app is run from from e.g. www.example.com\/app1, use @app1@. The vast majority of sites will just use @/@.
 --
 -- Since 1.4.14
 csrfSetCookieMiddleware :: HandlerFor site res -> SetCookie -> HandlerFor site res
 csrfSetCookieMiddleware handler cookie = setCsrfCookieWithCookie cookie >> handler
 -- | Calls 'defaultCsrfSetCookieMiddleware' and 'defaultCsrfCheckMiddleware'.
 --
 -- For details, see the "AJAX CSRF protection" section of "Yesod.Core.Handler".
 --
 -- You can chain this middleware together with other middleware like so:
 --
 -- @
 -- 'yesodMiddleware' = 'defaultYesodMiddleware' . 'defaultCsrfMiddleware'
 -- @
 --
 -- or:
 --
 -- @
 -- 'yesodMiddleware' app = 'defaultYesodMiddleware' $ 'defaultCsrfMiddleware' $ app
 -- @
 --
 -- Since 1.4.14
 defaultCsrfMiddleware :: Yesod site => HandlerFor site res -> HandlerFor site res
 defaultCsrfMiddleware = defaultCsrfSetCookieMiddleware . defaultCsrfCheckMiddleware
 -- | Convert a widget to a 'PageContent'.
 widgetToPageContent :: Yesod site
                    => WidgetFor site ()
                    -> HandlerFor site (PageContent (Route site))
 widgetToPageContent w = do
 jsAttrs <- jsAttributesHandler
 HandlerFor $ \hd -> do
  master <- unHandlerFor getYesod hd
  ref <- newIORef mempty
  unWidgetFor w WidgetData
    { wdRef = ref
    , wdHandler = hd
    }
  GWData (Body body) (Last mTitle) (Last mDescription) scripts' stylesheets' style jscript (Head head') <- readIORef ref
  let title = maybe mempty unTitle mTitle
      description = unDescription <$> mDescription
      scripts = runUniqueList scripts'
      stylesheets = runUniqueList stylesheets'
  flip unHandlerFor hd $ do
    render <- getUrlRenderParams
    let renderLoc x =
            case x of
                Nothing -> Nothing
                Just (Left s) -> Just s
                Just (Right (u, p)) -> Just $ render u p
    css <- forM (Map.toList style) $ \(mmedia, content) -> do
        let rendered = toLazyText $ content render
        x <- addStaticContent "css" "text/css; charset=utf-8"
           $ encodeUtf8 rendered
        return (mmedia,
            case x of
                Nothing -> Left $ preEscapedToMarkup rendered
                Just y -> Right $ either id (uncurry render) y)
    jsLoc <-
        case jscript of
            Nothing -> return Nothing
            Just s -> do
                x <- addStaticContent "js" "text/javascript; charset=utf-8"
                   $ encodeUtf8 $ renderJavascriptUrl render s
                return $ renderLoc x
    -- modernizr should be at the end of the <head> http://www.modernizr.com/docs/#installing
    -- the asynchronous loader means your page doesn't have to wait for all the js to load
    let (mcomplete, asyncScripts) = asyncHelper render scripts jscript jsLoc
        regularScriptLoad = [hamlet|
            $newline never
            $forall s <- scripts
                ^{mkScriptTag s}
            $maybe j <- jscript
                $maybe s <- jsLoc
                    <script src="#{s}" *{jsAttrs}>
                $nothing
                    <script>^{jelper j}
        |]
        headAll = [hamlet|
            $newline never
            \^{head'}
            $forall s <- stylesheets
                ^{mkLinkTag s}
            $forall s <- css
                $maybe t <- right $ snd s
                    $maybe media <- fst s
                        <link rel=stylesheet media=#{media} href=#{t}>
                    $nothing
                        <link rel=stylesheet href=#{t}>
                $maybe content <- left $ snd s
                    $maybe media <- fst s
                        <style media=#{media}>#{content}
                    $nothing
                        <style>#{content}
            $case jsLoader master
              $of BottomOfBody
              $of BottomOfHeadAsync asyncJsLoader
                  ^{asyncJsLoader asyncScripts mcomplete}
              $of BottomOfHeadBlocking
                  ^{regularScriptLoad}
        |]
    let bodyScript = [hamlet|
            $newline never
            ^{body}
            ^{regularScriptLoad}
        |]
    return $ PageContent title description headAll $
        case jsLoader master of
            BottomOfBody -> bodyScript
            _ -> body
  where
    renderLoc' render' (Local url) = render' url []
    renderLoc' _ (Remote s) = s
    addAttr x (y, z) = x ! customAttribute (textTag y) (toValue z)
    mkScriptTag (Script loc attrs) render' =
        foldl' addAttr TBH.script (("src", renderLoc' render' loc) : attrs) $ return ()
    mkLinkTag (Stylesheet loc attrs) render' =
        foldl' addAttr TBH.link
            ( ("rel", "stylesheet")
            : ("href", renderLoc' render' loc)
            : attrs
            )
    runUniqueList :: Eq x => UniqueList x -> [x]
    runUniqueList (UniqueList x) = nub $ x []
 -- | The default error handler for 'errorHandler'.
