add auth middleware with :identity key for admin access

This commit is contained in:
flynn 2019-01-14 03:24:16 +01:00
parent 661435beb4
commit f636248dc2
4 changed files with 42 additions and 12 deletions

View file

@ -63,15 +63,24 @@
<div class="navbar-end">
<div class="navbar-item">
<div class="buttons">
{% if user.admin %}
{% if user.admin.enabled %}
<a class="button is-light" href="/admin/disable">
<strong>Disable admin</strong>
</a>
{% else %}
<a class="button is-light" href="/admin/enable">
<strong>Enable admin</strong>
</a>
{%endif%}
{% endif %}
{% if user %}
<a class="button is-light" href="/logout">
<strong>Logout</strong>
</a>
{% else %}
<a class="button is-info">
<strong>Sign up</strong>
</a>
<a class="button is-light" href="/oauth/oauth-init">
<a class="button is-info" href="/oauth/oauth-init">
Log in
</a>
{% endif %}
@ -81,10 +90,13 @@
</div>
</nav>
<section class="section">
<div class="container">
<div id="view">
<div style="width: 400px; height: 300px"></div>
</div>
</div>
</section>
{% if user.admin.enabled %}
<section class="section">
<div class="columns">
<div class="column">
@ -186,6 +198,7 @@
</div>
</div>
</section>
{% endif %}
<section class="section">
<div id="app">
<div class="container">

View file

@ -2,7 +2,7 @@
(:require [cat.middleware :as middleware]
[cat.layout :refer [error-page]]
[cat.routes.home :refer [home-routes]]
[cat.routes.oauth :refer [oauth-routes]]
[cat.routes.oauth :refer [oauth-routes admin-routes]]
[compojure.core :refer [routes wrap-routes]]
[ring.util.http-response :as response]
[compojure.route :as route]
@ -21,6 +21,8 @@
(wrap-routes middleware/wrap-csrf)
(wrap-routes middleware/wrap-formats))
#'oauth-routes
(-> #'admin-routes
(wrap-routes middleware/wrap-restricted))
(route/not-found
(:body
(error-page {:status 404

View file

@ -13,7 +13,7 @@
[immutant.web.middleware :refer [wrap-session]]
[ring.middleware.defaults :refer [site-defaults wrap-defaults]]
[buddy.auth.middleware :refer [wrap-authentication wrap-authorization]]
[buddy.auth.accessrules :refer [restrict]]
[buddy.auth.accessrules :refer [restrict wrap-access-rules]]
[buddy.auth :refer [authenticated?]]
[buddy.auth.backends.session :refer [session-backend]])
(:import))

View file

@ -6,9 +6,18 @@
[clojure.tools.logging :as log]
[cat.moauth :as mo]))
(def admins #{117 ;flynn
})
(defn set-user! [user session redirect-url]
(let [new-session (-> session
(assoc :user user)
(cond-> (contains? admins (:id user))
(->
(assoc-in [:user :admin] {:enabled false})
(assoc :identity "foo"))))]
(-> (found redirect-url)
(assoc :session (assoc session :user user))))
(assoc :session new-session))))
(defn remove-user! [session redirect-url]
(-> (found redirect-url)
@ -16,7 +25,7 @@
(defn clear-session! [redirect-url]
(-> (found redirect-url)
(dissoc :session)))
(assoc :session nil)))
(defn oauth-init
"Initiates the Twitter OAuth"
@ -48,4 +57,10 @@
(defroutes oauth-routes
(GET "/oauth/oauth-init" req (oauth-init req))
(GET "/oauth/oauth-callback" [& req_token :as req] (oauth-callback req_token req))
(GET "/logout" req (remove-user! (:session req) "/")))
(GET "/logout" req (clear-session! "/")))
(defroutes admin-routes
(GET "/admin/enable" req (-> (found "/")
(assoc :session (assoc-in (:session req) [:user :admin :enabled] true))))
(GET "/admin/disable" req (-> (found "/")
(assoc :session (assoc-in (:session req) [:user :admin :enabled] false)))))