I've struggled for a while trying to get a simple use of the security library Friend to work with Chestnut.
I added the Friend middleware inside the http-handler function. Is this the correct place to apply this sort of middleware? I thought maybe the reload or api-defaults middleware could be messing up friend middleware?
:unauthorized-handler #(-> (h/html5 [:h2 "You do not have sufficient privileges to access " (:uri %)])
:credential-fn (fn [x]
(let [res (creds/bcrypt-credential-fn @users x)]
(wrap-defaults routes api-defaults)))