I am looking into building a simple query DSL in clojure. The main idea is to allow my users to filter out which result they want to see. For instance (and (username "boris") (country :uk)) would only display results about people named “boris” in the “uk”.
As the query has been produced by the user, I would like to sanitize the query. I would not like someone querying the system with (username (slurp "http://s3/large-file")). Consequently, I suppose, I will need to whitelist the allowed functions.
For now, the above would be enough. But I fell there is something wrong with a system that does not allow you to name things. It would be marvelous if the DSL would allow using scoped def. Something a little bit like…
Currently, the only solution I have in mind is to load the dsl as a data structure and then inspect it. According to my taste, this is very ugly. On the internets, Lisp is often mention along side dsl but there is surprisingly few document about dsl and clojure out there. Please help me…
I’d suggest using data for DSL and parsing it using clojure.edn/read-string (not clojure.core/read-string!) and just use data structures and simple symbols:
clojure.edn/read-string solve the reading problem. My problem is pass that, once the dsl has been read, I need to evaluate it in a certain context. If we continue with the original example, the query (and (username "boris") (country :uk)) could be used as a filter as bellow.