Add missing ring-req argument to authorized?-fn function call

taoensso / sente

Realtime web comms library for Clojure/Script

https://www.taoensso.com/sente

Eclipse Public License 1.0

1.73k stars 193 forks source link

Add missing ring-req argument to authorized?-fn function call #385

Closed viesti closed 3 years ago

viesti commented 3 years ago

The documentation on make-channel-socket-server! says:

    :authorized?-fn    ; ?(fn [ring-req]) -> When non-nil, (authorized?-fn <ring-req>)
                       ; must return truthy, otherwise connection requests will be
                       ; rejected with (unauthorized-fn <ring-req>) response.
                       ;
                       ; May check Authroization HTTP header, etc.

But the implementation doesn't actually pass ring-req argument to the supplied authorized?-fn function. So fixed that by adding the missing argument to the function call :).

ptaoussanis commented 3 years ago

Merging manually, thanks Kimmo!

viesti commented 3 years ago

Thank you! Actually, I ended up doing the check in a middleware that is wrapped around the handlers that sente creates, since I used that middleware elsewhere too. That lead me to think if csrf, or other checks could be delegated to a middleware, maybe then documented also in sente.

Anyway, this fix is a good thing to keep :)