Clojurians Log v2

Clojure programming

Channels

# 100-days-of-code # aatree # admin-announcements # adventofcode # ai # alda # aleph # all-the-channels # announcements # arachne # architecture # asami # atlanta-clojurians # atom-editor # autochrome-github # avi # aws # aws-lambda # babashka # babashka-sci-dev # bangalore-clj # beginners # berlin # biff # bigdata # bitcoin # boot # boot-dev # boulder-clojurians # braid-chat # braveandtrue # brevis # bristol-clojurians # business # calva # capetown # carry # cbus # cestmeetup # chestnut # chlorine-clover # cider # circleci # clara # clj-commons # cljdoc # cljfx # clj-http # clj-kondo # clj-on-windows # cljs-dev # cljs-experience # cljsfiddle # cljsjs # cljsrn # cljtogether # clojars # clojure # clojure-android # clojure-argentina # clojure-art # clojure-austin # clojure-australia # clojure-austria # clojure-bangladesh # clojure-bay-area # clojure-beijing # clojure-belgium # clojure-berlin # clojure-boston # clojure-brasil # clojurebridge # clojurebridge-ams # clojure-canada # clojure-chennai # clojure-chicago # clojure-china # clojure-colombia # clojure-conj # clojurecup # clojure-czech # clojured # clojure-denmark # clojure-denver # clojure-derby # clojuredesign-podcast # clojure-dev # clojure-dusseldorf # clojure-ecuador # clojure-egypt # clojure-estonia # clojure-europe # clojure-filipino # clojure-finland # clojure-france # clojure-gamedev # clojure-germany # clojure-greece # clojure-guangzhou # clojure-hamburg # clojure-hk # clojure-houston # clojure-hungary # clojure-india # clojureindia # clojure-indonesia # clojure-ireland # clojure-israel # clojure-italy # clojure-japan # clojure-kc # clojure-korea # clojure-losangeles # clojure-madison # clojure-mexico # clojure-miami # clojure-mk # clojure-mke # clojure-morsels # clojure-my # clojure-new-zealand # clojure-nl # clojure-nlp # clojure-norway # clojure-poland # clojure-portugal # clojure-provo # clojure-quebec # clojureremote # clojure-romania # clojure-russia # clojure-sanfrancisco # clojurescript # clojurescript-ios # clojure-sdn # clojure-seattle # clojure-serbia # clojure-sg # clojure-shanghai # clojure-spain # clojure-spec # clojuresque # clojure-survey # clojure-sweden # clojure-switzerland # clojure-taiwan # clojure-turkiye # clojure-uk # clojure-ukraine # clojureverse-ops # clojurewerkz # clojurewest # clojurex # clojure-za # clojurian-chat-app # clojutre # cloverage # cloxp # clr # code-art # code-reviews # community-development # component # conf-proposals # conjure # consulting # contributions-welcome # copenhagen-clojurians # core-async # core-logic # core-matrix # core-typed # cryogen # crypto # css # cursive # cz-clojure # d2q # datacrypt # datahike # datalevin # datalog # data-oriented-programming # data-science # datascript # datavis # dato # datomic # defnpodcast # deps-new # depstar # devcards # devops # dirac # docker # docs # domino-clj # duct # dunaj # eastwood # editors # emacs # error-message-catalog # etaoin # ethereum # euroclojure # events # exercism # expound # figwheel # figwheel-main # flambo # fulcro # funcool # functionalprogramming # funimage # garden # ghostwheel # girouette # gis # google-cloud # gorilla # graalvm # graalvm-mobile # graclj # graphql # gratitude # gsoc # hammock-driven-dev # helix # heroku # hispano # holy-lambda # honeysql # hoplon # hugsql # humor # hypercrud # hyperfiddle # immutant # improve-getting-started # incanter # indycljs # inf-clojure # instaparse # integrant # interceptors # interop # introduce-yourself # iot # iotivity # ipfs # jackdaw # jaunt # java # javascript # javelin # jobs # jobs-discuss # jobs-rus # joker # jukebox # juxt # jvm # kaocha # keechma # kekkonen # keyboards # klipse # kosmos # lambdaisland # ldnclj # ldnproclodo # lein-figwheel # leiningen # liberator # liquid # livestream # local-first-clojure # london-clojurians # lsp # luminus # lumo # mail # malli # mathematics # meander # melbourne # membrane # mental-health # microservices # mid-cities-meetup # midje # minecraft # minimallist # missionary # monads # mount # music # new-channels # new-clojure # nextjournal # nginx # nrepl # numerical-computing # nyc # observability # off-topic # om # om-next # onyx # other-languages # other-lisps # overtone # pamela # parinfer # pathom # pedestal # perun # philosophy # phzr # planck # plastic # play-clj # podcasts # polylith # portal # portkey # portland-or # powderkeg # practicalli # precept # prelude # programming-beginners # project-updates # proletarian # proton # protorepl # pulsar # pure-frame # qa # qlkit # quil # random # rdf # react # reactive # reading-clojure # reagent # reclojure # re-frame # reitit # releases # remote-jobs # respo # rethinkdb # reveal # rewrite-clj # ring # ring-swagger # robots # rum # schema # sci # sfcljs # shadow-cljs # _silence # sim-testing # sioux-falls # slack-help # sneer # sneer-br # spacemacs # specmonstah # specter # speculative # spirituality-ethics # sql # startup-in-a-month # sydney # test200 # test-check # testing # thejaloniki # timbre # tmp-json-parsing # tools-build # tools-deps # trading # tree-sitter # uncomplicate # unrepl # untangled # utah-clojurians # videos # vim # vrac # vscode # wasm # web-security # windows # xtdb # yada # yleinen

