Hi Jonathan
There are a few problems with your routes and the order in which you apply middleware.
It's important to realise that the routing mechanism for Compojure is very simple. The request is sent to each route in order, until a route returns a non-nil response.
In your case, you've set it up so that every single request is sent through the authenticate middleware, regardless of whether it's for the api-routes or www-routes. You also apply middleware twice, which can be a problem when consuming streams.
Your app wants to look more like:
(def app
(routes
(context "/api" [] (handler/api api-routes))
(handler/site (friend/authenticate www-routes auth-options)
(route/not-found "Not found")))
If you pass this code an api request, it applies the api middleware, then heads into the api-routes.
If you pass this code a www request, it skips the api-routes due to the context, then applies the site and authenticate middleware, then heads into the www-routes.
Incidentally you could write your www-routes like:
(def www-routes
(routes
(GET "/admin" [] (friend/authorize #{::admin} "Admin only"))
(GET "/authorized" [] (friend/authorize #{::user} "Users only"))
(GET "/home" [] (io/resource "public/home.html"))
(GET "/login" [] (io/resource "public/login.html"))
(GET "/" [] (io/resource "public/index.html"))
(friend/logout (ANY "/logout" [] (response/redirect "/")))
(route/resources "/")))
- James