(:identity req)is auth backend independent way to access user data- login and logout implementation depends on auth backend
:current-userdoesn't imply that authentication is required, route should also have:auth-rulesif authentication is required
-
-
Save gzeureka/a4e791599a4a2933f5f0 to your computer and use it in GitHub Desktop.
Compojure-api and Buddy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns backend.access | |
| (:require [buddy.auth :refer [authenticated?]])) | |
| (defn authenticated [req] | |
| (authenticated? req)) | |
| (defn admin [req] | |
| (and (authenticated? req) | |
| (#{:admin} (:role (:identity req))))) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns backend.handler | |
| (:require [backend.session :refer [wrap-app-session]] | |
| [ring.util.http-response :refer [ok]] | |
| [compojure.api.sweet :refer :all] | |
| [backend.access :as access] | |
| backend.restructure)) | |
| (defapi app' | |
| (swagger-ui "/api-docs") | |
| (swagger-docs | |
| :info {:title "API"}) | |
| (POST* "/login" [] | |
| (assoc-in (ok) [:session :identity] {:_id 1, :username "juho"})) | |
| (POST* "/logout" [] | |
| (assoc-in (ok) [:session :identity] nil)) | |
| (GET* "/foo" [] | |
| :auth-rules access/authenticated | |
| ; :auth-rules {:or [access/authenticated access/other-predicate]} | |
| ; :auth-rules {:and [access/authenticated access/other-predicate]} | |
| :current-user user | |
| (ok user)) | |
| (def app | |
| (-> app' | |
| wrap-app-session)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns backend.restructure | |
| (:require [compojure.api.meta :refer [restructure-param]] | |
| [backend.session :refer [wrap-rule]] | |
| [backend.access :as access])) | |
| (defmethod restructure-param :auth-rules | |
| [_ rule acc] | |
| (update-in acc [:middlewares] conj `(wrap-rule ~rule))) | |
| (defmethod restructure-param :current-user | |
| [_ binding acc] | |
| (update-in acc [:letks] into [binding `(:identity ~'+compojure-api-request+)])) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns backend.session | |
| (:require [ring.util.http-response :refer [unauthorized forbidden]] | |
| [ring.middleware.session :refer [wrap-session]] | |
| [buddy.auth :refer [authenticated? throw-unauthorized]] | |
| [buddy.auth.backends.session :refer [session-backend]] | |
| [buddy.auth.accessrules :refer [wrap-access-rules]] | |
| [buddy.auth.middleware :refer [wrap-authentication wrap-authorization]])) | |
| ; FIXME: From config | |
| (def cookie-name "backend-session") | |
| (def auth-backend | |
| ; By default responds with 401 or 403 if unauthorized | |
| (session-backend)) | |
| (defn wrap-app-session [handler] | |
| (-> handler | |
| (wrap-authorization auth-backend) | |
| (wrap-authentication auth-backend) | |
| (wrap-session {:cookie-name cookie-name}))) | |
| (defn access-error [req val] | |
| (unauthorized val)) | |
| (defn wrap-rule [handler rule] | |
| (-> handler | |
| (wrap-access-rules {:rules [{:pattern #".*" | |
| :handler rule}] | |
| :on-error access-error}))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment