Fork me on GitHub
#yada
<
2019-05-28
>
conan13:05:57

how would i use ring middleware with a yada resource?

conan13:05:42

i can't work out how to get a ring handler

conan13:05:18

the manual (https://juxt.pro/yada/manual/index.html#_resources_as_ring_handlers) says I can use yada/handler to get a ring handler, but it returns me a yada.handler.Handler rather than a function which takes the request and returns the response

malcolmsparks14:05:21

Actually you can treat that record as a fn since it satisfies IFn.

malcolmsparks14:05:05

But, yada handlers are not Ring handlers as they return async values since yada is async

dominicm14:05:11

They are aleph handlers I suppose?

dominicm14:05:44

I've never had ring middleware that I needed with yada, @conan what's the use-case?

conan14:05:58

i want to redirect users off-site to perform auth

dominicm14:05:58

In yada you would solve that differently. You would attach a 401 handler to your resources using either a custom resource function or a postwalk over your resources.

conan14:05:10

ideally i'd wrap collections of routes in some middleware, but my understanding is that yada prefers this to be pushed down into the handlers, so i'm trying to wrap my handlers in something that will bypass the handler function and return a 307 in certain circumstances

conan14:05:41

i don't want to return 401 in these instances, the aim is to redirect the user

malcolmsparks14:05:50

Yes, push down to each handler. The idea is that web resources are testable independent of routing

dominicm14:05:13

Correct. A 401 handler is run when a 401 has been produced. You get the option to produce a new result.

conan14:05:42

right but i don't want to produce 401 here

conan14:05:25

that'll come later. after completing authentication, we'll issue the user with a cookie that will provide them access to our API resources; in the case that this cookie is not valid for some reason, we'll return a 401. there's no point doing that when they don't have a cookie; it would be possible to serve the client-side SPA and have it handle the 401, but that would make everything painfully slow

conan14:05:18

the most common path will be no-cookie > auth > cookie > API, and that's what i'm aiming to optimise for

dominicm14:05:27

The lack of cookie will trigger a 401 from your authenticator.

conan14:05:49

yeah i can set up the yada-security/verify function to do that, but I don't want to send a 401 when there's no cookie - in fact, I don't even want to do any routing when there's no cookie. if you don't have a cookie, you're on the wrong site

conan14:05:33

is there a way to intercept the request? perhaps that's a bidi question rather than a yada one?

malcolmsparks14:05:17

Yes, you can add an interceptor. You should intercept resources not routing.

conan14:05:08

OK, so I think i'm on the right track, i'm writing a function to wrap a resource, but what i don't know is how i can turn a yada resource into something i can use with ring middelware - if i wrap any resource in middleware it seems to give no response

conan14:05:27

(that includes wrapping the resource in yada/handler first)

malcolmsparks14:05:59

Have you tried deref on the response? You'd need to wrap the handler in a wrapper that would deref the response. But that would break the async model so there are performance tradeoffs

conan14:05:56

is there a way to bypass that?

conan14:05:10

i don't need to create futures and things, they will never be used in this scenario

conan14:05:20

there won't be a performance tradeoff here as we don't need to do anything except send a redirect, i don't think that can be made any faster

dominicm14:05:28

Fwiw, I'm not recommending you produce a 401 to the end user, I'm saying that yada let's you override the behaviour of the 401 and convert it to a 301

conan14:05:14

oh you mean change the 401 response after it's been produced?

conan14:05:44

that seems a bit hacky, is there a recommended approach to changing the response?

dominicm14:05:49

The yada author does it in his software 😛 , not hacky afaik

conan14:05:22

ok i'll give it a shot, thanks

dominicm15:05:40

That rewrite behaviour is in the manual, one sec

malcolmsparks15:05:55

Status responses