This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2017-01-17
Channels
- # aws (2)
- # beginners (34)
- # boot (39)
- # cider (28)
- # cljs-dev (2)
- # cljsrn (30)
- # clojure (195)
- # clojure-austin (6)
- # clojure-dev (6)
- # clojure-dusseldorf (1)
- # clojure-france (1)
- # clojure-russia (139)
- # clojure-spec (25)
- # clojure-uk (66)
- # clojurescript (125)
- # community-development (1)
- # core-async (42)
- # cryogen (1)
- # cursive (22)
- # datascript (6)
- # datomic (67)
- # docker (1)
- # emacs (7)
- # events (1)
- # garden (3)
- # hoplon (15)
- # jobs (3)
- # lein-figwheel (10)
- # leiningen (3)
- # luminus (4)
- # mount (2)
- # nginx (1)
- # off-topic (101)
- # om (42)
- # om-next (6)
- # onyx (7)
- # proton (1)
- # protorepl (4)
- # re-frame (15)
- # reagent (30)
- # remote-jobs (1)
- # ring (8)
- # ring-swagger (17)
- # rum (1)
- # spacemacs (2)
- # sql (1)
- # yada (50)
hmm, what would be the easiest way to wrap the swagger-ui route in basic-auth middleware , but leave all my defined api routes alone
@d5p you should remove the :swagger
options from api
and use swagger-routes
instead. Does the same, but as it’s a separate ring handler, you can wrap anything around it. See https://github.com/metosin/compojure-api/wiki/Swagger-integration#swagger-routes
from https://github.com/metosin/compojure-api/wiki/Building-Documented-Apis#api-with-custom-options , am i reading it correctly that i could define a custom coercer in :coercion at the api level and all my resources would inherit?
yes. the coercion is injected into request at runtime as thus available to all child routes. can be set to context
s too. Here are the tests: https://github.com/metosin/compojure-api/blob/master/test/compojure/api/coercion_test.clj
1.2 will have a breaking change with the coercion, might be a cause to bump to version to 2.0. see https://github.com/metosin/compojure-api/pull/267
cool will be review , had only just noticed :coercion option at the higher level as had defined it individually on all my resources
I'm using different roles to enable some of the APIs endpoints, any recommendations in how to document that?
good question, there are many ways to do that. Swagger has nice authorization system built-in, tutorial on that in https://apihandyman.io/writing-openapi-swagger-specification-tutorial-part-6-defining-security/. So, you could write the swagger spec for those by hand. Or have multiple apis with separate swagger docs. Or just use tags. Or you could PR in something that writes the swagger-spec from buddy etc 😉
we have used mainly custom handlers like :roles
& :privileges
. Some use buddy, some fully custom. Those could emit swagger-auth info too...
@ikitommi perhaps you can point at what i’m doing wrong , in trying to apply basic auth just to my swagger routes but leave the rest alone, i’m doing this:
(defn apiroutes [{{db-spec :db-spec} :db}]
(api {:coercion (constantly (assoc mw/default-coercion-matchers :body default-coercer))}
(middleware [[wrap-basic-authentication authenticated?]]
(swagger-routes {:ui "/api-docs"
:spec "/swagger.json"}))
(context "/blah/" [] (blah-resource db-spec))))