Fork me on GitHub
#beginners
<
2020-03-06
>
bocaj00:03:43

map-indexed doesn't take more than one coll

bfabry00:03:27

(let [ks (conj (keys m) :nth)]
  (into [] (apply map #(zipmap ks %&) (range) (vals m))))
[{:nth 0, :x 1, :y 4, :z 7, :ab 10} {:nth 1, :x 2, :y 5, :z 8, :ab 11} {:nth 2, :x 3, :y 6, :z 9, :ab 12}]
user=>

bocaj00:03:50

nice! Trying to understand the 2 solutions now

bfabry00:03:03

the last one is exploiting the fact that apply is (apply f a b c rest), that the result of keys is a seq which things get conj'd to the front of, and that map stops as soon as any of the sequences passed to it are finished

matthew.pettis03:03:32

Opinions please. What are the community recommended web app/routing frameworks? Is it ring/compojure, or reitit, or somethings else? And what are the best resources to get started with it?

zilti17:03:21

There is also Clojure Liberator. I liked using it a lot.

scott.archer03:03:00

I've been struggling to find a good "quickstart" for building a webapi in clojure. So far this is the best thing I've found - https://medium.com/swlh/building-a-rest-api-in-clojure-3a1e1ae096e

scott.archer03:03:02

It keeps is relatively simple and got me started at least.

scott.archer03:03:30

If you want a "fuller" example, I refer to this - https://github.com/seancorfield/usermanager-example

matthew.pettis03:03:08

Thanks! I should add, I read this, which is a great very first start at understanding ring/compojure, so I need to find other things that expand on what was there, or see if there are other frameworks that are considered standard. http://matthewlisp.com/set-up-clojure-api/

scott.archer03:03:46

I know Pedestal has a series of tutorials that are helpful. It seemed a bit more complex than ring though.

scott.archer03:03:46

The tutorials get you started and are pretty nice.

matthew.pettis03:03:35

I did look at your medium link a bit back. The one part I needed expansion on was POST requests, which is mentioned in passing at the end. But it is a good read on GET and such...

matthew.pettis03:03:43

I'll look at pedestal

scott.archer03:03:41

I was using some middleware that would handle converting the body from JSON or various other formats to a clojure map.

scott.archer03:03:07

It made it easy for what I was doing. I don't think POST is all that different from get, just the data comes in the :body

scott.archer03:03:45

There's middleware that handles form posts if you're trying to post a form too.

scott.archer03:03:35

To be honest, where I get lost is trying to put the middleware together with compojure.

scott.archer03:03:49

as I typically need different middleware for different routes.

scott.archer03:03:09

If you do find a good resource, feel free to send it my way 🙂

matthew.pettis03:03:58

🙂 will do, thanks for these resources.

me143511:03:44

Hi all I have a doubt about destructuring and how can I do it with the result of a group-by where the “keys” are “true” or “false”, for example:

(def items [{:code "4" "type" "multi"}
             { :code "1" "type" "multi" "isDisabled" false}
             { :code "3" "type" "registration"}
             { :code "2" "type" "single" "isDisabled" true}
             { :code "5" "type" "single"}])
(group-by #(= true (get % "isDisabled")) items)

me143511:03:24

oh! I think I have it

(let [{foo true bar false} (group-by #(= true (get % "isDisabled")) items)])

tzafrirben11:03:03

FYI - instead of using = true you can use true? function

glfinn8313:03:13

I'm integrating my service with mongodb. The ones that I've seen getting most coverage are Monger and congomongo. I would have jumped on Monger but looking at their Github it hasn't been touched for a year. congomongo seems to currently be more active, but might be less mature. Anyone have any opinion on how to integrate with mongo?

manutter5113:03:27

We've been happily using Monger for a while now, without issues. You might want to look at the list of outstanding issues on the monger github repo and see if there's anything there that sounds likely to be a problem for you, but we've found it to be pretty stable and useful for our purposes.

glfinn8313:03:59

@manutter51 Thanks for a good response. Provides me with more confidence going ahead with Monger

grierson16:03:06

#{1 2 3 4 5 6 7 8 9}
=> #{7 1 4 6 3 2 9 5 8}
What's going on here?

