search

kit-clj / kit-clj.github.io

Kit documentation
https://kit-clj.github.io/
20 stars 27 forks source link

"Restrict access" example has middleware in wrong order #36

Closed crimsonhawk47 closed 1 year ago

crimsonhawk47 commented 1 year ago

The docs ask you to add wrap-authentication here: 

(defn wrap-base
  [{:keys [metrics site-defaults-config cookie-session] :as opts}]
  (fn [handler]
    (cond-> ((:middleware env/defaults) handler opts)
            true (defaults/wrap-defaults
                   (assoc-in site-defaults-config [:session :store] (cookie/cookie-store cookie-session)))
            true (wrap-authentication (session-backend)))))

But if wrap-authentication comes after wrap-defaults, there is no session to be read. This is the expected example:

(defn wrap-base
  [{:keys [metrics site-defaults-config cookie-secret] :as opts}]
  (let [cookie-store (cookie/cookie-store {:key (.getBytes ^String cookie-secret)})]
    (fn [handler]
      (cond-> ((:middleware env/defaults) handler opts)
        true (wrap-authentication (session-backend))
        true (defaults/wrap-defaults
              (assoc-in site-defaults-config [:session :store] cookie-store))))))
yogthos commented 1 year ago

Thanks, that's a good catch. Just updated the docs here.