Fork me on GitHub
#beginners
<
2018-07-05
>
fmn00:07:30

Alright thanks for all the pointers!

alice04:07:32

Does anyone have any good resources or blog posts that will walk me through cookie based sessions with Clojure and Compojure? I can find resources for cookies in compojure, I can find resources for sessions in clojure, I can't seem to find any resources specifically using cookies in compojure to make user sessions though. Search results are basically all JWT localstorage stuff, or not complete or detailed enough to be of use to me.

alice04:07:59

Really, I doubt my application is going to be used by very many people, but I hope you guys understand. My biggest fear is probably some innocent person's privacy being compromised because I didn't take the time to implement sessions properly and leaked their data or something, I'm not storing any personal info or anything, but I want to do it right and make my app look as professional as possible to help me find a job in Clojure.

alice04:07:23

Thanks in advance for your time and consideration.

mg04:07:09

@aliceare you looking to store all the session data in an encrypted client cookie, or just have like a session id in the cookie and store the session data server side?

alice04:07:13

@michael.gaare Leaving out the server feels cleaner, but then do I lose the ability to invalidate cookies and stuff? I'd ideally like to do it as by-the-book as possible and I feel like a server backed implementation is the way to go for that. (Unless your opinion is that I should go the other way)

mg04:07:35

If everything is client-side, you'd need to introduce some stateful system to handle cookie invalidation. Something like how client cert invalidation works, perhaps, where there's a revocation list. Anyway, I don't think there's any one "by-the-book" way to do authentication and session management. JWT is popular these days, and it's sort of a hybrid. You can stuff session data into the token so the server can be stateless, but it has built-in expiration and you'll need something that handles the issuing/renewal flow. There's some pretty good stuff for that here: https://github.com/funcool/buddy

alice04:07:34

Thanks for the thought out response 🙂 appreciate it

orestis06:07:32

I’ve been down the same Rabbit hole @alice and in the end, using a cookie to look up a database backed session is the simplest solution - if you control both front end and backend.

orestis06:07:21

Database of course is optional, but you probably don’t want people being logged out when you restart the server, so...

manutter5111:07:48

@alice @mg You might also want to check out this article on the hazards of using JWT for auth http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/

astrashe15:07:55

I'm having trouble getting the sample code at https://gist.github.com/philippkueng/11377226 to work. It's supposed to retrieve a photo from the web and save it to disk. If I do this, I get a response that looks OK: (client/get "" {:as :byte-array}) But if I try to extract the byte-array from the map, it has length 0: (count ((client/get "" {:as :byte-array}) :body)) I'm sure this is something dumb/simple, but I can't figure out what it is.

bherrmann15:07:19

shouldnt that be (count (thing)) not (count ((thing))) or (count (get (thing) :body)) or (count (:body (thing)))

bherrmann15:07:42

where (thing) = (client/get “https://upload.wikimedia.org/wikipedia/en/a/a9/Example.jpg” {:as :byte-array})

adam15:07:08

Hi. How can I load profiles.clj into CURSIVE REPL?

adam15:07:56

My profiles.clj file starts with: {:dev {:env {:env-name. I need to load it in CURSIVE REPL in order for me to be able to use (:env-name env) in my REPL testing. My ns declaration include: (:require [environ.core :refer [env]]

lispyclouds15:07:34

@somedude314 asking in #cursive might help you better

adam15:07:41

@rahul080327 sorry, I didn't notice that channel.

lispyclouds15:07:05

not a problem at all 🙂

astrashe15:07:03

@bherrmann I think that the get function returns a map, and that the :body key in the map contains a byte-array

mg15:07:15

@astrashe Yeah there’s something odd going on with that. I’ve tried a couple of things, and I keep getting empty bodies trying to GET images.

astrashe15:07:34

@mg that makes me feel better

mg15:07:30

@astrashe I’m having more luck with {:as :stream} - the resulting InputStream actually has data in it

astrashe15:07:12

@mg thanks -- I'll try to make that work

SoV418:07:07

is it possible to connect a repl to an already running instance of leiningen?

Mario C.18:07:27

Quick question: How can I make #object[org.bson.types.ObjectId 0x4870b439 "5b3e6525babb8b41f0f63a62"] into a Clojure type I can work with?

SoV418:07:21

Hmm @mario.cordova.862 are you using a BSON encoding/decoding library?

Mario C.18:07:15

What do you mean by that?

SoV418:07:59

it looks like you're working with a BSON object, how did you end up with one?

Mario C.18:07:16

Normally it returns {:_id "5b3e6525babb8b41f0f63a62"}

Mario C.18:07:26

But in the case of testing it is returning that object

Mario C.18:07:55

But to answer your question I am saving to mongodb with {:_id (ObjectId.)}

SoV418:07:00

That's very different behavior... testing is returning the reference instead of the value

Mario C.18:07:56

How can I access the string value of the id from that reference I get back?

SoV418:07:01

oh, the ID is in there actually, at the end...

SoV418:07:59

um, i guess you could (str result) and do some manipulation on it, but honestly there is probably a cleaner way than string manipulating the reference obj

SoV418:07:34

what is the discrepancy between your live/production version and your testing invokation if anything?

SoV418:07:44

(ObjectId.) ?

Mario C.18:07:42

(.toString (:_id (get-by-id "5b3e6525babb8b41f0f63a62")))

Mario C.18:07:52

That actually worked and return 5b3e6525babb8b41f0f63a62

SoV418:07:33

what does (get-by-id "") do?

SoV418:07:49

oh, nevermind, i see. good, i'm glad it works

SoV418:07:21

Hi, how do I compile with Java 1.7 instead of Java 1.8 when my production box complains about a major/minor version mismatch?

noisesmith20:07:53

there's a javac flag for this, and there's a way to set that in your project manager config https://stackoverflow.com/questions/15492948/javac-source-and-target-options

Mario C.18:07:52

@sova thanks!

orestis19:07:34

@mario.cordova.862 You can just call str on mongo ObjectIds

orestis19:07:59

But be careful because you then have to convert them back to use them in a query.

Mario C.19:07:52

@orestis What do you mean by using them in a query? Because in order to query mongo it seems like they have to be in string format

orestis19:07:50

That would be very surprising. Are you using monger? It definitely expects ids to be ObjectIds.

orestis19:07:43

I’m on mobile and can’t check, but I think it does. You shouldn’t need to cast to/from string.

Mario C.19:07:47

You are right!

Mario C.19:07:58

I am casting to ObjectIds when querying mongo