I recently started a project that required user authentication, and I decided to take care of the auth part first for the sake of learning and to have a foundation for future projects. Tools like luminus are great for standing up something with solid standard libraries, but there are so many tools in the Clojure world now; things are moving quickly and there are so many choices.
Anyway, I knew the tools I wanted to use but I needed to figure out how to put them together myself. After doing so I felt like maybe someone else will benefit from having it as a reference. I read through relevant OWASP material to get a grasp of security best practices while building it. I’m not a security expert and some things may still need to be tweaked for more security; some things, of course, are business-specific as well.
- user sign up with email address
- email verification via link with token emailed to user
- user login
- user logout
- forgot password / password reset
- clojure cli
- pedestal for the backend service
- java-time for handling time and dates
- postal for sending emails
- yogthos/config for configuration
- next.jdbc for database interaction
- hiccup for rendering html
- buddy-hashers for hashing passwords and checking raw passwords against stored hashes
- hikaricp for database connection pooling
- docker for packaging and deployment
- shadow-cljs for clojurescript compilation
Feedback is welcome!