This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-11-26
Channels
- # bangalore-clj (3)
- # beginners (47)
- # boot (20)
- # cljs-dev (7)
- # cljsjs (16)
- # cljsrn (3)
- # clojure (46)
- # clojure-art (4)
- # clojure-berlin (1)
- # clojure-brasil (2)
- # clojure-greece (1)
- # clojure-india (5)
- # clojure-russia (1)
- # clojure-spec (34)
- # clojure-taiwan (2)
- # clojure-uk (8)
- # clojurescript (69)
- # cursive (9)
- # datascript (26)
- # datomic (1)
- # emacs (2)
- # events (1)
- # hoplon (8)
- # leiningen (3)
- # off-topic (4)
- # proto-repl (4)
- # re-frame (3)
- # reagent (1)
- # rethinkdb (8)
- # rum (3)
- # vim (83)
@gfredericks: if something weird were happening, it would be hard to notice unless you had code that depends on the namespace reload order to function properly.
Nope I don't do any reloading
Has anyone here rolled their own authentication/authorization system with sente
? I’m developing an SPA and want to use websockets exclusively for all communication on the server. I think I understand what I need to do, but just wanted to run my logic by someone else to make sure it’s sound.
APP INIT:
• Check localStorage
for previous app state, if found restore
• If JWT token is found and expiration date is still valid, initiate sente
connection [:handshake [:jwt jwt-token]]
• Server authenticates the JWT token and sends back updated data to the client
• Client resumes the UI to wherever they left off with the updated state
APP LOGIN:
• Assuming no local state was found or the JWT token had expired, show login screen
• initiate sente
connection [:handshake [:login uid device-id bcrypted-password]]
• server verifies the bcrypted password matches the db password, saves the JWT token in the database along with the device-id (update-in db [:users :uid :device-id :jwt] jwt-token)
and completes the handshake
• App stores the JWT token and sends it along in all future sente
communication
APP LOGOUT:
• notify the server to delete the JWT token
• delete all localStorage
state
SERVER:
• only store the users bcrypted password and the most recent JWT tokens [:device-id :jwt]
• new sente
connections: verify the JWT token is valid AND that it matches the database version (during handshake)
• existing sente
connections: verify the JWT token on every request. Every so often (once an hour?) create a new JWT token extending the expiration date (refreshing the token). Update the db with this new JWT token and send the new token back to the client
GOALS:
• secure, but not annoying to the user (heavy users only login once per device and their sessions extend indefinitely)
• minimize hitting the database on every request (hence JWT)
• be able to remotely log users out (via dropping the sente
connection and deleting the JWT token from the database)
@seantempesta sounds good, except maybe for the part where I think JWT is nonsense
@thheller: Thanks! So you there’s no benefit to using JWT? I just kept running into it when researching best practices.
oh, of course
everything will be running over SSL
excellent, it is then safe to just [:handshake [:login uid device-id plain-text-password]]
as well
yeah, I wasn’t sure about that. I figured if my server ever got hacked then I could at least prevent the attacker from ever knowing their original password
ah, I see. I’ll look around.
Thanks for the feedback!
I’m doing a datascript <-> datomic sync based app. So I don’t really have API endpoints and really need to push updates to the client.
Is there a problem with websocket reconnects? On reconnection I’m just going to have the client send :database-last-sync-time #inst …
, then I’ll push down any changes in bulk and then resume streaming updates.
can you explain what you mean by interrupt on sleep? Like the client won’t get updates if the app isn’t open?
This is a react native project, so yes mobile is very important to me. 🙂
they really don't like open network connections since they need to keep the radio on
yeah, I’ll have to look into this
very true. I don’t really care about background updates, but I wanted the UI to be realtime whenever it’s open. I figured websockets were the best solution, but maybe I should look into push notifications instead.
good to keep in mind!
i thought sente automatically attempts to reconnect?
i want to learn clojurescript and I think this would be a good example to reimplement at first http://bl.ocks.org/ashnur/raw/910a4fdc3556a32f435f248c04108c8f/
Hi everybody ! I'm facing a situation I don't understand. I'm compiling a clojurescript project in dev
, pre-min
, and min
modes, these mode are repsectively optimised with :none
, :whitespace
, and :advanced
, nothing extraordinary… It compiles well in all cases, but when I run the minificated one (`:advanced`) I get this error in my browser:
Importing test-only code into non-debug environment: goog.testing.PseudoRandom(…)
It doesn't happen with the :whitespace
one.
Well, this message is clear and I understand it well. But I can't find which file/dependency is causing it.
I think there is something about the closure compiler I don't know, and neither the stacktrace Google is not helping me at all right now …
Do one of you ever encountered this behaviour ?@ggaillard something must be doing (:require [goog.testing.PseudoRandom])
@ggaillard https://gist.github.com/thheller/57f9e3bf8c8b9f68b9225cfe2884e996 you can try this
just run it in a REPL, it will tell you which namespace is using the goog.testing.PseudoRandom
Has anyone here done any beat detection stuff with Clojurescript? I'm just looking at the different javascript libraries out there, but I'd like to hear your thoughts
sorry maybe I should've posted this to clojure-art 😛
and nvim-parinfer touches the file, so i always have to save before i switch buffers, and it's really annoying
@thheller awesome thank you !