Fork me on GitHub
#yada
<
2017-01-12
>
naartjie10:01:09

I've just been asked by a security team to remove Swagger from our API. I'm not quite sure what to replace yada/swaggered by, in the snippet below:

bidi/RouteProvider
(routes [_]
  ["" [[base-url (yada/swaggered
                          (:routes api)
                          {:info     {:title       "API"
                                      :version     "1.0"
                                      :description "SWARM Implementation"}
                          :basePath base-url})]]])
I have tried a couple of options, like yada/handler and yada/resource but my understanding of yada is still very limited, so I don't know what I'm doing. Any pointers?

naartjie10:01:44

Also tried yada/routes

mccraigmccraig12:01:15

@naartjie have you tried removing the yada/swaggered form entirely, leaving just the routes it wraps (:routes api)

mccraigmccraig12:01:31

but why would your security people want you to remove swagger @naartjie ? all it does is call your api - the only additional security you get from removing swagger is security through obscurity, and that is certainly crappy security

naartjie12:01:42

@mccraigmccraig yup, i've tried this way:

["" [[base-url (:routes api)]]]
returns 500 with :`java.lang.IllegalArgumentException: No implementation of method: :match-pattern of protocol: #'bidi.bidi/Pattern found for class: nil`

mccraigmccraig12:01:02

@naartjie that's basically what you want to do - have a look at the structure of (:routes app) and make it conform to what bidi needs... i often have trouble with bidi syntax fwiw

naartjie12:01:28

> only additional security you get from removing swagger is security through obscurity, and that is certainly crappy security @mccraigmccraig totally agree with you. I've been asked to remove it, and I don't want to fight it, it's not worth my wasted time.

malcolmsparks12:01:35

@naartjie you can remove the swaggered wrapping. See the yada docs at https://juxt.pro/yada and apply the swaggered instructions in reverse

naartjie12:01:21

@mccraigmccraig you were right, something is wrong with my routes, if I do ["/" (yada/yada "Hello, World")] it works. Weird that it was working with swagger.

malcolmsparks12:01:33

If you ever need to 'convert' routes to a single route, wrap in ["" routes ]

malcolmsparks12:01:22

Not the best design

mccraigmccraig12:01:22

@malcolmsparks yeah, it's fine once i go and read the docs... but then i only make incremental changes for a while and when i next have to make more substantial changes i've forgotten everything again

naartjie12:01:51

thanks @malcolmsparks, what tripped me up was ["" routes] not working, but I should have tried the most basic case first

naartjie12:01:10

@malcolmsparks could you expand a bit, how do you mean convert to a single route? i.e. if routes is something like [["/" index] ["/api" api]] then wrapping it in ["" routes]? I'm just a bit confused as to what that would give you.

danielgrosse13:01:38

In the response of a multi-param, the :bytes param contains "#object[[B 0x5f7d0ec4 [[email protected]]" which is created with (byte-streams/convert coll (class (byte-array 0))). How can I access the data in it, and how could I save this to disk?

zamaterian13:01:31

you could do (spit “data” (into [] (byte-array 10) ))

danielgrosse13:01:27

@zamaterian no this didn't work. It saves [12 123 314 ...] to the file.

malcolmsparks13:01:39

@naartjie yes, [["/" index] ["/api" api]] isn't a valid bidi route - but ["" [["/" index] ["/api" api]]] is

naartjie14:01:24

I got it to work eventually, it was a problem with my route structure.

lmergen16:01:12

@naartjie take a look at bidi verbose -- i find it a more pleasant interface to my route structures

naartjie17:01:40

How would I use it? Is it a package?

lmergen17:01:24

No it's part of the core package, the bidi.verbose namespace

lmergen17:01:02

Not many people know about it, actually -- and I hear many people find bidi's terse syntax difficult to deal with.