This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-03-06
Channels
- # announcements (1)
- # aws (36)
- # babashka (105)
- # beginners (53)
- # calva (27)
- # cider (5)
- # clj-kondo (10)
- # clojure (232)
- # clojure-europe (4)
- # clojure-italy (6)
- # clojure-losangeles (9)
- # clojure-nl (3)
- # clojure-sanfrancisco (3)
- # clojure-uk (124)
- # clojured (3)
- # clojurescript (57)
- # clojutre (1)
- # core-async (9)
- # core-logic (1)
- # cryogen (23)
- # cursive (35)
- # datomic (12)
- # duct (4)
- # events (1)
- # figwheel-main (3)
- # fulcro (9)
- # graalvm (31)
- # jobs (1)
- # jobs-discuss (85)
- # kaocha (11)
- # leiningen (11)
- # luminus (19)
- # malli (47)
- # meander (12)
- # nrepl (8)
- # off-topic (32)
- # pathom (4)
- # pedestal (2)
- # reagent (7)
- # ring-swagger (1)
- # schema (3)
- # sql (5)
- # tools-deps (114)
- # vim (17)
- # xtdb (12)
(let [ks (conj (keys m) :nth)]
(into [] (apply map #(zipmap ks %&) (range) (vals m))))
[{:nth 0, :x 1, :y 4, :z 7, :ab 10} {:nth 1, :x 2, :y 5, :z 8, :ab 11} {:nth 2, :x 3, :y 6, :z 9, :ab 12}]
user=>
the last one is exploiting the fact that apply is (apply f a b c rest), that the result of keys
is a seq which things get conj'd to the front of, and that map stops as soon as any of the sequences passed to it are finished
Opinions please. What are the community recommended web app/routing frameworks? Is it ring/compojure, or reitit, or somethings else? And what are the best resources to get started with it?
I've been struggling to find a good "quickstart" for building a webapi in clojure. So far this is the best thing I've found - https://medium.com/swlh/building-a-rest-api-in-clojure-3a1e1ae096e
If you want a "fuller" example, I refer to this - https://github.com/seancorfield/usermanager-example
Thanks! I should add, I read this, which is a great very first start at understanding ring/compojure, so I need to find other things that expand on what was there, or see if there are other frameworks that are considered standard. http://matthewlisp.com/set-up-clojure-api/
I know Pedestal has a series of tutorials that are helpful. It seemed a bit more complex than ring though.
I did look at your medium link a bit back. The one part I needed expansion on was POST requests, which is mentioned in passing at the end. But it is a good read on GET and such...
I'll look at pedestal
I was using some middleware that would handle converting the body from JSON or various other formats to a clojure map.
It made it easy for what I was doing. I don't think POST is all that different from get, just the data comes in the :body
There's middleware that handles form posts if you're trying to post a form too.
To be honest, where I get lost is trying to put the middleware together with compojure.
Hi all I have a doubt about destructuring and how can I do it with the result of a group-by where the âkeysâ are âtrueâ or âfalseâ, for example:
(def items [{:code "4" "type" "multi"}
{ :code "1" "type" "multi" "isDisabled" false}
{ :code "3" "type" "registration"}
{ :code "2" "type" "single" "isDisabled" true}
{ :code "5" "type" "single"}])
(group-by #(= true (get % "isDisabled")) items)
oh! I think I have it
(let [{foo true bar false} (group-by #(= true (get % "isDisabled")) items)])
I'm integrating my service with mongodb. The ones that I've seen getting most coverage are Monger and congomongo. I would have jumped on Monger but looking at their Github it hasn't been touched for a year. congomongo seems to currently be more active, but might be less mature. Anyone have any opinion on how to integrate with mongo?
We've been happily using Monger for a while now, without issues. You might want to look at the list of outstanding issues on the monger github repo and see if there's anything there that sounds likely to be a problem for you, but we've found it to be pretty stable and useful for our purposes.
@manutter51 Thanks for a good response. Provides me with more confidence going ahead with Monger
If you need something ordered you would use a vector. A set is just a bunch of unique values, so it is not garanteed to get them out in any particular order. The same is true for hash-maps.
There is also this: https://clojuredocs.org/clojure.core/sorted-set
A vector is insertion ordered. A sorted set is ordered using a comparator. A (hash) set is neither.
@glfinn83 I maintained congomongo for years. At the time I preferred it over Monger because the latter used a single global dynamic var for the db connection, but Monger added that in a later release and was, otherwise, better maintained and better documented than congomongo. I stopped maintaining congomongo because we stopped using MongoDB at work and I'd been recommending people use Monger for a while by that point. Good to know someone has stepped up and is maintaining congomongo again now.
Does anyone would recommend Cordova over React Native for CLJS?
I have done a Reagent/CLJS Cordova app, We lost native look/feel but the company I was working for was paying people to use the app for data collection purposes
I'm not sure of other options out there. I have played around with re-natal a little bit
I have done a Reagent/CLJS Cordova app, We lost native look/feel but the company I was working for was paying people to use the app for data collection purposes
App I am working on is using JDBC and raw sql. How do I structure the query call to prevent SQL injection? Ive read that I would need to use parameterized sql queries but not quite sure what that means exactly.
(as-> "ModelT; SELECT version from workbooks where name=Falcon" workbook
(j/query postgre-db-spec [(str "SELECT user from " workbook-collection-name
" WHERE name = ?; ") workbook]))
This code may or may not be vulnerable to SQL injection, depending on where workbook-collection-name
comes from. In general, if any user has access to set or change the value of workbook-collection-name
, and you build a SQL query using str
, they can change it to a value that executes a SQL injection attack. The workbook
parameter, though, is not vulnerable â youâve included a ?
placeholder for it in the query, and then passed workbook
in as a parameter to j/query
, which is what âparameterized SQL queryâ means.
workbook-collection-name
comes internally from a def
at the top of the namespace. workbook
gets passed in from the outside. This statement seems to run fine though. Shouldn't there be an exception thrown?
My select version from workbooks where name=Falcon
after the "ModelT" is my "injection"
That should be safe, actually. Because youâre using a parameterized query, the value of workbook
is never concatenated with your original query string. Your query string is parsed first, and executed by the database engine, with the (unparsed) âinjectionâ string as a raw value that itâs searching for in the name
column.
Beware, though: I donât think SQL injection vulnerabilities will generally throw exceptions, otherwise they wouldnât be as dangerous. They operate pretty much silently, which is why you need to be sure you donât create them in the first place.
Thank you, that explanation helps. Which is why the query was returning an empty list.
@mario.cordova.862 If it helps, each ?
in the SQL string is a parameter for which the value is substituted as an object not as a string. You can't inject SQL fragments via ?
so that's safe.
However, using str
to build a raw SQL string can be vulnerable if you are building it from variables that come from user input. Does that clarify the difference?
@seancorfield It does actually. Yea the whole file is building sql like that. But luckily for us this is an internal app but that begs the question is it worth it to rewrite everything as parameterized sql or the network security enough?
@mario.cordova.862 Well, I always use ?
for the actual parameters, but I do build the rest of the SQL string with str
most of the time -- but it's rare that "the rest of the SQL string" is built from any user input (it might be computed data but it doesn't directly contain user input).
Part of the reason for preferring ?
aside from security is just type conversions: if your parameters are anything except simple numbers, just str
'ing them into the SQL string won't work (string parameters would need '
around them -- but what about embedded quotes etc? booleans may or may not need to be turned into 0
and 1
, etc).