 defaultErrorHandler :: Yesod site => ErrorResponse -> HandlerFor site TypedContent
 defaultErrorHandler NotFound = selectRep $ do
    provideRep $ defaultLayout $ do
        r <- waiRequest
        let path' = TE.decodeUtf8With TEE.lenientDecode $ W.rawPathInfo r
        defaultMessageWidget "Not Found" [hamlet|<p>#{path'}|]
    provideRep $ return $ object ["message" .= ("Not Found" :: Text)]
    provideRep $ return ("Not Found" :: Text)
 -- For API requests.
 -- For a user with a browser,
 -- if you specify an authRoute the user will be redirected there and
 -- this page will not be shown.
 defaultErrorHandler NotAuthenticated = selectRep $ do
    provideRep $ defaultLayout $ defaultMessageWidget
        "Not logged in"
        [hamlet|<p style="display:none;">Set the authRoute and the user will be redirected there.|]
    provideRep $ do
        -- 401 *MUST* include a WWW-Authenticate header
        -- however, there is no standard to indicate a redirection
        --
        -- change this to Basic or Digest if you allow those forms of authentications
        addHeader "WWW-Authenticate" "RedirectJSON realm=\"application\", param=\"authentication_url\""
        -- The client will just use the authentication_url in the JSON
        site <- getYesod
        rend <- getUrlRender
        let apair u = ["authentication_url" .= rend u]
            content = maybe [] apair (authRoute site)
        return $ object $ ("message" .= ("Not logged in"::Text)):content
    provideRep $ return ("Not logged in" :: Text)
 defaultErrorHandler (PermissionDenied msg) = selectRep $ do
    provideRep $ defaultLayout $ defaultMessageWidget
        "Permission Denied"
        [hamlet|<p>#{msg}|]
    provideRep $
        return $ object ["message" .= ("Permission Denied. " <> msg)]
    provideRep $ return $ "Permission Denied. " <> msg
 defaultErrorHandler (InvalidArgs ia) = selectRep $ do
    provideRep $ defaultLayout $ defaultMessageWidget
        "Invalid Arguments"
        [hamlet|
            <ul>
                $forall msg <- ia
                    <li>#{msg}
        |]
    provideRep $ return $ object ["message" .= ("Invalid Arguments" :: Text), "errors" .= ia]
    provideRep $ return ("Invalid Arguments: " <> T.intercalate " " ia)
 defaultErrorHandler (InternalError e) = do
    $logErrorS "yesod-core" e
    selectRep $ do
        provideRep $ defaultLayout $ defaultMessageWidget
            "Internal Server Error"
            [hamlet|<pre>#{e}|]
        provideRep $ return $ object ["message" .= ("Internal Server Error" :: Text), "error" .= e]
        provideRep $ return $ "Internal Server Error: " <> e
 defaultErrorHandler (BadMethod m) = selectRep $ do
    provideRep $ defaultLayout $ defaultMessageWidget
        "Method Not Supported"
        [hamlet|<p>Method <code>#{S8.unpack m}</code> not supported|]
    provideRep $ return $ object ["message" .= ("Bad method" :: Text), "method" .= TE.decodeUtf8With TEE.lenientDecode m]
    provideRep $ return $ "Bad Method " <> TE.decodeUtf8With TEE.lenientDecode m
 asyncHelper :: (url -> [x] -> Text)
         -> [Script url]
         -> Maybe (JavascriptUrl url)
         -> Maybe Text
         -> (Maybe (HtmlUrl url), [Text])
 asyncHelper render scripts jscript jsLoc =
    (mcomplete, scripts'')
  where
    scripts' = map goScript scripts
    scripts'' =
        case jsLoc of
            Just s -> scripts' ++ [s]
            Nothing -> scripts'
    goScript (Script (Local url) _) = render url []
    goScript (Script (Remote s) _) = s
    mcomplete =
        case jsLoc of
            Just{} -> Nothing
            Nothing ->
                case jscript of
                    Nothing -> Nothing
                    Just j -> Just $ jelper j
 -- | Default formatting for log messages. When you use
 -- the template haskell logging functions for to log with information
 -- about the source location, that information will be appended to
 -- the end of the log. When you use the non-TH logging functions,
 -- like 'logDebugN', this function does not include source
 -- information. This currently works by checking to see if the
 -- package name is the string \"\<unknown\>\". This is a hack,
 -- but it removes some of the visual clutter from non-TH logs.
