Fork me on GitHub
#ring-swagger
<
2016-09-22
>
sickill12:09:25

I just introduced compojure-api to a project where I already used compojure, it's super awesome! I'm wondering about one thing though: as wrap-routes is not included in compojure-api (and compojure's one doesn't produce docs), what's the suggested way of wrapping a set of routes with authentication middleware so it can still match routes defined after it?

sickill12:09:56

I know about :middleware attr in GET/POST/... macros, but that would be a lot of repetition, and context doesn't help me here too

ikitommi13:09:01

Hmm... why context doesn't work? You don't have a subpath for the routes?

ikitommi13:09:46

there is the middleware route, but it applies in in-place.

sickill13:09:43

I have the following routes:

/foo
/bar
/baz
/qux
/quux

sickill13:09:19

I want to apply auth middleware to /bar, qux and quux only

sickill13:09:33

so there's no common prefix for the ones I want to wrap

sickill13:09:46

and I have ~30 of these

sickill13:09:10

I made it working by wrapping them in context "" [] :middleware [...] and placing this context at the end of route definitions

sickill13:09:57

which is okay-ish, but if I really wanted to add another non-wrapped route after it then it wouldn't be reachable because middleware would handle the req and return 401

sickill13:09:00

I guess that's the use case behind compojure's wrap-routes

sickill13:09:07

to be clear I don't have foo, bar literally 🙂 but I just don't have common subpath

sickill13:09:27

I tried middleware but as you said, it's "greedy"

ikitommi13:09:30

I would use the endpoint :middleware. Bit more to type but works. We usually have had separate contexts for routes with different auth-requirements. wrap-routes could be wrapped too, but is not currentky.

ikitommi13:09:03

Could you write an issue of it, with a code sample &/ use case?

sickill13:09:37

sure, will do

ikitommi13:09:06

glad to help

juhoteperi13:09:53

@sickill context "" doesn't work as you assume

juhoteperi13:09:22

(routes (context "" [] :middleware [foo] ...) (GET "/bar" req ...)) foo middleware would be run for /bar request

juhoteperi13:09:45

because all requests will match that context and middleware will be run for any request that matches the context

sickill13:09:59

yeah, that's why I had to move this context to the very end

juhoteperi14:09:25

yep, that should work, it just is quite error prone

sickill14:09:26

which shows it's not the best way to go

juhoteperi14:09:45

hmm wrap-routes works?

sickill14:09:56

yeah, but it doesn't generate swagger docs

juhoteperi14:09:27

should be fixable, we already do similar hack to enable :middleware for single routes

juhoteperi14:09:40

(check the route match before running middleware)

sickill14:09:04

yeah, I think that's exactly what wrap-routes does under the hood

sickill14:09:02

(btw, excellent work guys, thanks for compojure-api, swagger and other great stuff you released /cc ikitommi deraen )

juhoteperi14:09:48

Hmm, I'm trying to remember how single route :middleware works currently

juhoteperi14:09:53

we use wrap-routes 😄

sickill14:09:32

is there a way to enable basic auth for API requests in swagger-ui? I'm talking about securityDefinitions key in compojure-api's {:swagger ...} metadata

sickill14:09:26

I saw people adding some js/jquery code to index.html, but I'm just using it via compojure-api so don't have direct access to html file

juhoteperi14:09:11

hmm, we are probably missing example about setting securityDefitions..

sickill14:09:48

oh, awesome, yeah, I was looking at swagger-ui repo README and other places

juhoteperi14:09:03

but you can set it under :swagger :data beside :info and tags

sickill14:09:32

works great, thanks

sickill14:09:29

will do right now

sickill14:09:20

ouch, is there a way to tell UI to not require username for :type "basic"? I use basic auth to send API token in password field, leaving username empty... 😉

sickill14:09:19

nevermind, I can actually type anything as the username in my API and it gets ignored, so this works fine

juhoteperi14:09:33

I wonder if we should use similar middleware parameter format like our middleware macro

sickill14:09:36

that was fast

juhoteperi14:09:23

also... why is our middleware macro instead of just function

sickill14:09:06

list of middleware (as in your middleware) is more convenient/easier to use/understand than how wrap-routes does it (where you need to explicitly compose middleware by yourself)

sickill14:09:37

but then, if it accepted different args than compojure's wrap-routes it would be confusing for people

juhoteperi14:09:25

we could also use wrap-routes for our middleware but that would be a breaking change

juhoteperi14:09:14

or we could provide wrap-middleware instead of wrap-routes which uses same kind of parameters as middleware

abarylko22:09:49

I’m using compojure-api and I want to avoid the schema validation because my host doesn’t have access to internet

abarylko22:09:25

So far I found :options {:ui {:validatorUrl nil}} to do that, can somebody please confirm?