refactoring

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2022-2023 Anton Zering
+Copyright 2022-2024 Anton Zering
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

resources/config.defaults.edn

@@ -1,3 +1,3 @@
 {:database {:url #or [#env DATABASE_URL "jdbc:postgresql://localhost:5432/myuri"]}
  :server   {:port          #or [#env PORT 3000]
-            :cookie-secret #or [#env COOKIE_SECRET "agtjrfokft5rs95g"]}}
+            :cookie-secret #or [#env COOKIE_SECRET "agtjrfokft5rs9ksadjfla5g__"]}}

resources/templates/_main-nav.html

@@ -23,12 +23,11 @@
                 <div class="navbar-item has-dropdown is-hoverable"><a class="navbar-link">{{ req.identity.username}}</a>
                     <div class="navbar-dropdown is-right">
                         <a class="navbar-item" href="/settings">Settings</a>
-
-                        {% if identity.is-admin %}
                         <hr class="navbar-divider">
+                        {% if identity.is-admin %}
                         <a class="navbar-item" href="/admin">Administration</a>
-                        {% endif %}
                         <hr class="navbar-divider">
+                        {% endif %}
                         <a class="navbar-item" href="/" hx-post="/auth/logout" hx-target="body">Log out</a></div>
 
                 </div>

resources/templates/settings/security.html

@@ -1,7 +1,9 @@
 {% extends "settings/_layout.html" %}
 
 {% block content %}
-
+{% if req.flash %}
+<div class="notification {{ req.flash.class }} is-light">{{ req.flash.message }}</div>
+{% endif %}
 <form method="post">
     <h3 class="is-size-3">Change Password</h3>
     <input type="hidden" name="__anti-forgery-token" value="{{ req.anti-forgery-token }}"/>

src/myuri/web/auth/handler.clj

@@ -8,8 +8,8 @@
             [myuri.web.templating :refer [tpl-resp]]
             [myuri.web.utils :refer [is-post?]]
             [ring.util.codec :refer [url-decode url-encode]]
-            [ring.util.response :as resp]))
-
+            [ring.util.response :as resp]
+            [ring.middleware.flash :as flash]))
 
 (defn check-user-password
   "docstring"
@@ -18,7 +18,6 @@
     (when (hashers/check password (get user :users/password_digest))
       (dissoc user :users/password_digest))))
 
-
 (defn make-identity
   "docstring"
   [user]

src/myuri/web/handler.clj

@@ -19,7 +19,7 @@
    :title       (or (not-empty (:bookmarks/site_title m))
                     (:bookmarks/site_url m))
    :url         (:bookmarks/site_url m)
-   :url_host        (u/domain-from-url (:bookmarks/site_url m))
+   :url_host    (u/domain-from-url (:bookmarks/site_url m))
    :description (:bookmarks/site_description m)
    :created_at  (:bookmarks/created_at m)
    :checks      (:bookmarks/checks m)})
@@ -123,12 +123,17 @@
   [{:keys          [ds request-method] :as req
     {:keys [form]} :parameters}]
   (let [user-id (u/user-id req)]
+    (prn "hella")
     (case request-method
       :get (tpl-resp "settings/security.html")
       :post (case (-> req :params :action)
-              "password_change" (if-let [resp (api/change-user-password ds user-id (-> req :params :current_password) (-> req :params :new_password))]
-                                  (tpl-resp "settings/security.html" {:message "Password changed successfully!"})
-                                  (tpl-resp "settings/security.html"))
+              "password_change" (if-some [resp (api/change-user-password ds user-id (-> req :params :current_password) (-> req :params :new_password))]
+                                  (do
+                                    (prn resp)
+                                    (assoc (resp/redirect "/settings/security")
+                                      :flash {:class "is-success"
+                                              :message "Password changed successfully"}))
+                                  (tpl-resp "settings/security.html" {:errors "Wrong password"}))
               :default (tpl-resp "settings/security.html")))))
 
 

src/myuri/web/middleware.clj

@@ -13,23 +13,40 @@
 
 (defn any-role?
   "docstring"
-  [req]
+  [{:keys [identity] :as req}]
   (let [path-roles (-> req :reitit.core/match :data :roles)
-        user-roles (-> req :identity :roles)]
+        user-roles (:roles identity)]
     (prn path-roles)
     (some? (not-empty (clojure.set/intersection path-roles user-roles)))))
 
-(defn is-admin?
+(defn any-access
+  "Allows any user"
+  [_]
+  true)
+
+(defn authenticated-access
   "docstring"
   [req]
-  (contains? (-> req :identity :roles) :admin))
+  (if (authenticated? req)
+    (baa/success)
+    (baa/error {:code 401
+                :message "You are not authenticated. Please log in."})))
+
+(defn admin-access
+  "docstring"
+  [{:keys [identity] :as req}]
+
+  (if (contains? (:roles identity) :admin)
+    (baa/success)
+    (baa/error {:code    403
+                :message "Unauthorized admin access"})))
 
-(def authz-rules [{:pattern #"^/auth/.*" :handler any?}     ; Let everyone use the auth endpoints
-                  {:pattern #"^/admin"
-                   :handler is-admin?
-                   :on-error (fn [req error]
-                               (tmpl/tpl-resp "errors/403-forbidden.html"))}
-                  {:pattern  #"^/.*" :handler authenticated?}])
+(def rules [{:pattern #"^/auth"
+             :handler any-access}
+            {:pattern #"^/admin"
+             :handler admin-access}
+            {:pattern #"^/.*"
+             :handler authenticated-access}])
 
 (defn wrap-authorization
   "docstring"
@@ -44,7 +61,7 @@
 (defn wrap-access-rules
   "docstring"
   [handler]
-  (baa/wrap-access-rules handler {:rules authz-rules}))
+  (baa/wrap-access-rules handler {:rules rules}))
 
 (defn wrap-system
   "Injects System components into the request map"

src/myuri/web/routes.clj

@@ -8,6 +8,7 @@
     [myuri.api :as api]
     [reitit.ring :as ring]
     [reitit.ring.coercion :as rrc]
+    [reitit.ring.middleware.exception :as exception]
     [reitit.ring.middleware.muuntaja :as muuntaja]
     [reitit.ring.middleware.parameters :as parameters]
     [ring.middleware.keyword-params :as kpmw]
@@ -36,84 +37,98 @@
       (handler (assoc req :bookmark bookmark))
       (not-found-handler req))))
 
-(def default-routes
-  (ring/routes
-    (ring/create-resource-handler {:path "/assets"})
-    (ring/create-default-handler {:not-found not-found-handler})))
+
+(defn make-routes []
+
+  [["/"
+    {:get {:parameters {:query specs/GetBookmarksRequest}
+           :handler    bh/index-handler}}]
+   ["/new"
+    {:get  {:parameters {:query [:map
+                                 [:data {:optional true} :string]
+                                 [:p {:optional true} int?]]}
+            :handler    bh/new-bookmark-handler}
+     :post {:parameters {:form [:map
+                                [:close {:optional true, :default 0} int?]
+                                [:url :string]
+                                [:title {:optional true} :string]
+                                [:description {:optional true} :string]]}
+            :handler    bh/new-bookmark-handler}}]
+   ["/bookmarks/{bid}"
+    {:parameters {:path {:bid uuid?}}
+     :middleware [inject-bookmark]}
+    [""
+     {:delete bh/delete-bookmark-handler}]
+    ["/edit" bh/edit-bookmark-handler]]
+   ["/auth" {}
+    ["/login"
+     {:get  {:parameters {:query [:map
+                                  [:to {:optional true} string?]]}
+             :handler    ah/login-handler-get}
+      :post {:parameters {:form {:username string?
+                                 :password string?
+                                 :to       string?}}
+             :handler    ah/login-handler-post}}]
+    ["/logout"
+     {:post ah/logout-handler}]
+    ["/register"
+     {:get  {:handler ah/register-handler}
+      :post {:parameters {:form {:username string?
+                                 :email    string?
+                                 :password string?}}
+             :handler    ah/register-handler}}]]
+   ["/admin" {}
+    [""
+     {:name    "admin:users"
+      :handler bh/admin-users}]]
+   ["/settings" {}
+    [""
+     {:name "settings:general"
+      :get  {:handler bh/settings-index}
+      :post {:parameters {:form [:map
+                                 [:target_blank {:optional true} boolean?]]}
+             :handler    bh/settings-index}}]
+    ["/security"
+     {:name "settings:security"
+      :get  {:handler bh/security-handler}
+      :post {:handler    bh/security-handler
+             :parameters {:form {:current_password string?
+                                 :new_password     string?
+                                 :new_password2    string?}}}}]]]
+  )
+
+(def exception-middleware
+  (exception/create-exception-middleware
+    (merge exception/default-handlers
+           {})))
 
