Last active
July 18, 2016 18:43
-
-
Save yogthos/13e72f997cb7cb86ad05ce01d18cffb7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (ns mindfull.middleware | |
| (:require [mindfull.env :refer [defaults]] | |
| [clojure.tools.logging :as log] | |
| [mindfull.layout :refer [*app-context* error-page]] | |
| [ring.middleware.anti-forgery :refer [wrap-anti-forgery]] | |
| [ring.middleware.webjars :refer [wrap-webjars]] | |
| [ring.middleware.format :refer [wrap-restful-format]] | |
| [mindfull.config :refer [env]] | |
| [ring.middleware.flash :refer [wrap-flash]] | |
| [immutant.web.middleware :refer [wrap-session]] | |
| [ring.middleware.defaults :refer [site-defaults wrap-defaults]] | |
| [buddy.auth.middleware :refer [wrap-authentication wrap-authorization]] | |
| [buddy.auth.backends.session :refer [session-backend]] | |
| [buddy.auth.accessrules :refer [restrict]] | |
| [buddy.auth :refer [authenticated?]] | |
| [mindfull.layout :refer [*identity*]]) | |
| (:import [javax.servlet ServletContext])) | |
| (defn wrap-context [handler] | |
| (fn [request] | |
| (binding [*app-context* | |
| (if-let [context (:servlet-context request)] | |
| ;; If we're not inside a servlet environment | |
| ;; (for example when using mock requests), then | |
| ;; .getContextPath might not exist | |
| (try (.getContextPath ^ServletContext context) | |
| (catch IllegalArgumentException _ context)) | |
| ;; if the context is not specified in the request | |
| ;; we check if one has been specified in the environment | |
| ;; instead | |
| (:app-context env))] | |
| (handler request)))) | |
| (defn wrap-internal-error [handler] | |
| (fn [req] | |
| (try | |
| (handler req) | |
| (catch Throwable t | |
| (log/error t) | |
| (error-page {:status 500 | |
| :title "Something very bad has happened!" | |
| :message "We've dispatched a team of highly trained gnomes to take care of the problem."}))))) | |
| (defn wrap-csrf [handler] | |
| (wrap-anti-forgery | |
| handler | |
| {:error-response | |
| (error-page | |
| {:status 403 | |
| :title "Invalid anti-forgery token"})})) | |
| (defn wrap-formats [handler] | |
| (let [wrapped (wrap-restful-format | |
| handler | |
| {:formats [:json-kw :transit-json :transit-msgpack]})] | |
| (fn [request] | |
| ;; disable wrap-formats for websockets | |
| ;; since they're not compatible with this middleware | |
| ((if (:websocket? request) handler wrapped) request)))) | |
| (defn on-error [request response] | |
| (error-page | |
| {:status 403 | |
| :title (str "Access to " (:uri request) " is not authorized")})) | |
| (defn wrap-restricted [handler] | |
| (restrict handler {:handler authenticated? | |
| :on-error on-error})) | |
| (defn wrap-identity [handler] | |
| (fn [request] | |
| (binding [*identity* (get-in request [:session :identity])] | |
| (handler request)))) | |
| (defn wrap-auth [handler] | |
| (let [backend (session-backend)] | |
| (-> handler | |
| wrap-identity | |
| (wrap-authentication backend) | |
| (wrap-authorization backend)))) | |
| (defn wrap-base [handler] | |
| (-> ((:middleware defaults) handler) | |
| wrap-auth | |
| wrap-webjars | |
| wrap-flash | |
| (wrap-session {:cookie-attrs {:http-only true}}) | |
| (wrap-defaults | |
| (-> site-defaults | |
| (assoc-in [:security :anti-forgery] false) | |
| (dissoc :session))) | |
| wrap-context | |
| wrap-internal-error)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment