Avenue is small set of macros for web apps that use Compojure. Primarily, it provides a simple mechanism for authorization.
Add the following dependency to your project.clj file:
[com.hendrick/avenue "0.1.0"]
In a web app, most requests fall into one of a few categories. You have pages...
(page
"/admin/user-permissions"
[:user.role/superAdmin]
user-permissions-view/show)You've got Ajax requests...
(xhr
POST "/admin/update-account"
[:user.role/superAdmin]
actions/update-account)And you might have some form posts...
(form-post
"/admin/create-account"
[:user.role/superAdmin]
actions/create-account)All Avenue does is provide a little shorthand for these common cases. You can mix and match Avenue-style routes with regular Compojure routes.
Each of the page, xhr, and form-post macros require the same arguments,
with the exception that for xhr calls, you must specify the request's HTTP
method.
A call looks like this
(page|xhr|form-post
http-method ;; xhr only
url
auth-data
actions) ;; variableThe http-method and url arguments are just forwarded to Compojure/ring. auth-data is
any data structure that identifies who is allowed to access this route. The
contents of auth-data are not used by Avenue. Avenue will pass the contents
of auth-data to your :auth-fn
For example, you might have several routes that are only accessible by admin users, you can indicate this with a keyword.
(page
"/admin/do-secret-stuff"
:adminOnly
view/show-secret-page)You might have some other routes that are accessible to everyone.
(page
"/welcome"
:allowEveryone
view/welcome-page)The keywords you choose are actually opaque to avenue, you specify their meaning in an :auth-fn.
(defn -main [& {:as args}]
(let [app (-> routes
(av/wrap-auth {:auth-fn (fn [auth-data req]
(condp = auth-data
:allowEveryone true
:adminOnly (:is-admin (db/find-user (:user-id (:session req))))
false))
:authorized-page-fn show-page
:unauthorized-page-fn redirect-to-welcome-page})
(handler/site {:session {:store (cookie/cookie-store {:key "this is a secret"})}}))]
(web/run app args)))If you find keywords aren't sufficient to express your auth requirements, you
can use any arbitrarily complex Clojure data structure. It's up to you to find
the :auth-fn and route data-structure that best suits your needs.
For a working example, check out the sample app.
To use Avenue, you must include av/wrap-auth in your middleware stack. It takes
a few options:
:auth-fn is a function that returns a truthy or falsey value indicating
whether a user is allowed access. As parameters, we'll pass the data
structure that's specified along with the route, and the request itself.
The data structure that gets passed to the auth-fn is exactly what's specified
in the route definition. It is the second argument of the page or form-post
macro, and the third argument of the xhr macro. Avenue does nothing with this
data except to pass it to the auth-fn.
:authorized-page-fn is a function that the page macro will call with the
result of the route's actions. It's ignored by the xhr and form-post
macros.
:unauthorized-page-fn is a function that any macro will call when the
:auth-fn returns a falsey value.
If you don't care much about auth, you can omit :auth-fn and
:unauthorized-page-fn from the configuration that's passed to
av/wrap-auth, and also drop the auth data structures from your routes.
Copyright 2015 Hendrick Automotive Group
Distributed under the Eclipse Public License either version 1.0 or (at your option) any later version.