Fork me on GitHub
#luminus
<
2021-08-05
>
jper20:08:46

I created a new app using lein new my-app +sqlite . But I see some people are adding things like +re-frame +shadow-cljs +reitit . Is there some specific list of packages that play nice with luminus?

jmckitrick22:08:34

What is the best (most accurate and current) example of authentication? I’ve used it some time ago, and sometimes examples can drift away from the latest libraries.

Daniel Craig03:08:01

I’m interested to know this too

jper06:08:07

I am too

jmckitrick12:08:51

Two questions on this topic:

jmckitrick12:08:21

Should a login function set :identity on the request, or on the :session in the request?

jmckitrick12:08:22

Also, why does wrap-base call (dissoc :session) after wrap-defaults ?

Malik Kennedy16:08:30

> Should a login function set :identity on the request, or on the :session in the request? - request attributes live for the life of that request/response cycle - session attributes for the life of that session so if you put it on the request, the identity will be wiped once user participates in another request/response cycle. In the link below the secition ==Accessing the session== you can see some example session management. > Also, why does wrap-base call (dissoc :session) after wrap-defaults ? https://luminusweb.com/docs/sessions_cookies.html

(defn wrap-base [handler]
  (-> handler
      wrap-dev
      wrap-formats
      wrap-webjars
      (wrap-defaults
        (-> site-defaults
            (assoc-in [:security :anti-forgery] false)
            (dissoc :session)))
      wrap-flash
      wrap-session
      wrap-context
      wrap-internal-error))
not 100% sure but I think its so the wrap-session below it can be assoc'd on

jmckitrick18:08:56

@U010A2QSG9H Makes sense, I was probably confused by some incorrect code I was using as an example. I’m curious, though, if we can get the answer for the second question. Yours makes sense, though.

jmckitrick14:08:02

I think I figured it out. It's one of those details in the docs that you don't know is there until you happen across it. So, after authenticating, you want to set the :identity key on the session but then any handler called within wrap-authentication will have that value added to the request as well. So ultimately, it's in both places.

jmckitrick22:08:55

I think basic route restriction will be fine here… no JWE required at this time.