Last active
July 19, 2018 22:10
-
-
Save YannMjl/cd28d28580632794a3d3fdc0761e91a1 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;----------------------------------------------------------------------------------------------------------------------* | |
| ;Behold, our middleware! Note that it's common to prefix our middleware name * | |
| ;with "wrap-", since it surrounds any routes an other middleware "inside" * | |
| ; * | |
| ; We can attach our middleware directly to the main application handler. All * | |
| ; requests/responses will be "filtered" through our logging handler. * | |
| ;----------------------------------------------------------------------------------------------------------------------* | |
| (defn allow-cross-origin | |
| "Middleware function to allow cross origin requests from browsers. | |
| When a browser attempts to call an API from a different domain, it makes an OPTIONS request first to see the server's | |
| cross origin policy. So, in this method we return that when an OPTIONs request is made. | |
| Additionally, for non OPTIONS requests, we need to just returm the 'Access-Control-Allow-Origin' header or else | |
| the browser won't read the data properly. | |
| The above notes are all based on how Chrome works. " | |
| ([handler] | |
| (allow-cross-origin handler "*")) | |
| ([handler allowed-origins] | |
| (fn [request] | |
| (if (= (request :request-method) :options) | |
| (-> (http/ok) ; Don't pass the requests down, just return what the browser needs to continue. | |
| (assoc-in [:headers "Access-Control-Allow-Origin"] allowed-origins) | |
| (assoc-in [:headers "Access-Control-Allow-Methods"] "GET,POST,DELETE") | |
| (assoc-in [:headers "Access-Control-Allow-Headers"] "X-Requested-With,Content-Type,Cache-Control,Origin,Accept,Authorization") | |
| (assoc :status 200) | |
| ) | |
| (-> (handler request) ; Pass the request on, but make sure we add this header for CORS support in Chrome. | |
| (assoc-in [:headers "Access-Control-Allow-Origin"] allowed-origins)))) | |
| ) | |
| ) | |
| (defn wrap-log-request [handler] | |
| (fn [req] ; return handler function | |
| (println req) ; perform logging | |
| (handler req)) ; pass the request through to the inner handler | |
| ) | |
| (def log-route | |
| (-> login-route | |
| wrap-log-request | |
| wrap-json-response)) | |
| (def secured-routes | |
| (-> protected-routes | |
| wrap-log-request | |
| wrap-json-response | |
| (wrap-token-authentication authenticated?) | |
| ) | |
| ; With this middleware in place, we are all set to parse JSON request bodies and | |
| ; serve up JSON responses | |
| ) | |
| (def main-routes | |
| (-> (routes log-route secured-routes) | |
| (allow-cross-origin) | |
| ) | |
| ) | |
| ;----------------------------------------------------------------------------------------------------------------------* | |
| ;this section content the main function that start the server * | |
| ;on local host port 3000 * | |
| ;----------------------------------------------------------------------------------------------------------------------* | |
| (defn -main [& [port]] | |
| (let [port (Integer. (or port (env :port) 3000))] | |
| (jetty/run-jetty (wrap-cors (wrap-multipart-params main-routes) | |
| :access-control-allow-methods #{:get :post :delete :options} | |
| :access-control-allow-headers #{:accept :content-type} | |
| :access-control-allow-origin [#"http://localhost:4200"] | |
| ) | |
| {:port port :join? false} | |
| ) | |
| ) | |
| ) | |
| ;----------------------------------------------------------------------------------------------------------------------* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment