Skip to content

Latest commit

 

History

History
101 lines (61 loc) · 3.02 KB

interceptors.md

File metadata and controls

101 lines (61 loc) · 3.02 KB

Interceptors implemented in Xiana

log

Prints the actual state map on both :enter and :leave phases.

side-effect

Executes the function from state's :side-effect key, if there is one. It's often placed between database access and response, to execute actions based on the database result.

view

The view interceptor renders the response map based the given state via the provided :view keyword.

params

Params for resolving the request parameters.

db-access

Executes :query and :db-queries keys on :leave phase.

message

Prints out provided message on :leave and on :enter

muuntaja

Decodes the request and encodes the response based on request's Accept and Content-type headers

session

On :enter, either injects session-data based on headers, cookies or query params' session-id, or short circuits execution with invalid or missing session responses.

On :leave updates session storage with session-data from state.

guest-session

Same as session, except that if session is missing or not provided, creates a new session for :guest user, with random UUID user-id.

rbac

On :enter, decides if the given user (from session-data user role) has permissions for a given action. When no permission is found, short circuits the execution with :status 403.

On :leave, tightens the database query with given :restriction-fn, if any.

coercion

On :enter, performs request parameter wrapping, and validates by given roles.

On :leave, validates the response body with the given malli schema.

cookies

Cookie request/response wrapper

prune-get-request-bodies

On :enter, removes both body and :body-params from GET requests.

jwt-auth

This interceptor uses :claims methods of verify-jwt and sign. More on these methods here

On :enter, gets the authorization header from the request and verifies the JWT sent. If its valid, adds the contents of the JWT to session-data, otherwise assocs the Exception into the error key in state.

On :error, returns a 401 Unauthorized response with the message depending on the ExceptionInfo data present in the :error key in state.

On :leave does nothing.

jwt-content

This interceptor uses :no-claims methods of verify-jwt and sign. More on these methods here

On :enter, grabs the JWT sent as a body-param in the request and verifies it. If its valid, rewrites the content of the :body-params key with the contents of the JWT. If validation fails, assocs the Exception to the :error key in state.

On :leave, signs the contents of the response body and assocs it back to the :body of the response.

On :error, responds 401 Unauthorized.