Apps

ring

hawari 2018-03-26T08:29:06.000310Z

How can I apply a middleware only on certain route? For example GET /userinfo will need to authenticate a user first, whereas GET /somethingelse won't require an access token at all.

hawari 2018-03-26T08:31:13.000216Z

Is path + method matching on the middleware is the way to go here?

ikitommi 2018-03-26T09:24:35.000114Z

@hawari.rahman17 many routing libs support this out-of-the-box, some samples: Compojure-api (macros):

(context "/api" []
  :middleware [wrap-api]
  (GET "/userinfo" []
    :middleware [wrap-auth]
    (ok ...))
  (GET "/somethingelse" []
    (ok ...)))

Reitit (data):

["/api" {:middleware [wrap-api]}
 ["/userinfo" {:get {:middleware [wrap-require-auth]
                     :handler ...}}]
 ["/somethingelse" {:get ...}]]

hawari 2018-03-26T09:32:14.000538Z

@ikitommi I've found that routes in compojure is quite extendable, I ended up doing something like this:

(def restricted-routes
  (-&gt; (routes (GET "/protected-path" [] protected-fn))
      (wrap-routes authorize)))

(defroutes app-routes
  (GET "/unprotected-routes" [] "Hello")
  restricted-routes)

ikitommi 2018-03-26T09:33:19.000407Z

I think you don’t need the routes within the restricted-routes.

hawari 2018-03-26T09:33:21.000012Z

My problem is sometimes in the same context, there exists a route that doesn't need to be authorized first

ikitommi 2018-03-26T09:34:49.000056Z

yes, but that’s to way to do it with Compojure. Compojure-api just adds sugar for it, e.g. the :middleware key.

ikitommi 2018-03-26T09:35:02.000481Z

oh, then, yes.

ikitommi 2018-03-26T09:36:14.000379Z

if you are using nginx-clojure, you should be carefull with wrap-routes. It uses mutable request maps and the wrap-routes doesn’t work with it.

hawari 2018-03-26T09:38:21.000348Z

I mean, I'm not using nginx-clojure but I'd like to know what I'd signed up for with wrap-routes

ikitommi 2018-03-26T09:40:15.000493Z

https://github.com/nginx-clojure/nginx-clojure/issues/182#issuecomment-318829347

ikitommi 2018-03-26T09:42:05.000342Z

e.g. wrap-routes adds “call me if the path matches” info to the request. As the request is mutable, the info is still present in the request for the next routes. Next route will see that and invoke the mw. Kinda fatal.

hawari 2018-03-26T09:47:48.000168Z

So in other words, even if the path matches the routes not listed in restricted-routes, the middleware authorize will still gets invoked?

hawari 2018-03-26T09:48:12.000296Z

Wow, thanks for the warning @ikitommi, I'll be sure to remember that

ikitommi 2018-03-26T09:55:50.000433Z

yes, it gets called for the next route by Compojure. np.