Difficulty adding Auth to Chestnut

I’ve struggled for a while trying to get a simple use of the security library Friend to work with Chestnut.

I added the Friend middleware inside the http-handler function. Is this the correct place to apply this sort of middleware? I thought maybe the reload or api-defaults middleware could be messing up friend middleware?

(def http-handler
  (if is-dev?
    (-> #'routes
        (reload/wrap-reload)
        (friend/authenticate
          {:allow-anon? true
           :login-uri "/login"
           :default-landing-uri "/"
           :unauthorized-handler #(-> (h/html5 [:h2 "You do not have sufficient privileges to access " (:uri %)])
                                      resp/response
                                      (resp/status 401))
           :credential-fn (fn [x]
                            (let [res (creds/bcrypt-credential-fn @users x)]
                              (log/info x)
                              (log/info res)
                              res))
           :workflows [(workflows/interactive-form)]})
        (wrap-defaults api-defaults))
    (wrap-defaults routes api-defaults)))

I figured it out. (wrap api-defaults) does not allow sessions and Friend is trying to use them. I should be using site-defaults instead. See ring middleware docs for more info.

1 Like

Glad you figured it out :+1:

Thanks. Also uber-beginner question here, is there a way to restart the server from the repl? The reload middleware works great most of the time. But if I make any changes to the middleware itself, then I have to restart the JVM for those changes to have an effect.

Not sure if there’s an easy way. (run) should give you a reference to the webserver, that’s either Jetty or http-kit, depending on how you generated your project. You’d have to see what class that object is, and consult jetty/http-kits docs to see if you can restart that.

Thanks for the tip about Friend integration. I was looking to use that with Chestnut.