Reitit ring. Authentication and authorization in only one set of routes on Luminus

Question

I'm developing a site with Luminus, until now my middleware wrap-base function looks like:

(defn wrap-base [handler]
  (-> ((:middleware defaults) handler)
  wrap-auth
  (wrap-access-rules {:rules rules :on-error on-error})
  (wrap-authentication (session-backend))
   wrap-flash
  (wrap-defaults
    (-> site-defaults
        (assoc-in [:security :anti-forgery] false)
        (assoc-in  [:session :store] (ttl-memory-store (* 60 30)))))
  wrap-internal-error))

and my routes/home.clj file:

 (defn home-routes []
   [""
     {:middleware [middleware/wrap-csrf
                   middleware/wrap-formats]}
     (merge public-routes admin-routes)])

but now I need to develop a new API ("/api/getcustomers") so all the authentication/authorization (and csrf) middleware must be only for the "home-routes" and not for the new API routes. The API routes are saved in a new routes/services.clj file.

Happily Luminus uses reitit.ring, a data-driven routing solution, but I'm not sure how to move the authentication/authorization stuff out of the general middleware and assign it only for "home-routes" section.

aarkerio · Answer 1 · 2022-05-24T16:49:54.770

At the end, I created a rule for the new API in ring:

  ;; File: src/some_app/middleware.clj  
  (defn open-gates [request]
       true)

  (def rules [{:pattern #"^/admin.*"
         :handler admin-access
         :redirect "/notauthorized"},
        {:pattern #"^\/vclass.*"
         :handler user-access
         :redirect "/notauthorized"},
        {:pattern #"^\/api.*"
         :handler open-gates
         :redirect "/notauthorized"},
        {:pattern #"^/user.*"
         :handler authenticated?}])

Reitit ring. Authentication and authorization in only one set of routes on Luminus

1 Answers1