reitit

Eugen 2025-02-11T09:53:35.256629Z

hi, any example on how to integrate wrap-oauth2 with reitit router and defaults middleware ? I'm trying to setup the boilerplate to use when building web-apps with reitit. I'm also currently using https://github.com/ferdinand-beyer/reitit-ring-defaults - but might drop them. I've figured out that I need to use wrap-oauth2 outside the router since it dynamically registers "routes" . But I can't use it with the defaults - unless I change them.

valerauko 2025-02-11T14:59:00.306379Z

Maybe merge it with your other routers using reitit.ring/routes? Something like

(ring/ring-handler
 normal-routes
 (ring/routes
  oauth-2-wrapped-thing
  default-handler))

weavejester 2025-02-11T15:27:27.499149Z

You can just wrap your Ring handler in the middleware directly.

(def handler
  (-> (ring/ring-handler your-routes)
      (wrap-oauth2 oauth-options)))

Eugen 2025-02-11T21:50:46.737159Z

I tried both approaches but none work since I am missing session and params parsing

Eugen 2025-02-11T21:52:30.154839Z

I think I am beggining to understand how things work. I should be able to add the exact middleware and use the same session store - hopefully it does not blow in my face

Eugen 2025-02-11T21:53:24.645199Z

too bad there are no examples on how to handle this in reitit - Clojure does need to catch up a bit on this front

Eugen 2025-02-11T22:24:06.796959Z

I made progress. I have auth working. Thanks. I'm using declarative middleware for routes and wrap-defaults for oauth2. I am sharing the session store - memory store in this case.

(ring/ring-handler
     (ring/router (routes) router-opts)
     (ring/routes
      (ring/create-resource-handler {:path "public"})
      (ring/create-resource-handler {:path "swagger-ui"})
      (ring/create-file-handler {:root download-dir :path "/data"})
      (ring/create-file-handler {:path "/"})
      (-> (ring/create-default-handler)
          (wrap-oauth2 auth-profiles)
          (wrap-defaults my-site-defaults)))
     {:middleware ring-handler-middleware})

weavejester 2025-02-11T22:25:52.654469Z

You could also just use wrap-params and wrap-session instead of wrap-defaults, since you don't need any of the other middleware that wrap-defaults adds.

Eugen 2025-02-11T22:27:02.522679Z

thanks, that is my plan - I just did not know if I needed any more middleware

weavejester 2025-02-11T22:28:06.384729Z

I'm also surprised that just adding wrap-oauth2 to the :middleware key doesn't work. My understanding from the Reitit docs is that it wraps the handler.

weavejester 2025-02-11T22:29:33.664379Z

"Top-level middleware, applied before any routing is done" the docs say, so adding wrap-oauth2 , along with the session and params middleware, to the top-level :middleware key, should also work.

Eugen 2025-02-11T22:37:27.462149Z

I think it should - if I will add the params and session

Eugen 2025-02-11T22:43:49.044289Z

it does work:

ring-handler-middleware [wrap-webjars
                                 wrap-app-config
                                 [wrap-session (:session my-site-defaults false)]
                                 [wrap-params (get-in my-site-defaults [:params :urlencoded] false)]
                                 [wrap-oauth2 auth-profiles]]
(ring/ring-handler
     (ring/router (routes) router-opts)
     (ring/routes
      (ring/create-resource-handler {:path "public"})
      (ring/create-resource-handler {:path "swagger-ui"})
      (ring/create-file-handler {:root download-dir :path "/data"})
      (ring/create-file-handler {:path "/"})
      (ring/create-default-handler))
     {:middleware ring-handler-middleware})

Eugen 2025-02-11T22:43:59.145849Z

thank you very much

Eugen 2025-02-11T22:44:23.716579Z

I'll check out the token refresh PR now since I have 5 minute tokens and I need to refresh them 🙂