add auth middleware with :identity key for admin access

This commit is contained in:
flynn 2019-01-14 03:24:16 +01:00
parent 661435beb4
commit f636248dc2
4 changed files with 42 additions and 12 deletions

View file

@ -63,15 +63,24 @@
<div class="navbar-end"> <div class="navbar-end">
<div class="navbar-item"> <div class="navbar-item">
<div class="buttons"> <div class="buttons">
{% if user.admin %}
{% if user.admin.enabled %}
<a class="button is-light" href="/admin/disable">
<strong>Disable admin</strong>
</a>
{% else %}
<a class="button is-light" href="/admin/enable">
<strong>Enable admin</strong>
</a>
{%endif%}
{% endif %}
{% if user %} {% if user %}
<a class="button is-light" href="/logout"> <a class="button is-light" href="/logout">
<strong>Logout</strong> <strong>Logout</strong>
</a> </a>
{% else %} {% else %}
<a class="button is-info"> <a class="button is-info" href="/oauth/oauth-init">
<strong>Sign up</strong>
</a>
<a class="button is-light" href="/oauth/oauth-init">
Log in Log in
</a> </a>
{% endif %} {% endif %}
@ -81,10 +90,13 @@
</div> </div>
</nav> </nav>
<section class="section"> <section class="section">
<div class="container">
<div id="view"> <div id="view">
<div style="width: 400px; height: 300px"></div> <div style="width: 400px; height: 300px"></div>
</div> </div>
</div>
</section> </section>
{% if user.admin.enabled %}
<section class="section"> <section class="section">
<div class="columns"> <div class="columns">
<div class="column"> <div class="column">
@ -186,6 +198,7 @@
</div> </div>
</div> </div>
</section> </section>
{% endif %}
<section class="section"> <section class="section">
<div id="app"> <div id="app">
<div class="container"> <div class="container">

View file

@ -2,7 +2,7 @@
(:require [cat.middleware :as middleware] (:require [cat.middleware :as middleware]
[cat.layout :refer [error-page]] [cat.layout :refer [error-page]]
[cat.routes.home :refer [home-routes]] [cat.routes.home :refer [home-routes]]
[cat.routes.oauth :refer [oauth-routes]] [cat.routes.oauth :refer [oauth-routes admin-routes]]
[compojure.core :refer [routes wrap-routes]] [compojure.core :refer [routes wrap-routes]]
[ring.util.http-response :as response] [ring.util.http-response :as response]
[compojure.route :as route] [compojure.route :as route]
@ -21,6 +21,8 @@
(wrap-routes middleware/wrap-csrf) (wrap-routes middleware/wrap-csrf)
(wrap-routes middleware/wrap-formats)) (wrap-routes middleware/wrap-formats))
#'oauth-routes #'oauth-routes
(-> #'admin-routes
(wrap-routes middleware/wrap-restricted))
(route/not-found (route/not-found
(:body (:body
(error-page {:status 404 (error-page {:status 404

View file

@ -13,7 +13,7 @@
[immutant.web.middleware :refer [wrap-session]] [immutant.web.middleware :refer [wrap-session]]
[ring.middleware.defaults :refer [site-defaults wrap-defaults]] [ring.middleware.defaults :refer [site-defaults wrap-defaults]]
[buddy.auth.middleware :refer [wrap-authentication wrap-authorization]] [buddy.auth.middleware :refer [wrap-authentication wrap-authorization]]
[buddy.auth.accessrules :refer [restrict]] [buddy.auth.accessrules :refer [restrict wrap-access-rules]]
[buddy.auth :refer [authenticated?]] [buddy.auth :refer [authenticated?]]
[buddy.auth.backends.session :refer [session-backend]]) [buddy.auth.backends.session :refer [session-backend]])
(:import)) (:import))

View file

@ -6,9 +6,18 @@
[clojure.tools.logging :as log] [clojure.tools.logging :as log]
[cat.moauth :as mo])) [cat.moauth :as mo]))
(def admins #{117 ;flynn
})
(defn set-user! [user session redirect-url] (defn set-user! [user session redirect-url]
(let [new-session (-> session
(assoc :user user)
(cond-> (contains? admins (:id user))
(->
(assoc-in [:user :admin] {:enabled false})
(assoc :identity "foo"))))]
(-> (found redirect-url) (-> (found redirect-url)
(assoc :session (assoc session :user user)))) (assoc :session new-session))))
(defn remove-user! [session redirect-url] (defn remove-user! [session redirect-url]
(-> (found redirect-url) (-> (found redirect-url)
@ -16,7 +25,7 @@
(defn clear-session! [redirect-url] (defn clear-session! [redirect-url]
(-> (found redirect-url) (-> (found redirect-url)
(dissoc :session))) (assoc :session nil)))
(defn oauth-init (defn oauth-init
"Initiates the Twitter OAuth" "Initiates the Twitter OAuth"
@ -48,4 +57,10 @@
(defroutes oauth-routes (defroutes oauth-routes
(GET "/oauth/oauth-init" req (oauth-init req)) (GET "/oauth/oauth-init" req (oauth-init req))
(GET "/oauth/oauth-callback" [& req_token :as req] (oauth-callback req_token req)) (GET "/oauth/oauth-callback" [& req_token :as req] (oauth-callback req_token req))
(GET "/logout" req (remove-user! (:session req) "/"))) (GET "/logout" req (clear-session! "/")))
(defroutes admin-routes
(GET "/admin/enable" req (-> (found "/")
(assoc :session (assoc-in (:session req) [:user :admin :enabled] true))))
(GET "/admin/disable" req (-> (found "/")
(assoc :session (assoc-in (:session req) [:user :admin :enabled] false)))))