 --
 -- Since 1.4.10
 formatLogMessage :: IO ZonedDate
                 -> Loc
                 -> LogSource
                 -> LogLevel
                 -> LogStr -- ^ message
                 -> IO LogStr
 formatLogMessage getdate loc src level msg = do
    now <- getdate
    return $ mempty
        `mappend` toLogStr now
        `mappend` " ["
        `mappend` (case level of
            LevelOther t -> toLogStr t
            _ -> toLogStr $ drop 5 $ show level)
        `mappend` (if T.null src
            then mempty
            else "#" `mappend` toLogStr src)
        `mappend` "] "
        `mappend` msg
        `mappend` sourceSuffix
        `mappend` "\n"
    where
    sourceSuffix = if loc_package loc == "<unknown>" then "" else mempty
        `mappend` " @("
        `mappend` toLogStr (fileLocationToString loc)
        `mappend` ")"
 -- | Customize the cookies used by the session backend.  You may
 -- use this function on your definition of 'makeSessionBackend'.
 --
 -- For example, you could set the cookie domain so that it
 -- would work across many subdomains:
 --
 -- @
 -- makeSessionBackend site =
 --     (fmap . fmap) (customizeSessionCookies addDomain) ...
 --   where
 --     addDomain cookie = cookie { 'setCookieDomain' = Just \".example.com\" }
 -- @
 --
 -- Default: Do not customize anything ('id').
 customizeSessionCookies :: (SetCookie -> SetCookie) -> (SessionBackend -> SessionBackend)
 customizeSessionCookies customizeCookie backend = backend'
  where
    customizeHeader (AddCookie cookie) = AddCookie (customizeCookie cookie)
    customizeHeader other              = other
    customizeSaveSession = (fmap . fmap . fmap) customizeHeader
    backend' =
      backend {
        sbLoadSession = \req ->
          second customizeSaveSession `fmap` sbLoadSession backend req
      }
 defaultClientSessionBackend :: Int -- ^ minutes
                            -> FilePath -- ^ key file
                            -> IO SessionBackend
 defaultClientSessionBackend minutes fp = do
  key <- CS.getKey fp
  (getCachedDate, _closeDateCacher) <- clientSessionDateCacher (minToSec minutes)
  return $ clientSessionBackend key getCachedDate
 -- | Create a @SessionBackend@ which reads the session key from the named
 -- environment variable.
 --
 -- This can be useful if:
 --
 -- 1. You can't rely on a persistent file system (e.g. Heroku)
 -- 2. Your application is open source (e.g. you can't commit the key)
 --
 -- By keeping a consistent value in the environment variable, your users will
 -- have consistent sessions without relying on the file system.
 --
 -- Note: A suitable value should only be obtained in one of two ways:
 --
 -- 1. Run this code without the variable set, a value will be generated and
 --    printed on @/dev/stdout/@
 -- 2. Use @clientsession-generate@
 --
 -- Since 1.4.5
 envClientSessionBackend :: Int -- ^ minutes
                        -> String -- ^ environment variable name
                        -> IO SessionBackend
 envClientSessionBackend minutes name = do
    key <- CS.getKeyEnv name
    (getCachedDate, _closeDateCacher) <- clientSessionDateCacher $ minToSec minutes
    return $ clientSessionBackend key getCachedDate
 minToSec :: (Integral a, Num b) => a -> b
 minToSec minutes = fromIntegral (minutes * 60)
 jsToHtml :: Javascript -> Html
 jsToHtml (Javascript b) = preEscapedToMarkup $ toLazyText b
 jelper :: JavascriptUrl url -> HtmlUrl url
 jelper = fmap jsToHtml
 left :: Either a b -> Maybe a
 left (Left x) = Just x
 left _ = Nothing
 right :: Either a b -> Maybe b
 right (Right x) = Just x
 right _ = Nothing
 clientSessionBackend :: CS.Key  -- ^ The encryption key
                     -> IO ClientSessionDateCache -- ^ See 'clientSessionDateCacher'
                     -> SessionBackend
 clientSessionBackend key getCachedDate =
  SessionBackend {
    sbLoadSession = loadClientSession key getCachedDate "_SESSION"
  }
 justSingleton :: a -> [Maybe a] -> a
 justSingleton d = just . catMaybes
  where
    just [s] = s
    just _   = d
 loadClientSession :: CS.Key
                  -> IO ClientSessionDateCache -- ^ See 'clientSessionDateCacher'
                  -> S8.ByteString -- ^ session name
                  -> W.Request
                  -> IO (SessionMap, SaveSession)
 loadClientSession key getCachedDate sessionName req = load
  where
    load = do
      date <- getCachedDate
      return (sess date, save date)
    sess date = justSingleton Map.empty $ do
      raw <- [v | (k, v) <- W.requestHeaders req, k == "Cookie"]
      val <- [v | (k, v) <- parseCookies raw, k == sessionName]
      let host = "" -- fixme, properly lock sessions to client address
      return $ decodeClientSession key date host val
    save date sess' = do
      -- We should never cache the IV!  Be careful!
