add server-side enforcement of authentication for collection add/remove
This commit is contained in:
parent
ce9ef7b3e4
commit
2c89c13a64
15
src/mtgcoll/auth.clj
Normal file
15
src/mtgcoll/auth.clj
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
(ns mtgcoll.auth
|
||||||
|
(:require
|
||||||
|
[mtgcoll.config :as config]))
|
||||||
|
|
||||||
|
(defn using-authorization?
|
||||||
|
[]
|
||||||
|
(boolean (seq (config/get :users))))
|
||||||
|
|
||||||
|
(defn validate-credentials
|
||||||
|
[username password]
|
||||||
|
(if (using-authorization?)
|
||||||
|
(->> (config/get :users)
|
||||||
|
(filter #(and (= username (:username %))
|
||||||
|
(= password (:password %))))
|
||||||
|
(first))))
|
||||||
13
src/mtgcoll/middleware.clj
Normal file
13
src/mtgcoll/middleware.clj
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
(ns mtgcoll.middleware
|
||||||
|
(:require
|
||||||
|
[webtools.response :as response]
|
||||||
|
[mtgcoll.auth :as auth]))
|
||||||
|
|
||||||
|
(defn wrap-authenticated
|
||||||
|
[handler]
|
||||||
|
(fn [request]
|
||||||
|
(if (or (not (auth/using-authorization?))
|
||||||
|
(get-in request [:session :user]))
|
||||||
|
(handler request)
|
||||||
|
(-> (response/content "unauthorized")
|
||||||
|
(response/status 401)))))
|
||||||
|
|
@ -4,15 +4,12 @@
|
||||||
[compojure.core :refer [routes GET POST]]
|
[compojure.core :refer [routes GET POST]]
|
||||||
[webtools.response :as response]
|
[webtools.response :as response]
|
||||||
[webtools.session :as session]
|
[webtools.session :as session]
|
||||||
[mtgcoll.config :as config]))
|
[mtgcoll.auth :as auth]))
|
||||||
|
|
||||||
(def auth-routes
|
(def auth-routes
|
||||||
(routes
|
(routes
|
||||||
(POST "/login" [username password :as request]
|
(POST "/login" [username password :as request]
|
||||||
(if-let [user (->> (config/get :users)
|
(if-let [user (auth/validate-credentials username password)]
|
||||||
(filter #(and (= username (:username %))
|
|
||||||
(= password (:password %))))
|
|
||||||
(first))]
|
|
||||||
(do
|
(do
|
||||||
(log/info username " logged in.")
|
(log/info username " logged in.")
|
||||||
(-> (response/content "ok")
|
(-> (response/content "ok")
|
||||||
|
|
|
||||||
|
|
@ -2,14 +2,18 @@
|
||||||
(:require
|
(:require
|
||||||
[compojure.core :refer [routes GET POST]]
|
[compojure.core :refer [routes GET POST]]
|
||||||
[webtools.response :as response]
|
[webtools.response :as response]
|
||||||
|
[webtools.routes.core :refer [wrap-middleware]]
|
||||||
|
[mtgcoll.middleware :refer [wrap-authenticated]]
|
||||||
[mtgcoll.models.collection :as collection]))
|
[mtgcoll.models.collection :as collection]))
|
||||||
|
|
||||||
(def collection-routes
|
(def collection-routes
|
||||||
(routes
|
(wrap-middleware
|
||||||
(POST "/collection/add" [card-id quality foil]
|
(routes
|
||||||
(collection/add-to-collection! card-id quality foil)
|
(POST "/collection/add" [card-id quality foil :as request]
|
||||||
(response/json {:status "ok"}))
|
(collection/add-to-collection! card-id quality foil)
|
||||||
|
(response/json {:status "ok"}))
|
||||||
|
|
||||||
(POST "/collection/remove" [card-id quality foil]
|
(POST "/collection/remove" [card-id quality foil :as request]
|
||||||
(collection/remove-from-collection! card-id quality foil)
|
(collection/remove-from-collection! card-id quality foil)
|
||||||
(response/json {:status "ok"}))))
|
(response/json {:status "ok"})))
|
||||||
|
(wrap-authenticated)))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue