Interceptors implemented in Xiana
- log
- side-effect
- view
- params
- db-access
- message
- muuntaja
- session
- guest-session
- rbac
- coercion
- cookies
- prune-get-request-bodies
log
Prints the actual state map on both :enter and :leave phases.
side-effect
Executes the function from state's :side-effect key, if there is one. It's often placed between database access and
response, to execute actions based on the database result.
view
The view interceptor renders the response map based the given state via the provided :view keyword.
params
Params for resolving the request parameters.
db-access
Executes :query and :db-queries keys on :leave phase.
message
Prints out provided message on :leave and on :enter
muuntaja
Decodes the request and encodes the response based on request's Accept and Content-type headers
session
On :enter, either injects session-data based on headers, cookies or query params' session-id, or short circuits
execution with invalid or missing session responses.
On :leave updates session storage with session-data from state.
guest-session
Same as session, except that if session is missing or not provided, creates a new session for :guest
user, with random UUID user-id.
rbac
On :enter, decides if the given user (from session-data user role) has permissions for a given action. When no
permission is found, short circuits the execution with :status 403.
On :leave, tightens the database query with given :restriction-fn, if any.
coercion
On :enter, performs request parameter wrapping, and validates by given roles.
On :leave, validates the response body with the given malli schema.
cookies
Cookie request/response wrapper
prune-get-request-bodies
On :enter, removes both body and :body-params from GET requests.
jwt-auth
This interceptor uses :claims methods of verify-jwt and sign. More on these methods here
On :enter, gets the authorization header from the request and verifies the JWT sent. If its valid, adds the contents
of the JWT to session-data, otherwise assocs the Exception into the error key in state.
On :error, returns a 401 Unauthorized response with the message depending on the ExceptionInfo data present in
the :error key in state.
On :leave does nothing.
jwt-content
This interceptor uses :no-claims methods of verify-jwt and sign. More on these methods here
On :enter, grabs the JWT sent as a body-param in the request and verifies it. If its valid, rewrites the content of
the :body-params key with the contents of the JWT. If validation fails, assocs the Exception to the :error key in
state.
On :leave, signs the contents of the response body and assocs it back to the :body of the response.
On :error, responds 401 Unauthorized.
Can you improve this documentation? These fine people already did:
Krisztian Gulyas, Arthur G Luz, Juan Carlos Teso, Stas Makarov & g-krisztianEdit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close