      iv <- liftIO CS.randomIV
      return [AddCookie defaultSetCookie
          { setCookieName = sessionName
          , setCookieValue = encodeClientSession key iv date host sess'
          , setCookiePath = Just "/"
          , setCookieExpires = Just (csdcExpires date)
          , setCookieDomain = Nothing
          , setCookieHttpOnly = True
          }]
        where
          host = "" -- fixme, properly lock sessions to client address
 -- taken from file-location package
 -- turn the TH Loc loaction information into a human readable string
 -- leaving out the loc_end parameter
 fileLocationToString :: Loc -> String
 fileLocationToString loc =
    concat
      [ loc_package loc
      , ':' : loc_module loc
      , ' ' : loc_filename loc
      , ':' : line loc
      , ':' : char loc
      ]
  where
    line = show . fst . loc_start
    char = show . snd . loc_start
 -- | Guess the approot based on request headers. For more information, see
 -- "Network.Wai.Middleware.Approot"
 --
 -- In the case of headers being unavailable, it falls back to 'ApprootRelative'
 --
 -- Since 1.4.16
 guessApproot :: Approot site
 guessApproot = guessApprootOr ApprootRelative
 -- | Guess the approot based on request headers, with fall back to the
 -- specified 'AppRoot'.
 --
 -- Since 1.4.16
 guessApprootOr :: Approot site -> Approot site
 guessApprootOr fallback = ApprootRequest $ \master req ->
    case W.requestHeaderHost req of
        Nothing -> getApprootText fallback master req
        Just host ->
            (if Network.Wai.Request.appearsSecure req
                then "https://"
                else "http://")
            `T.append` TE.decodeUtf8With TEE.lenientDecode host
 -- | Get the textual application root from an 'Approot' value.
 --
 -- Since 1.4.17
 getApprootText :: Approot site -> site -> W.Request -> Text
 getApprootText ar site req =
    case ar of
        ApprootRelative -> ""
        ApprootStatic t -> t
        ApprootMaster f -> f site
        ApprootRequest f -> f site req
--- a/yesod-core/src/Yesod/Core/Content.hs
+++ b/yesod-core/src/Yesod/Core/Content.hs
@ -4,7 +4,6 @@
 {-# LANGUAGE TypeSynonymInstances #-}
 {-# LANGUAGE Rank2Types #-}
 {-# LANGUAGE OverloadedStrings #-}
 {-# LANGUAGE CPP #-}
 module Yesod.Core.Content
    ( -- * Content
      Content (..)
@ -53,21 +52,24 @@ import qualified Data.ByteString as B
 import qualified Data.ByteString.Lazy as L
 import Data.Text.Lazy (Text, pack)
 import qualified Data.Text as T
-import Control.Monad (liftM)
+import Data.Text.Encoding (encodeUtf8Builder)
-
+import qualified Data.Text.Lazy as TL
-import Blaze.ByteString.Builder (Builder, fromByteString, fromLazyByteString)
+import Data.ByteString.Builder (Builder, byteString, lazyByteString, stringUtf8)
 import Data.Monoid (mempty)
 import Text.Hamlet (Html)
 import Text.Blaze.Html.Renderer.Utf8 (renderHtmlBuilder)
-import Data.Conduit (Source, ResourceT, Flush (Chunk), ResumableSource, mapOutput)
+import Data.Conduit (Flush (Chunk), SealedConduitT, mapOutput)
-import Data.Conduit.Internal (ResumableSource (ResumableSource))
+import Control.Monad (liftM)
 import Control.Monad.Trans.Resource (ResourceT)
 import qualified Data.Conduit.Internal as CI
 import qualified Data.Aeson as J
 import Data.Aeson.Encode (fromValue)
 import qualified Blaze.ByteString.Builder.Char.Utf8 as Blaze
 import Data.Text.Lazy.Builder (toLazyText)
 import Data.Void (Void, absurd)
 import Yesod.Core.Types
 import Text.Lucius (Css, renderCss)
 import Text.Julius (Javascript, unJavascript)
 import Data.Word8 (_semicolon, _slash)
 import Control.Arrow (second)
 -- | Zero-length enumerator.
