我真的不了解https://github.com/clojure-liberator/liberator以及它为开发人员提供的决策点列表.如何使用库的/旁边/顶部实现基本的auth/auth服务?
ord*_*rig 14
惯用的方法是实施:authorized?决策点.但是,目前不支持处理基本或摘要式身份验证.一种实用的方法是ring-basic-authentication用于身份验证并仅处理资源中的授权.以下示例使用ring-basic-authentication并将令牌设置为用户的角色.然后,解放器在中检查此角色authorized?
(defresource admin-only
:handle-ok "secrect"
:handle-unauthorized "for admins only"
:authorized? (fn [{{token :token} :request}]
(= "admin" token)))
;; token returned encodes role
(defn authenticated? [name pass]
(cond (and (= name "scott")
(= pass "tiger")) "admin")
(and (= name "jack")
(= pass "jill")) "user)))
(def app (wrap-basic-authentication admin-only authenticated?))
从自述"
资源与Ring兼容,可以包装在Ring中间件中.在评估时,资源返回一个函数,该函数接受Ring请求并返回Ring响应.
所以你可以将它包装在ring-basic-authentication中
(use 'ring.middleware.basic-authentication)
(defn authenticated? [name pass] (and (= name "foo") (= pass "bar")))
(def app (-> routes .. (wrap-basic-authentication authenticated?))