Fork me on GitHub
#yada
<
2016-08-19
>
vinnyataide00:08:32

hello it's me again, I'm hoping now to achieve a good workflow for my yada server that doesnt need to make me close and open my server every time I make a change in the server code, the #beginners channel showed me that there's a lein-ring plugin to work with it but IDK how to integrate that, I'm working through a listener in my app that handle the routing, thanks!

kurt-yagram07:08:41

I'm trying to get yada/swagger-UI/JWT to work for authentication (and authorization). So, I was about to implement a verify-method:

(defmethod verify ::jwt 
  [ctx]
  (let [auth (get-in ctx [:request :headers "autorization"])]
  ...))
I thought, if I supplied an api_key to swagger ui, that would be added as an Authorization-header, but it is added as query parameter/query-string instead. Can I make swagger UI to add an Authorization header? (The header would be something like: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ)

malcolmsparks08:08:42

@vinnyataide hello! as you're a beginner I hope you don't mind me throwing you some pointers steeped in Clojure history: As Lisp devs we've always been trying to perfect the rapid feedback workflow, but it had some annoyances until Stuart Sierra wrote up http://thinkrelevance.com/blog/2013/06/04/clojure-workflow-reloaded and introduced the clojure.core/tools.namespace library which pretty much solved the code reloading problem - various approaches have been added to that foundation to add in the stop/start of services - the idea being it's good to stop all your services before you do a code reload, and then start them up again - that also solves the problem of manually having to worry about which services to start/stop

malcolmsparks08:08:16

The most popular approach is Stuart's own 'component' library, that's the approach we use in Edge. Some people use an approach called 'mount' but I haven't had much experience with it. You can find a good discussion of the differences ::https://www.reddit.com/r/Clojure/comments/41p73n/contrasting_component_and_mount/

malcolmsparks08:08:53

lein-ring on its own lets you start up a (jetty) web server, but without lein-reloaded it forces you to have to wait for the JVM/Clojure system to start each time, which takes ages - there's some ring middleware that will reload based on file changes, but fully consistent reload is only possible with tools.namespace, for technical reasons. James Reeves (@weavejester) has adopted component in his recent Duct project.

malcolmsparks08:08:12

Plus, note that jetty and yada are incompatible right now due to sync/async mismatch

malcolmsparks08:08:08

So this is why we've gone to the trouble of providing Edge - https://juxt.pro/blog/posts/edge.html - because it's not easy getting all this stuff set up (when you do, it makes for a great development experience, both on the server-side and the front-end)

malcolmsparks08:08:40

Unless you're an expert, I'd really recommend going the Edge route and not worrying too much about how it works

malcolmsparks08:08:58

@kurt-yagram I think swagger-ui options allow you to choose between query param (the default) and an Authorization header. The verify function takes a yada request context, nothing to stop you grabbing a query parameter (they will already have been parsed/coerced at this stage), and setting something in the request context if its valid. In yada, authentication doesn't have to involve the Authorization header, it's rather more flexible than that. Bear in mind, that failed authentication doesn't stop the interceptor chain, because sometimes you want to carry on providing some information to an anonymous user. If you want the user to be forbidden, you need to implement an authorization step, or indeed check for this in your method implementation (perhaps returning a 403/404)

kurt-yagram08:08:35

@malcolmsparks yeah, I can take the authentication from the query parameter, but I rather have it in the Authorization-header. So, if I understand well, I should change swagger-ui, and that's not possible form within yada. Meaning: I download/clone swagger-ui, add it to my project, change the sources/config of swagger-ui and make a route to swagger-ui from within my app?

vinnyataide08:08:00

@malcolmsparks holy smokes! that's what I'd call a complete answer! I'll try both, the read is long in the posts but is really easy and fun to do, if I don't understand something I'll go the edge way, so far so good!

