ZeusWPI
/
cat
5
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

add auth rules, only basic admin for now

This commit is contained in:
flynn 2019-06-09 00:53:42 +02:00
parent 8a471893f5
commit f220856e39
1 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/clj/cat/middleware.clj
View File

@ -18,7 +18,6 @@
[buddy.auth.backends.session :refer [session-backend]]) [buddy.auth.backends.session :refer [session-backend]])
(:import)) (:import))
(defn wrap-internal-error [handler] (defn wrap-internal-error [handler]
(fn [req] (fn [req]
(try (try
@ -31,12 +30,11 @@
(defn wrap-csrf [handler] (defn wrap-csrf [handler]
(wrap-anti-forgery (wrap-anti-forgery
handler handler
{:error-response {:error-response
(error-page (error-page
{:status 403 {:status 403
:title "Invalid anti-forgery token"})})) :title "Invalid anti-forgery token"})}))
(defn wrap-formats [handler] (defn wrap-formats [handler]
(let [wrapped (-> handler wrap-params (wrap-format formats/instance))] (let [wrapped (-> handler wrap-params (wrap-format formats/instance))]
@ -45,10 +43,24 @@
;; since they're not compatible with this middleware ;; since they're not compatible with this middleware
((if (:websocket? request) handler wrapped) request)))) ((if (:websocket? request) handler wrapped) request))))
;; Authentication
(defn admin-access [req]
(contains? (get-in req [:session :user :roles]) :admin))
(def rules [{:pattern #"^/admin/.*"
:handler admin-access}
; TODO add other auth schemes
;{:pattern [#"^/$" #"^/oauth/.*"]
; :handler any-access}
;{:pattern #"^/.*"
; :handler user-access}
])
(defn on-error [request response] (defn on-error [request response]
(error-page (error-page
{:status 403 {:status 403
:title (str "Access to " (:uri request) " is not authorized")})) :title (str "Access to " (:uri request) " is not authorised")}))
(defn wrap-restricted [handler] (defn wrap-restricted [handler]
(restrict handler {:handler authenticated? (restrict handler {:handler authenticated?
@ -63,11 +75,13 @@
(defn wrap-base [handler] (defn wrap-base [handler]
(-> ((:middleware defaults) handler) (-> ((:middleware defaults) handler)
wrap-auth wrap-auth
(wrap-access-rules {:rules rules
:on-error on-error})
wrap-webjars wrap-webjars
wrap-flash wrap-flash
(wrap-session {:cookie-attrs {:http-only true}}) (wrap-session {:cookie-attrs {:http-only true}})
(wrap-defaults (wrap-defaults
(-> site-defaults (-> site-defaults
(assoc-in [:security :anti-forgery] false) (assoc-in [:security :anti-forgery] false)
(dissoc :session))) (dissoc :session)))
wrap-internal-error)) wrap-internal-error))