pathom

:pathom: https://github.com/wilkerlucio/pathom/ & https://pathom3.wsscode.com & https://roamresearch.com/#/app/wsscode
wilkerlucio 2020-11-02T01:22:11.216Z

will be available for both, not public yet

wilkerlucio 2020-11-02T01:22:48.216200Z

but just for the fun, I did some changes, for the curious ones, this is what its looking now:

❤️ 2
souenzzo 2020-11-02T02:57:31.224800Z

Hello 🎃 I did a small prototype of a possible connector between #re-frame and #pathom I would like some feedback of any kind There is 3 main points: - A reg-fx that simply call the parser. it receive a eql query and return's a result - A tree->db function, that smartly merge the db with the result, using the query and it's metadata to do the normalization stuff - A db->tree function, that given a query, it denormalize the DB The data fetched will be normalized as you describe in the query. The final DB can be like a #fulcro db, where you want, or a regular "deep tree db" if you prefer. You will not need to create tons of reg-sub or reg-event, but you can create or migrate slowly as you need. https://github.com/souenzzo/souenzzo.github.io/blob/master/eql-refdb/dev/sample/app.cljs

👀 5
tvaughan 2020-11-02T13:56:35.229Z

I need to restrict queries based on the current user, so I want to write a plugin that is able to provide a map about the current user to the queries using the ring session data. I don't want to trust anything the client sends about who the current user is other than trusting the session token. Is a plugin the right approach? Are there any examples out there on how to do this? Thanks

tvaughan 2020-11-02T14:05:29.234400Z

To add, we're using Fulcro so http://book.fulcrologic.com/#_example_securing_a_normal_remote is an option. However, I'm still unsure how to pass additional data that isn't part of the client query to Pathom

souenzzo 2020-11-02T14:06:02.234800Z

There is some topics here https://github.com/souenzzo/eql-style-guide/issues/4 Any standard/final solution AFIK

eoliphant 2020-11-02T14:06:38.235500Z

we’ve had to do something similar. We convert the token into a user id in the middleware and jam the user id into the env when the parser executes. datomic is our primary backend datastore, and we have some rules that limit the results based on the user. For mutations we just check the perms with a wrapper around the ‘real’ function. I messed around with a plugin approach but it was hard to make it work ‘generically’

tvaughan 2020-11-02T14:12:04.235600Z

> and jam the user id into the env This is the part I haven't figured out yet. Is there an example you could share?

eoliphant 2020-11-02T14:12:20.235800Z

sure one sec

tvaughan 2020-11-02T14:14:25.236Z

Ah ok. I did not think to look at eql-style-guide. Thanks

eoliphant 2020-11-02T14:21:17.236300Z

I’ve pasted in some bits from one of my projects ( this assumes the typical project layout)

; in x.x.server-components.middleware.clj
(defn wrap-api [handler uri]
  (fn [request]
    (if (= uri (:uri request))
      (handle-api-request
        (:transit-params request)
        ; we do the whole request, but you could say just pull the auth header here 
        (fn [tx] (parser {:ring/request request} tx)))
      (handler request))))
; in .x.x.server-components.pathom
;; we wrap this func with core.memoize
(defn userinfo
  "get the userinfo from auth0"
  [env]
  (let [req (:ring/request env)]
    (log/debug :req req)
    (when-let [token (get-in req [:headers "auth-token"])]
      (log/debug "got token" token)
      (log/spy :debug (get-userinfo token)))))
;; in your parser setup
...
::p/plugins [(p/env-wrap-plugin (fn [env]
                (assoc env :userinfo (userinfo env)) 

                       ]
...

eoliphant 2020-11-02T14:27:26.236600Z

I pulled out superfluous stuff that we use. but basically use p/wrap-env-plugin to jack what you’d like into the env

tvaughan 2020-11-02T14:42:03.236800Z

Nice! Thanks a lot @eoliphant! 🔥

eoliphant 2020-11-02T14:42:18.237Z

np 🙂

eoliphant 2020-11-02T14:46:10.237200Z

it’s nice bc our specifics (e.g. Auth0) don’t leak any further, and our users have ‘our’ internal UUID and an external-id attribute that we map to what we get back from auth0 (e.g. auth0|xxxxxx), such that we can have multiple providers or switch from one to another

tvaughan 2020-11-02T14:50:01.237400Z

Cool cool cool. We've taken a similar approach with ids. I'm curious, why did you choose Auth0? I assume your app doesn't have any concept of groups of users or sharing between users, right?

eoliphant 2020-11-02T14:55:41.237600Z

we’d already used it for some other stuff. and we really only use it for identity. Authorization, ‘relationships’, etc are managed in the app

👍 1