This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
- # bangalore-clj (3)
- # beginners (47)
- # boot (20)
- # cljs-dev (7)
- # cljsjs (16)
- # cljsrn (3)
- # clojure (46)
- # clojure-art (4)
- # clojure-berlin (1)
- # clojure-brasil (2)
- # clojure-greece (1)
- # clojure-india (5)
- # clojure-russia (1)
- # clojure-spec (34)
- # clojure-taiwan (2)
- # clojure-uk (8)
- # clojurescript (69)
- # cursive (9)
- # datascript (26)
- # datomic (1)
- # emacs (2)
- # events (1)
- # hoplon (8)
- # leiningen (3)
- # off-topic (4)
- # proto-repl (4)
- # re-frame (3)
- # reagent (1)
- # rethinkdb (8)
- # rum (3)
- # vim (83)
@gfredericks: if something weird were happening, it would be hard to notice unless you had code that depends on the namespace reload order to function properly.
Has anyone here rolled their own authentication/authorization system with
sente? I’m developing an SPA and want to use websockets exclusively for all communication on the server. I think I understand what I need to do, but just wanted to run my logic by someone else to make sure it’s sound.
localStorage for previous app state, if found restore
• If JWT token is found and expiration date is still valid, initiate
[:handshake [:jwt jwt-token]]
• Server authenticates the JWT token and sends back updated data to the client
• Client resumes the UI to wherever they left off with the updated state
• Assuming no local state was found or the JWT token had expired, show login screen
[:handshake [:login uid device-id bcrypted-password]]
• server verifies the bcrypted password matches the db password, saves the JWT token in the database along with the device-id
(update-in db [:users :uid :device-id :jwt] jwt-token) and completes the handshake
• App stores the JWT token and sends it along in all future
• notify the server to delete the JWT token
• delete all
• only store the users bcrypted password and the most recent JWT tokens [:device-id :jwt]
sente connections: verify the JWT token is valid AND that it matches the database version (during handshake)
sente connections: verify the JWT token on every request. Every so often (once an hour?) create a new JWT token extending the expiration date (refreshing the token). Update the db with this new JWT token and send the new token back to the client
• secure, but not annoying to the user (heavy users only login once per device and their sessions extend indefinitely)
• minimize hitting the database on every request (hence JWT)
• be able to remotely log users out (via dropping the
sente connection and deleting the JWT token from the database)
@thheller: Thanks! So you there’s no benefit to using JWT? I just kept running into it when researching best practices.
excellent, it is then safe to just
[:handshake [:login uid device-id plain-text-password]] as well
yeah, I wasn’t sure about that. I figured if my server ever got hacked then I could at least prevent the attacker from ever knowing their original password
I’m doing a datascript <-> datomic sync based app. So I don’t really have API endpoints and really need to push updates to the client.
Is there a problem with websocket reconnects? On reconnection I’m just going to have the client send
:database-last-sync-time #inst …, then I’ll push down any changes in bulk and then resume streaming updates.
can you explain what you mean by interrupt on sleep? Like the client won’t get updates if the app isn’t open?
they really don't like open network connections since they need to keep the radio on
very true. I don’t really care about background updates, but I wanted the UI to be realtime whenever it’s open. I figured websockets were the best solution, but maybe I should look into push notifications instead.
i want to learn clojurescript and I think this would be a good example to reimplement at first http://bl.ocks.org/ashnur/raw/910a4fdc3556a32f435f248c04108c8f/
Hi everybody ! I'm facing a situation I don't understand. I'm compiling a clojurescript project in
min modes, these mode are repsectively optimised with
:advanced, nothing extraordinary… It compiles well in all cases, but when I run the minificated one (`:advanced`) I get this error in my browser:
It doesn't happen with the
Importing test-only code into non-debug environment: goog.testing.PseudoRandom(…)
:whitespaceone. Well, this message is clear and I understand it well. But I can't find which file/dependency is causing it. I think there is something about the closure compiler I don't know, and neither the stacktrace Google is not helping me at all right now … Do one of you ever encountered this behaviour ?
just run it in a REPL, it will tell you which namespace is using the
and nvim-parinfer touches the file, so i always have to save before i switch buffers, and it's really annoying