 emptyContent :: Content
@ -89,28 +91,40 @@ instance ToContent Content where
 instance ToContent Builder where
    toContent = flip ContentBuilder Nothing
 instance ToContent B.ByteString where
-    toContent bs = ContentBuilder (fromByteString bs) $ Just $ B.length bs
+    toContent bs = ContentBuilder (byteString bs) $ Just $ B.length bs
 instance ToContent L.ByteString where
-    toContent = flip ContentBuilder Nothing . fromLazyByteString
+    toContent = flip ContentBuilder Nothing . lazyByteString
 instance ToContent T.Text where
-    toContent = toContent . Blaze.fromText
+    toContent = toContent . encodeUtf8Builder
 instance ToContent Text where
-    toContent = toContent . Blaze.fromLazyText
+    toContent = toContent . foldMap encodeUtf8Builder . TL.toChunks
 instance ToContent String where
-    toContent = toContent . Blaze.fromString
+    toContent = toContent . stringUtf8
 instance ToContent Html where
    toContent bs = ContentBuilder (renderHtmlBuilder bs) Nothing
 instance ToContent () where
    toContent () = toContent B.empty
 instance ToContent Void where
    toContent = absurd
 instance ToContent (ContentType, Content) where
    toContent = snd
 instance ToContent TypedContent where
    toContent (TypedContent _ c) = c
 instance ToContent (JSONResponse a) where
    toContent (JSONResponse a) = toContent $ J.toEncoding a
-instance ToFlushBuilder builder => ToContent (Source (ResourceT IO) builder) where
+instance ToContent Css where
    toContent = toContent . renderCss
 instance ToContent Javascript where
    toContent = toContent . toLazyText . unJavascript
 instance ToFlushBuilder builder => ToContent (CI.Pipe () () builder () (ResourceT IO) ()) where
    toContent src = ContentSource $ CI.ConduitT (CI.mapOutput toFlushBuilder src >>=)
 instance ToFlushBuilder builder => ToContent (CI.ConduitT () builder (ResourceT IO) ()) where
    toContent src = ContentSource $ mapOutput toFlushBuilder src
-instance ToFlushBuilder builder => ToContent (ResumableSource (ResourceT IO) builder) where
+instance ToFlushBuilder builder => ToContent (SealedConduitT () builder (ResourceT IO) ()) where
-    toContent (ResumableSource src _) = toContent src
+    toContent (CI.SealedConduitT src) = toContent src
 -- | A class for all data which can be sent in a streaming response. Note that
 -- for textual data, instances must use UTF-8 encoding.
@ -119,16 +133,16 @@ instance ToFlushBuilder builder => ToContent (ResumableSource (ResourceT IO) bui
 class ToFlushBuilder a where toFlushBuilder :: a -> Flush Builder
 instance ToFlushBuilder (Flush Builder) where toFlushBuilder = id
 instance ToFlushBuilder Builder where toFlushBuilder = Chunk
-instance ToFlushBuilder (Flush B.ByteString) where toFlushBuilder = fmap fromByteString
+instance ToFlushBuilder (Flush B.ByteString) where toFlushBuilder = fmap byteString
-instance ToFlushBuilder B.ByteString where toFlushBuilder = Chunk . fromByteString
+instance ToFlushBuilder B.ByteString where toFlushBuilder = Chunk . byteString
-instance ToFlushBuilder (Flush L.ByteString) where toFlushBuilder = fmap fromLazyByteString
+instance ToFlushBuilder (Flush L.ByteString) where toFlushBuilder = fmap lazyByteString
-instance ToFlushBuilder L.ByteString where toFlushBuilder = Chunk . fromLazyByteString
+instance ToFlushBuilder L.ByteString where toFlushBuilder = Chunk . lazyByteString
-instance ToFlushBuilder (Flush Text) where toFlushBuilder = fmap Blaze.fromLazyText
+instance ToFlushBuilder (Flush Text) where toFlushBuilder = fmap (foldMap encodeUtf8Builder . TL.toChunks)
-instance ToFlushBuilder Text where toFlushBuilder = Chunk . Blaze.fromLazyText
+instance ToFlushBuilder Text where toFlushBuilder = Chunk . foldMap encodeUtf8Builder . TL.toChunks
-instance ToFlushBuilder (Flush T.Text) where toFlushBuilder = fmap Blaze.fromText
+instance ToFlushBuilder (Flush T.Text) where toFlushBuilder = fmap encodeUtf8Builder
-instance ToFlushBuilder T.Text where toFlushBuilder = Chunk . Blaze.fromText
+instance ToFlushBuilder T.Text where toFlushBuilder = Chunk . encodeUtf8Builder
-instance ToFlushBuilder (Flush String) where toFlushBuilder = fmap Blaze.fromString
+instance ToFlushBuilder (Flush String) where toFlushBuilder = fmap stringUtf8
-instance ToFlushBuilder String where toFlushBuilder = Chunk . Blaze.fromString
+instance ToFlushBuilder String where toFlushBuilder = Chunk . stringUtf8
 instance ToFlushBuilder (Flush Html) where toFlushBuilder = fmap renderHtmlBuilder
 instance ToFlushBuilder Html where toFlushBuilder = Chunk . renderHtmlBuilder
@ -151,6 +165,8 @@ deriving instance ToContent RepJson
 instance HasContentType RepPlain where
    getContentType _ = typePlain
 deriving instance ToContent RepPlain
 instance HasContentType (JSONResponse a) where
    getContentType _ = typeJson
 instance HasContentType RepXml where
    getContentType _ = typeXml
@ -208,18 +224,15 @@ typeOctet = "application/octet-stream"
 -- For example, \"text/html; charset=utf-8\" is commonly used to specify the
 -- character encoding for HTML data. This function would return \"text/html\".
 simpleContentType :: ContentType -> ContentType
-simpleContentType = fst . B.breakByte 59 -- 59 == ;
+simpleContentType = fst . B.break (== _semicolon)
-- Give just the media types as a pair.
