add auth rules, only basic admin for now

2019-06-09 00:53:42 +02:00 · 2019-06-09 00:53:42 +02:00 · f220856e39
commit f220856e39
parent 8a471893f5
1 changed files with 26 additions and 12 deletions
--- a/src/clj/cat/middleware.clj
+++ b/src/clj/cat/middleware.clj
@ -18,7 +18,6 @@
            [buddy.auth.backends.session :refer [session-backend]])
  (:import))

-
 (defn wrap-internal-error [handler]
  (fn [req]
    (try
@ -37,7 +36,6 @@
     {:status 403
      :title  "Invalid anti-forgery token"})}))

-
 (defn wrap-formats [handler]
  (let [wrapped (-> handler wrap-params (wrap-format formats/instance))]
    (fn [request]
@ -45,10 +43,24 @@
      ;; since they're not compatible with this middleware
      ((if (:websocket? request) handler wrapped) request))))

+;; Authentication
+
+(defn admin-access [req]
+  (contains? (get-in req [:session :user :roles]) :admin))
+
+(def rules [{:pattern #"^/admin/.*"
+             :handler admin-access}
+            ; TODO add other auth schemes
+            ;{:pattern [#"^/$" #"^/oauth/.*"]
+            ; :handler any-access}
+            ;{:pattern #"^/.*"
+            ; :handler user-access}
+            ])
+
 (defn on-error [request response]
  (error-page
   {:status 403
-     :title  (str "Access to " (:uri request) " is not authorized")}))
+    :title  (str "Access to " (:uri request) " is not authorised")}))

 (defn wrap-restricted [handler]
  (restrict handler {:handler  authenticated?
@ -63,6 +75,8 @@
 (defn wrap-base [handler]
  (-> ((:middleware defaults) handler)
      wrap-auth
+      (wrap-access-rules {:rules rules
+                          :on-error on-error})
      wrap-webjars
      wrap-flash
      (wrap-session {:cookie-attrs {:http-only true}})