Hi everyone,
I’m currently working on a public-facing web app. Built a client side with re-frame and a server side with a standard set of libraries (i.e., ring, compojure, and component). Use session-based authentication with buddy-auth and role-based authorization with ring handlers checking (-> request :identity :roles)
. (For the sake of completeness, the db is Datomic Cloud and the deployment method will be Elastic Beanstalk.)
Now I’m trying to add admin interface to this project and feeling a little lost for direction. Yet to see how it’s done in clojure and wondering how other people go about it. What are best practices? What kind of security hole should I watch out for when I want to use the same domain and project directory for convenience? Is there a useful library for CMS? (I’ve just found https://github.com/fmw/vix. Anything else?)
I’m thinking about having
- a public gateway at www.mydomain.com/admin/
- authorization given to users whose roles contain a :role/admin
- admin interface built with re-frame just like public facing UIs
- code for admin interface in the same project directory,
and the best I can come up with is to place the code for admin interface in a src/admin directory (my other source paths are src/clj, src/cljc, and src/cljs) and use a cljsbuild profile like below
{:id "admin"
:source-paths ["src/admin"]
:compiler {:main "admin.client"
:output-to "resources/admin/js/app.js"
:output-dir "resources/admin/js/out"
:asset-path "js/out"}}.
Is this it? Any other solutions? How do you do?
I’d appreciate any advice and suggestions.