Fork me on GitHub
#pedestal
<
2021-07-31
>
ChillPillzKillzBillz14:07:54

Can someone please explain the back tick notation in pedestal routes definition...? e.g.

(def routes
  (let [session-interceptor (middlewares/session {:store (cookie/cookie-store)})]
    (route/expand-routes
     [[["/" {:get `intro-form}]
       ["/introduce" ^:interceptors [(body-params/body-params)
                                     middlewares/params
                                     middlewares/keyword-params
                                     session-interceptor]
        {:post `introduction}]
       ["/hello" ^:interceptors [session-interceptor]
        {:get `hello}]]])))

souenzzo16:07:48

backtick isn't a pedestal thing backtick is a clojure thing it's the "quasiquote" operation when you write intor-form, it evaluates to an object, usually something like #object[...$intro_form ...] When you do a quasiquote, it returns the symbol you can replace

{:get `intro-form}
with {:get (symbol "current-namespace" "intro-form")}

souenzzo19:07:21

when you use a symbol, you don't need to use a route-name

ChillPillzKillzBillz09:08:01

cool Many Thanks for the explanation!

ChillPillzKillzBillz15:07:23

Another noob question: I am trying to replicate the pedestal sample for session management using cookies from official http://pedestal.io . The code can be found https://github.com/pedestal/pedestal/tree/master/samples/ring-middleware. The code works great for me. But now I want to make sure that nobody can end up being asked to tell their names again once they've already done so... So I made the following modifications:

(defn intro-form
  "Prompt a user for their name, then remember it"
  [req]
  (if (empty? (get-in req [:session :name]))
    (html-response
     (slurp (io/resource "hello-form.html")))
    (ring-resp/redirect "/hello")))
and
(def routes
  (let [session-interceptor (middlewares/session {:store (cookie/cookie-store)})]
    (route/expand-routes
     [[["/" ^:interceptors [session-interceptor] {:get `intro-form}]
       ["/introduce" ^:interceptors [(body-params/body-params)
                                     middlewares/params
                                     middlewares/keyword-params
                                     session-interceptor]
        {:post `introduction}]
       ["/hello" ^:interceptors [session-interceptor]
        {:get `hello}]]])))
Now this has the desired effect. Such that once I've logged in... (so to speak) I can't go back to the login page. The problem is however that I can't create a new session even when I am opening new tabs/windows in chrome... I am sure I am missing something silly. Any help will be much appreciated!! How can I create different cookies for different tabs...?

souenzzo19:07:56

No, you can not create a cookie for each tab. it's a web/browser issue, not a server/pedestal issue. To make behaviors like this, you will end up doing a SPA or at least, some JS code

ChillPillzKillzBillz09:08:01

Apologies, I am not only new to clojure/script but also web development. So a complete noob!! How is this usually handled in real life...? Any pointers... would be much appreciated!! Thanks for the quick response too!!

souenzzo23:08:16

IMHO, its simply not handled. Why do you want to deliver different contents to different tabs?

ChillPillzKillzBillz09:08:30

its like setting up a session for each request... If a new tab is opened, then this is a unique request

ChillPillzKillzBillz09:08:27

So if somebody has used the first tab to login... say... when the same person opens the new tab... he should not be considered logged in.. right from the beginning...

ChillPillzKillzBillz09:08:59

or am I being pedantic... (which is quite possible ... 😁)

souenzzo12:08:54

so, if i click in "open in a new tab", i will need to login again?!

ChillPillzKillzBillz17:08:08

isn't that how it works?

ChillPillzKillzBillz17:08:21

like in banks websites...

ChillPillzKillzBillz17:08:51

My pedanticometer is telling me that I am dangerously close to being pedantic now...

souenzzo18:08:56

Well. Maybe in traditional banks do that. But if they can, they will add a metal detector in the login and close the agency (website) at 5PM too. I would not use tradicional banks as a reference of good website experience. I would say that most of the websites that require login in a new tab do that as a "side effect", not as a intended behavior. In the way where browsers work, they implement security, sessions, storages, etc.. You can say "well, I don't trust browser security". In these case, you can do a not-website (app or something like). But use a browser, skip its default behavior and reimplement your own security policies, IMHO, is the worst combination. PS.: I'm not feeling that you are pedantic 🙂

ChillPillzKillzBillz04:08:35

Thanks for that!! I'll do some research on some sites that I know to understand how this login behaviour actually works... maybe I've got it wrong in my head. I am not only new to clojure but also web development. So I keep getting surprised by the usual and sundry. Thanks again!!