This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-05-28
Channels
- # announcements (11)
- # aws (30)
- # beginners (98)
- # calva (11)
- # cider (42)
- # clj-kondo (4)
- # cljdoc (1)
- # cljsrn (5)
- # clojure (132)
- # clojure-europe (4)
- # clojure-ireland (1)
- # clojure-italy (35)
- # clojure-japan (2)
- # clojure-nl (5)
- # clojure-spec (5)
- # clojure-uk (24)
- # clojurescript (71)
- # clojutre (1)
- # core-async (6)
- # cursive (9)
- # data-science (4)
- # datascript (3)
- # datomic (78)
- # duct (16)
- # emacs (14)
- # events (2)
- # fulcro (141)
- # graalvm (5)
- # hoplon (14)
- # hyperfiddle (2)
- # jobs-discuss (14)
- # joker (8)
- # luminus (2)
- # off-topic (7)
- # om (1)
- # pathom (4)
- # pedestal (7)
- # planck (2)
- # quil (1)
- # re-frame (14)
- # reagent (2)
- # reitit (14)
- # robots (1)
- # shadow-cljs (20)
- # spacemacs (25)
- # specter (1)
- # sql (122)
- # tools-deps (63)
- # unrepl (2)
- # yada (34)
the manual (https://juxt.pro/yada/manual/index.html#_resources_as_ring_handlers) says I can use yada/handler
to get a ring handler, but it returns me a yada.handler.Handler
rather than a function which takes the request and returns the response
Actually you can treat that record as a fn since it satisfies IFn.
But, yada handlers are not Ring handlers as they return async values since yada is async
In yada you would solve that differently. You would attach a 401 handler to your resources using either a custom resource function or a postwalk over your resources.
ideally i'd wrap collections of routes in some middleware, but my understanding is that yada prefers this to be pushed down into the handlers, so i'm trying to wrap my handlers in something that will bypass the handler function and return a 307 in certain circumstances
Yes, push down to each handler. The idea is that web resources are testable independent of routing
Correct. A 401 handler is run when a 401 has been produced. You get the option to produce a new result.
that'll come later. after completing authentication, we'll issue the user with a cookie that will provide them access to our API resources; in the case that this cookie is not valid for some reason, we'll return a 401. there's no point doing that when they don't have a cookie; it would be possible to serve the client-side SPA and have it handle the 401, but that would make everything painfully slow
the most common path will be no-cookie > auth > cookie > API, and that's what i'm aiming to optimise for
yeah i can set up the yada-security/verify
function to do that, but I don't want to send a 401 when there's no cookie - in fact, I don't even want to do any routing when there's no cookie. if you don't have a cookie, you're on the wrong site
is there a way to intercept the request? perhaps that's a bidi question rather than a yada one?
Yes, you can add an interceptor. You should intercept resources not routing.
OK, so I think i'm on the right track, i'm writing a function to wrap a resource, but what i don't know is how i can turn a yada resource into something i can use with ring middelware - if i wrap any resource in middleware it seems to give no response
Have you tried deref on the response? You'd need to wrap the handler in a wrapper that would deref the response. But that would break the async model so there are performance tradeoffs
there won't be a performance tradeoff here as we don't need to do anything except send a redirect, i don't think that can be made any faster
Fwiw, I'm not recommending you produce a 401 to the end user, I'm saying that yada let's you override the behaviour of the 401 and convert it to a 301
Status responses