malcolmsparks08:08:33

@kurt-yagram - yes, there's a built-in swagger-ui dependency in yada, the phonebook swagger in the yada repo demonstrates how to provide your own HTML page for the swagger-ui: dev/resources/swagger/phonebook-swagger.html which sets up and configures the swagger-ui manually - you need to go that route if you want more control over your swagger ui

kurt-yagram08:08:02

allright... another question: swagger describes securityDefinitions (http://swagger.io/specification/#securityDefinitionsObject). In my application, I have an access-control (which more or less maps to 'securityDefinitions'?), but in the generated json, there are no securityDefinitions set. (This may make using swagger-ui 2.1.5 and higher easier.) Should securityDefinitions be set in swagger.json generated by yada?

kurt-yagram08:08:43

oh... I don't need to clone swagger-ui, just supply another html-file. Nice, will try.

vinnyataide08:08:45

yeah, I'm really sold by the component idea, gonna try it now

imre15:08:11

does anyone have experience with yada redirects?

imre15:08:23

looking to redirect a route like ["foo/" :id "/bar"] to ["baz/" :yo "/qux"] transferring the value of id to yo

malcolmsparks15:08:06

Give your resources an id then yada/redirect

malcolmsparks15:08:13

Is that what you mean?

imre15:08:47

yes - what I haven't found out is how to parameterize yada/redirect

imre15:08:07

(redirect ::id-of-baz-quux mapping-id-to-yo)

malcolmsparks15:08:21

(yada/redirect :foo {...})

imre15:08:05

{...} is what I'm looking for 🙂

imre15:08:11

haven't found examples

dominicm15:08:28

It takes a bidi vhosts route thing iirc.

dominicm15:08:34

e.g. You can give {:query-params {:q "blahblah"}}

imre15:08:53

that's a tad bit closer

dominicm15:08:25

I think it's :route-params but I would swear to it

imre15:08:45

but can I say somehow "send as :yo what I receive as :id" in a nice condensed way

dominicm15:08:46

ah, probably not, yet

dominicm15:08:51

I can see that as a useful abstraction!

imre15:08:12

["/" [[[["foo/" :id "/bar"] (redirect :bazqux {:yo :id})]
       [["baz/" :yo "/qux"] :bazqux]]]]

imre15:08:16

something like this

imre15:08:26

map my id to the target route's yo

dominicm15:08:13

The code for that should be pretty concise.

(fn [ctx]
     (ring.util.response/redirect
        (yada/uri-for ArgA {:route-params (rename-keys (:route-params ctx) ArgB)})))
A resourced scope with that as the handler?

dominicm15:08:47

with ArgA = :bazqux and ArgB = {:yo :id}

malcolmsparks15:08:13

Yes it's :route-params. Sorry this all needs docs

imre15:08:09

thanks guys, this should help

bhagany19:08:35

looks like yada doesn't compile under the latest clojure alpha due to new specs on core fns and macros… I'm investigating this now and will send a pull request if it's something within my ken

bhagany19:08:41

hrm, on second thought, this may be due to aleph

bhagany19:08:53

confirmed it's aleph, and it's already fixed in the repo, but there's no release yet since that change. Looks like I'll have to hold off on the new hotness for a bit 🙂

bhagany20:08:29

well, I take it back, there is a small problem with yada and alpha11

bhagany20:08:33

So for anyone encountering troubles after me: there are spec problems under clojure 1.9.0-alpha11 for the currently released versions of aleph, ring-swagger, and yada. I found aleph already fixed but unreleased, and submitted pull requests to ring-swagger and yada.

malcolmsparks20:08:10

Thanks. Will review soon @bhagany

bhagany20:08:37

heh, I really just added a colon 🙂

bhagany20:08:43

perhaps the easiest code review ever

vinnyataide21:08:05

Hello, When I see the code in https://github.com/juxt/edge/blob/master/src/edge/web_server.clj the line 105 says

(map->WebServer {})
I wanna know where that's comming from

bhagany22:08:18

@vinnyataide: that's built into Clojure. WebServer is a record, and when a record is created, Clojure automatically creates the map->RecordName function for, appropriately enough, turning maps into that kind of record. Doc here: http://clojure.org/reference/datatypes