+-- | Give just the media types as a pair.
 --
 -- For example, \"text/html; charset=utf-8\" returns ("text", "html")
 contentTypeTypes :: ContentType -> (B.ByteString, B.ByteString)
-contentTypeTypes ct = (main, fst $ B.breakByte semicolon (tailEmpty sub))
+contentTypeTypes = second tailEmpty . B.break (== _slash) . simpleContentType
  where
    tailEmpty x = if B.null x then "" else B.tail x
    (main, sub) = B.breakByte slash ct
    slash = 47
    semicolon = 59
 instance HasContentType a => HasContentType (DontFullyEvaluate a) where
    getContentType = getContentType . liftM unDontFullyEvaluate
@ -229,12 +242,18 @@ instance ToContent a => ToContent (DontFullyEvaluate a) where
 instance ToContent J.Value where
    toContent = flip ContentBuilder Nothing
-              . Blaze.fromLazyText
+              . J.fromEncoding
-              . toLazyText
+              . J.toEncoding
-              . fromValue
+
 instance ToContent J.Encoding where
    toContent = flip ContentBuilder Nothing . J.fromEncoding
 instance HasContentType J.Value where
    getContentType _ = typeJson
 instance HasContentType J.Encoding where
    getContentType _ = typeJson
 instance HasContentType Html where
    getContentType _ = typeHtml
@ -244,6 +263,12 @@ instance HasContentType Text where
 instance HasContentType T.Text where
    getContentType _ = typePlain
 instance HasContentType Css where
    getContentType _ = typeCss
 instance HasContentType Javascript where
    getContentType _ = typeJavascript
 -- | Any type which can be converted to 'TypedContent'.
 --
 -- Since 1.2.0
@ -254,6 +279,8 @@ instance ToTypedContent TypedContent where
    toTypedContent = id
 instance ToTypedContent () where
    toTypedContent () = TypedContent typePlain (toContent ())
 instance ToTypedContent Void where
    toTypedContent = absurd
 instance ToTypedContent (ContentType, Content) where
    toTypedContent (ct, content) = TypedContent ct content
 instance ToTypedContent RepJson where
@ -264,6 +291,8 @@ instance ToTypedContent RepXml where
    toTypedContent (RepXml c) = TypedContent typeXml c
 instance ToTypedContent J.Value where
    toTypedContent v = TypedContent typeJson (toContent v)
 instance ToTypedContent J.Encoding where
    toTypedContent e = TypedContent typeJson (toContent e)
 instance ToTypedContent Html where
    toTypedContent h = TypedContent typeHtml (toContent h)
 instance ToTypedContent T.Text where
@ -272,7 +301,14 @@ instance ToTypedContent [Char] where
    toTypedContent = toTypedContent . pack
 instance ToTypedContent Text where
    toTypedContent t = TypedContent typePlain (toContent t)
 instance ToTypedContent (JSONResponse a) where
    toTypedContent c = TypedContent typeJson (toContent c)
 instance ToTypedContent a => ToTypedContent (DontFullyEvaluate a) where
    toTypedContent (DontFullyEvaluate a) =
        let TypedContent ct c = toTypedContent a
         in TypedContent ct (ContentDontEvaluate c)
 instance ToTypedContent Css where
    toTypedContent = TypedContent typeCss . toContent
 instance ToTypedContent Javascript where
    toTypedContent = TypedContent typeJavascript . toContent
--- a/yesod-core/src/Yesod/Core/Dispatch.hs
+++ b/yesod-core/src/Yesod/Core/Dispatch.hs
@ -10,11 +10,25 @@ module Yesod.Core.Dispatch
    , parseRoutesFile
    , parseRoutesFileNoCheck
    , mkYesod
    , mkYesodOpts
    , mkYesodWith
      -- ** More fine-grained
    , mkYesodData
    , mkYesodDataOpts
    , mkYesodSubData
    , mkYesodSubDataOpts
    , mkYesodDispatch
    , mkYesodDispatchOpts
    , mkYesodSubDispatch
      -- *** Route generation options
    , RouteOpts
    , defaultOpts
    , setEqDerived
    , setShowDerived
    , setReadDerived
      -- *** Helpers
    , defaultGen
    , getGetMaxExpires
      -- ** Path pieces
    , PathPiece (..)
    , PathMultiPiece (..)
@ -22,12 +36,15 @@ module Yesod.Core.Dispatch
      -- * Convert to WAI
    , toWaiApp
    , toWaiAppPlain
    , toWaiAppYre
    , warp
    , warpDebug
    , warpEnv
    , mkDefaultMiddlewares
    , defaultMiddlewaresNoLogging
      -- * WAI subsites
    , WaiSubsite (..)
    , WaiSubsiteWithAuth (..)
