ring-swagger

ring-swagger & compojure-api
ikitommi 2018-03-22T08:32:53.000339Z

@jmckitrick I think they should be handled in the web-tier. But should the auth-related restructurings be shipped with c-api? I’m not sure. There is already things like :components, which were helpers for request-based Component injection. Not sure if anyone uses that anymore as one can inject components/system via closure into a route tree. Much more explicit.

ikitommi 2018-03-22T08:36:29.000097Z

But, I don’t have a answer yet, so open to suggestions. Options would be: 1) integrate buddy into c-api, add new keys into the core to easily restructure things &/ guard routes like :current-user, :auth-rules etc + api-level options for different auth-mechanisms 2) do examples how-to do these in the client side (as you have done, BIG thanks!!!!) 3) use more standard extensions like middleware to do this:

(context "/admin" []
   :middleware [[wrap-require-roles #{:admin}]]
   :description "only admins see these routes"
   ...)

ikitommi 2018-03-22T08:37:23.000368Z

What do you think would be best?

jmckitrick 2018-03-22T13:47:56.000709Z

Hmm, that’s a good question. I’d imagine the less-integrated approach is better, with people still having a choice of authentication libraries.

jmckitrick 2018-03-22T13:48:34.000136Z

I’m going to add some more to the auth page of the wiki today.

1👍
jmckitrick 2018-03-22T13:51:32.000528Z

@ikitommi ^

jooivind 2018-03-22T15:04:17.000718Z

any good ways of disabling swagger-documentation in production environment?

ikitommi 2018-03-22T15:52:57.000292Z

@jooivind it’s just data, so you can set the :swagger to nil:

(defn app [{:keys [dev?]}]
  (api
    {:swagger 
      (if dev? {:spec "/swagger.json", :ui "/api-docs"}})
    ...))

jmckitrick 2018-03-22T15:55:39.000005Z

@ikitommi What helped you get to the level of meta-programming you use in compojure-api ?

ikitommi 2018-03-22T16:02:22.000112Z

I tried to add swagger support to Spray (a functional Scala web framework) but I coudn’t - just too hard. I was determined that it’s easier with Clojure. Not sure it was, but got it working in the end. Lot of learning macros.

ikitommi 2018-03-22T16:04:53.000170Z

oh, it’s over 4 years old now.

jmckitrick 2018-03-22T16:13:57.000616Z

I’ve done a decent amount of Common Lisp macros, but not Clojure. Yet. And I’m working on the first Clojure projects in a Scala shop 😉

jmckitrick 2018-03-22T18:06:31.000546Z

@ikitommi I think middleware is the best approach for authentication, since it’s consistent with ring’s approach. But I’ve not tried the other approach you suggested, with closures into a route tree. Do you have an example?