Re: Using different middleware with different routes

282 views

Skip to first unread message

James Reeves

unread,

May 1, 2013, 12:58:46 PM5/1/13

to Compojure

If all of your secure routes have a common prefix, you could use a context:

(def app

(handler/site

(routes

(context "/secure" [] (wrap-force-ssl routes-secured))

routes-other)))

If not, then you might need middleware with more knowledge about your routes than wrap-force-ssl.

- James

On 30 April 2013 18:21, Mike Roberts <mike.b....@gmail.com> wrote:

Hi all,

First - thanks James for this library and all the others you've put out in the world.

I'm noob-ish to Compojure (and Clojure web programming in general) so I admit I may not have grokked it enough yet.

I'm trying to create a site that uses lib-noir's 'wrap-force-ssl' [1] middleware (which redirects any plain http request to https), but only for certain routes. 'wrap-force-ssl' never calls the underlying handler if the request was plain http.

The problem is with the way I'm doing this I either (a) end-up redirecting all my routes to https (which I don't want to do) or (b) can't get to my secured routes.

E.g. take the following:

(defroutes routes-secured
(GET "/secured" [] "secured"))

(defroutes routes-other
(GET "/" [] "root")

(route/not-found "Not Found"))

(def app
(routes
(-> routes-secured (handler/site) (wrap-force-ssl))
(-> routes-other (handler/site))

))

In this case any request is redirected because wrap-force-ssl is included for the first route attempted.

If I switch the routes ordering around:

(def app
(routes
(-> routes-other (handler/site))
(-> routes-secured (handler/site) (wrap-force-ssl))
))

then I can never get to my secure page, because 'not-found' kicks in for the first group.

Am I approaching my route grouping incorrectly? Is 'wrap-force-ssl' invalid to use in this context because it's not purely transformational? Do I need to implement my own ssl checking at the expression-body level of each route I need to secure?

Thanks

Mike

[1] https://github.com/noir-clojure/lib-noir/blob/master/src/noir/util/middleware.clj

--
You received this message because you are subscribed to the Google Groups "Compojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to compojure+...@googlegroups.com.
To post to this group, send email to comp...@googlegroups.com.
Visit this group at http://groups.google.com/group/compojure?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Mike Roberts

unread,

May 1, 2013, 1:20:17 PM5/1/13

to comp...@googlegroups.com

Hi James,

Thanks for the reply. After I posted I did see the context-oriented option which you mentioned on stack overflow somewhere, I think. I had not thought about using a custom, route aware, middleware function though.

I'm glad that I hadn't missed something fundamental at least!

Cheers again,

Mike

Reply all

Reply to author

Forward

0 new messages