 (defn app
   [opts]
   (ring/ring-handler
     (ring/router
-      [["/" {:get {:parameters {:query specs/GetBookmarksRequest}
-                   :handler    bh/index-handler}}]
-       ["/new" {:get  {:parameters {:query [:map
-                                            [:data {:optional true} :string]
-                                            [:p {:optional true} int?]]}
-                       :handler    bh/new-bookmark-handler}
-                :post {:parameters {:form [:map
-                                           [:close {:optional true, :default 0} int?]
-                                           [:url :string]
-                                           [:title {:optional true} :string]
-                                           [:description {:optional true} :string]]}
-                       :handler    bh/new-bookmark-handler}}]
-       ["/bookmarks/{bid}" {:parameters {:path {:bid uuid?}}
-                            :middleware [inject-bookmark]}
-        ["" {:delete bh/delete-bookmark-handler}]
-        ["/edit" bh/edit-bookmark-handler]]
-       ["/auth" {}
-        ["/login" {:get  {:parameters {:query [:map
-                                               [:to {:optional true} string?]]}
-                          :handler    ah/login-handler-get}
-                   :post {:parameters {:form {:username string?
-                                              :password string?
-                                              :to       string?}}
-                          :handler    ah/login-handler-post}}]
-        ["/logout" {:post ah/logout-handler}]
-        ["/register" {:get  {:handler ah/register-handler}
-                      :post {:parameters {:form {:username string?
-                                                 :email    string?
-                                                 :password string?}}
-                             :handler    ah/register-handler}}]]
-       ["/admin" {}
-        ["" {:name    "admin:users"
-             :handler bh/admin-users}]
-        ]
-       ["/settings" {}
-        ["" {:name "settings:general"
-             :get  {:handler bh/settings-index}
-             :post {:parameters {:form [:map
-                                        [:target_blank {:optional true} boolean?]]}
-                    :handler    bh/settings-index}}]
-        ["/security" {:name "settings:security"
-                      :get  {:handler bh/security-handler}
-                      :post {:handler    bh/security-handler
-                             :parameters {:form {:current_password string?
-                                                 :new_password     string?
-                                                 :new_password2    string?}}}}]]
-       ]
+      (make-routes)
 
       ;; router data affecting all routes
       {:data {:coercion   reitit.coercion.malli/coercion
               :muuntaja   mj/instance
               :middleware [parameters/parameters-middleware
                            kpmw/wrap-keyword-params
+                           exception-middleware
                            rrc/coerce-request-middleware
                            rrc/coerce-response-middleware
                            muuntaja/format-response-middleware
-                           ;exception/exception-middleware
-                           wrap-flash
                            wrap-anti-forgery
-
                            mw/wrap-templating
-                           mw/wrap-access-rules]}})
+                           mw/wrap-access-rules
+                           ]}})
 
-    default-routes
+    (ring/routes
+      (ring/create-resource-handler {:path "/assets"})
+      (ring/create-default-handler {:not-found not-found-handler}))
 
     {:middleware [[mw/wrap-session (:cookie-secret opts)]
+                  wrap-flash
 
                   mw/wrap-authentication
                   mw/wrap-authorization
-
-
                   [mw/wrap-system opts]]}))

src/myuri/web/server.clj

@@ -17,8 +17,9 @@
 
     (let [{:keys [cookie-secret port dev?]} options
 
-          create-handler #(routes/app {:ds            (:ds db)
-                                       :cookie-secret cookie-secret})
+          create-handler (fn []
+                           (routes/app {:ds            (:ds db)
+                                        :cookie-secret cookie-secret}))
 
           handler (if dev?
                     (do