    ) where
 import Prelude hiding (exp)
@ -40,19 +57,23 @@ import qualified Network.Wai as W
 import Data.ByteString.Lazy.Char8 ()
 import Data.Bits ((.|.), finiteBitSize, shiftL)
 import Data.Text (Text)
 import Data.Monoid (mappend)
 import qualified Data.ByteString as S
 import qualified Data.ByteString.Lazy as BL
 import qualified Data.ByteString.Char8 as S8
-import qualified Blaze.ByteString.Builder
+import Data.ByteString.Builder (byteString, toLazyByteString)
-import Network.HTTP.Types (status301)
+import Network.HTTP.Types (status301, status307)
 import Yesod.Routes.Parse
 import Yesod.Core.Types
 import Yesod.Core.Class.Yesod
 import Yesod.Core.Class.Dispatch
 import Yesod.Core.Internal.Run
-import Safe (readMay)
+import Text.Read (readMaybe)
 import System.Environment (getEnvironment)
 import System.Entropy (getEntropy)
 import Control.AutoUpdate (mkAutoUpdate, defaultUpdateSettings, updateAction, updateFreq)
 import Yesod.Core.Internal.Util (getCurrentMaxExpiresRFC1123)
 import Network.Wai.Middleware.Autohead
 import Network.Wai.Middleware.AcceptOverride
@ -63,6 +84,7 @@ import Network.Wai.Middleware.MethodOverride
 import qualified Network.Wai.Handler.Warp
 import System.Log.FastLogger
 import Control.Monad.Logger
 import Control.Monad (when)
 import qualified Paths_yesod_core
 import Data.Version (showVersion)
@ -73,12 +95,36 @@ toWaiAppPlain :: YesodDispatch site => site -> IO W.Application
 toWaiAppPlain site = do
    logger <- makeLogger site
    sb <- makeSessionBackend site
-    return $ toWaiAppYre $ YesodRunnerEnv
+    getMaxExpires <- getGetMaxExpires
    return $ toWaiAppYre YesodRunnerEnv
            { yreLogger = logger
            , yreSite = site
            , yreSessionBackend = sb
            , yreGen = defaultGen
            , yreGetMaxExpires = getMaxExpires
            }
 -- | Generate a random number uniformly distributed in the full range
 -- of 'Int'.
 --
 -- Note: Before 1.6.20, this generates pseudo-random number in an
 -- unspecified range. The range size may not be a power of 2. Since
 -- 1.6.20, this uses a secure entropy source and generates in the full
 -- range of 'Int'.
 --
 -- @since 1.6.21.0
 defaultGen :: IO Int
 defaultGen = bsToInt <$> getEntropy bytes
  where
    bits = finiteBitSize (undefined :: Int)
    bytes = div (bits + 7) 8
    bsToInt = S.foldl' (\v i -> shiftL v 8 .|. fromIntegral i) 0
 -- | Pure low level function to construct WAI application. Usefull
 -- when you need not standard way to run your app, or want to embed it
 -- inside another app.
 --
 -- @since 1.4.29
 toWaiAppYre :: YesodDispatch site => YesodRunnerEnv site -> W.Application
 toWaiAppYre yre req =
    case cleanPath site $ W.pathInfo req of
@ -89,18 +135,24 @@ toWaiAppYre yre req =
  where
    site = yreSite yre
    sendRedirect :: Yesod master => master -> [Text] -> W.Application
-    sendRedirect y segments' env =
+    sendRedirect y segments' env sendResponse =
-         return $ W.responseLBS status301
+         sendResponse $ W.responseLBS status
                [ ("Content-Type", "text/plain")
-                , ("Location", Blaze.ByteString.Builder.toByteString dest')
+                , ("Location", BL.toStrict $ toLazyByteString dest')
                ] "Redirecting"
      where
        -- Ensure that non-GET requests get redirected correctly. See:
        -- https://github.com/yesodweb/yesod/issues/951
        status
            | W.requestMethod env == "GET" = status301
            | otherwise                    = status307
        dest = joinPath y (resolveApproot y env) segments' []
        dest' =
            if S.null (W.rawQueryString env)
                then dest
-                else (dest `mappend`
+                else dest `mappend`
-                     Blaze.ByteString.Builder.fromByteString (W.rawQueryString env))
+                     byteString (W.rawQueryString env)
 -- | Same as 'toWaiAppPlain', but provides a default set of middlewares. This
 -- set may change with future releases, but currently covers:
@ -117,11 +169,18 @@ toWaiAppYre yre req =
 toWaiApp :: YesodDispatch site => site -> IO W.Application
 toWaiApp site = do
    logger <- makeLogger site
    toWaiAppLogger logger site
 toWaiAppLogger :: YesodDispatch site => Logger -> site -> IO W.Application
 toWaiAppLogger logger site = do
    sb <- makeSessionBackend site
    getMaxExpires <- getGetMaxExpires
    let yre = YesodRunnerEnv
                { yreLogger = logger
                , yreSite = site
                , yreSessionBackend = sb
                , yreGen = defaultGen
                , yreGetMaxExpires = getMaxExpires
                }
    messageLoggerSource
        site
@ -138,22 +197,47 @@ toWaiApp site = do
 -- middlewares. This set may change at any point without a breaking version
 -- number. Currently, it includes:
 --
 -- * Logging
 --
 -- * GZIP compression
 --
 -- * Automatic HEAD method handling
 --
 -- * Request method override with the _method query string parameter
 --
 -- * Accept header override with the _accept query string parameter
 --
 -- If you need more fine-grained control of middlewares, please use 'toWaiApp'
 -- directly.
 --
 -- Since 1.2.0
 warp :: YesodDispatch site => Int -> site -> IO ()
-warp port site = toWaiApp site >>= Network.Wai.Handler.Warp.runSettings
+warp port site = do
-    Network.Wai.Handler.Warp.defaultSettings
+    logger <- makeLogger site
-        { Network.Wai.Handler.Warp.settingsPort = port
+    toWaiAppLogger logger site >>= Network.Wai.Handler.Warp.runSettings (
-        , Network.Wai.Handler.Warp.settingsServerName = S8.pack $ concat
+        Network.Wai.Handler.Warp.setPort port $
-            [ "Warp/"
+        Network.Wai.Handler.Warp.setServerName serverValue $
-            , Network.Wai.Handler.Warp.warpVersion
+        Network.Wai.Handler.Warp.setOnException (\_ e ->
-            , " + Yesod/"
+                when (shouldLog' e) $
-            , showVersion Paths_yesod_core.version
+                messageLoggerSource
-            , " (core)"
+                    site
-            ]
+                    logger
-        }
+                    $(qLocation >>= liftLoc)
                    "yesod-core"
                    LevelError
                    (toLogStr $ "Exception from Warp: " ++ show e))
        Network.Wai.Handler.Warp.defaultSettings)
  where
    shouldLog' = Network.Wai.Handler.Warp.defaultShouldDisplayException
 serverValue :: S8.ByteString
 serverValue = S8.pack $ concat
    [ "Warp/"
    , Network.Wai.Handler.Warp.warpVersion
    , " + Yesod/"
    , showVersion Paths_yesod_core.version
    , " (core)"
    ]
 -- | A default set of middlewares.
 --
@ -161,14 +245,16 @@ warp port site = toWaiApp site >>= Network.Wai.Handler.Warp.runSettings
 mkDefaultMiddlewares :: Logger -> IO W.Middleware
 mkDefaultMiddlewares logger = do
    logWare <- mkRequestLogger def
-        { destination = Logger logger
+        { destination = Network.Wai.Middleware.RequestLogger.Logger $ loggerSet logger
        , outputFormat = Apache FromSocket
        }
-    return $ logWare
+    return $ logWare . defaultMiddlewaresNoLogging
-           . acceptOverride
+
-           . autohead
+-- | All of the default middlewares, excluding logging.
-           . gzip def
+--
-           . methodOverride
+-- Since 1.2.12
 defaultMiddlewaresNoLogging :: W.Middleware
 defaultMiddlewaresNoLogging = acceptOverride . autohead . gzip def . methodOverride
 -- | Deprecated synonym for 'warp'.
 warpDebug :: YesodDispatch site => Int -> site -> IO ()
@ -186,8 +272,18 @@ warpEnv :: YesodDispatch site => site -> IO ()
 warpEnv site = do
    env <- getEnvironment
    case lookup "PORT" env of
-        Nothing -> error $ "warpEnv: no PORT environment variable found"
+        Nothing -> error "warpEnv: no PORT environment variable found"
        Just portS ->
-            case readMay portS of
+            case readMaybe portS of
                Nothing -> error $ "warpEnv: invalid PORT environment variable: " ++ show portS
                Just port -> warp port site
 -- | Default constructor for 'yreGetMaxExpires' field. Low level
 -- function for simple manual construction of 'YesodRunnerEnv'.
 --
 -- @since 1.4.29
 getGetMaxExpires :: IO (IO Text)
 getGetMaxExpires = mkAutoUpdate defaultUpdateSettings
  { updateAction = getCurrentMaxExpiresRFC1123
  , updateFreq = 24 * 60 * 60 * 1000000 -- Update once per day
  }
--- a/yesod-core/src/Yesod/Core/Handler.hs
+++ b/yesod-core/src/Yesod/Core/Handler.hs
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,2 @@`
							`accessKey: <your access key>`
							`secretKey: <your secret key>`
		`@ -1 +0,0 @@`
			`Subproject commit 9902ff808afbcb417c6ad125941343878e3afe11`
		`@ -0,0 +1,3 @@`
							`## yesod-auth-oauth`

							`Oauth Authentication for Yesod.`
		`@ -0,0 +1,2 @@`
							`import Distribution.Simple`
							`main = defaultMain`