mmeix16:03:41

A set has no order.

mmeix16:03:00

If you need something ordered you would use a vector. A set is just a bunch of unique values, so it is not garanteed to get them out in any particular order. The same is true for hash-maps.

hindol.adhya19:03:26

A vector is insertion ordered. A sorted set is ordered using a comparator. A (hash) set is neither.

seancorfield16:03:23

@glfinn83 I maintained congomongo for years. At the time I preferred it over Monger because the latter used a single global dynamic var for the db connection, but Monger added that in a later release and was, otherwise, better maintained and better documented than congomongo. I stopped maintaining congomongo because we stopped using MongoDB at work and I'd been recommending people use Monger for a while by that point. Good to know someone has stepped up and is maintaining congomongo again now.

neo255116:03:46

Does anyone would recommend Cordova over React Native for CLJS?

thurmondmb17:03:54

I have done a Reagent/CLJS Cordova app, We lost native look/feel but the company I was working for was paying people to use the app for data collection purposes

thurmondmb17:03:43

I'm not sure of other options out there. I have played around with re-natal a little bit

zilti17:03:33

Another option would be to use Clojure instead, and cljfx

mario.cordova.86219:03:22

App I am working on is using JDBC and raw sql. How do I structure the query call to prevent SQL injection? Ive read that I would need to use parameterized sql queries but not quite sure what that means exactly.

(as-> "ModelT; SELECT version from workbooks where name=Falcon" workbook
    (j/query postgre-db-spec [(str "SELECT user from " workbook-collection-name
                                   " WHERE name = ?; ") workbook]))

manutter5119:03:46

This code may or may not be vulnerable to SQL injection, depending on where workbook-collection-name comes from. In general, if any user has access to set or change the value of workbook-collection-name, and you build a SQL query using str, they can change it to a value that executes a SQL injection attack. The workbook parameter, though, is not vulnerable — you’ve included a ? placeholder for it in the query, and then passed workbook in as a parameter to j/query, which is what “parameterized SQL query” means.

mario.cordova.86219:03:44

workbook-collection-name comes internally from a def at the top of the namespace. workbook gets passed in from the outside. This statement seems to run fine though. Shouldn't there be an exception thrown?

mario.cordova.86219:03:05

My select version from workbooks where name=Falcon after the "ModelT" is my "injection"

manutter5120:03:03

That should be safe, actually. Because you’re using a parameterized query, the value of workbook is never concatenated with your original query string. Your query string is parsed first, and executed by the database engine, with the (unparsed) “injection” string as a raw value that it’s searching for in the name column.

manutter5120:03:45

Beware, though: I don’t think SQL injection vulnerabilities will generally throw exceptions, otherwise they wouldn’t be as dangerous. They operate pretty much silently, which is why you need to be sure you don’t create them in the first place.

mario.cordova.86220:03:22

Thank you, that explanation helps. Which is why the query was returning an empty list.

seancorfield20:03:01

@mario.cordova.862 If it helps, each ? in the SQL string is a parameter for which the value is substituted as an object not as a string. You can't inject SQL fragments via ? so that's safe.

seancorfield20:03:40

However, using str to build a raw SQL string can be vulnerable if you are building it from variables that come from user input. Does that clarify the difference?

mario.cordova.86221:03:11

@seancorfield It does actually. Yea the whole file is building sql like that. But luckily for us this is an internal app but that begs the question is it worth it to rewrite everything as parameterized sql or the network security enough?

seancorfield21:03:23

@mario.cordova.862 Well, I always use ? for the actual parameters, but I do build the rest of the SQL string with str most of the time -- but it's rare that "the rest of the SQL string" is built from any user input (it might be computed data but it doesn't directly contain user input).

seancorfield21:03:32

Part of the reason for preferring ? aside from security is just type conversions: if your parameters are anything except simple numbers, just str'ing them into the SQL string won't work (string parameters would need ' around them -- but what about embedded quotes etc? booleans may or may not need to be turned into 0 and 1, etc).

mario.cordova.86222:03:10

Thats good to know, I didn't think of that