- log
- side-effect
- view
- params
- db-access
- message
- muuntaja
- session
- guest-session
- rbac
- coercion
- cookies
- prune-get-request-bodies
Prints the actual state map on both :enter
and :leave
phases.
Executes the function from state's :side-effect
key, if there is one. It's often placed between database access and
response, to execute actions based on the database result.
The view interceptor renders the response map based the given state via the provided :view
keyword.
Params for resolving the request parameters.
Executes :query
and :db-queries
keys on :leave
phase.
Prints out provided message on :leave
and on :enter
Decodes the request and encodes the response based on request's Accept and Content-type headers
On :enter
, either injects session-data based on headers, cookies or query params' session-id, or short circuits
execution with invalid or missing session responses.
On :leave
updates session storage with session-data from state.
Same as session, except that if session is missing or not provided, creates a new session for :guest
user, with random UUID user-id.
On :enter
, decides if the given user (from session-data user role) has permissions for a given action. When no
permission is found, short circuits the execution with :status 403
.
On :leave
, tightens the database query with given :restriction-fn
, if any.
On :enter
, performs request parameter wrapping, and validates by given roles.
On :leave
, validates the response body with the given malli schema.
Cookie request/response wrapper
On :enter
, removes both body
and :body-params
from GET requests.
This interceptor uses :claims
methods of verify-jwt
and sign
. More on these methods here
On :enter
, gets the authorization
header from the request and verifies the JWT sent. If its valid, adds the contents
of the JWT to session-data
, otherwise assocs the Exception into the error
key in state.
On :error
, returns a 401 Unauthorized
response with the message depending on the ExceptionInfo
data present in
the :error
key in state.
On :leave
does nothing.
This interceptor uses :no-claims
methods of verify-jwt
and sign
. More on these methods here
On :enter
, grabs the JWT sent as a body-param in the request and verifies it. If its valid, rewrites the content of
the :body-params
key with the contents of the JWT. If validation fails, assocs the Exception to the :error
key in
state.
On :leave
, signs the contents of the response body and assocs it back to the :body
of the response.
On :error
, responds 401 Unauthorized
.