Authentication and authorization functions
Authentication and authorization functions
(auth-chain chain req)Applies the authorization chain to the request. The chain consists of functions that are applied to the request. Each part can return a non-nil value, which is interpreted as a security advise. This can be to deny, or allow the request. If the request is denied, an authorization exception is thrown. This system allows a large degree of autonomy to each checker. They can inspect the previous advises, and modify their response accordingly.
Applies the authorization chain to the request. The chain consists of functions that are applied to the request. Each part can return a non-nil value, which is interpreted as a security advise. This can be to deny, or allow the request. If the request is denied, an authorization exception is thrown. This system allows a large degree of autonomy to each checker. They can inspect the previous advises, and modify their response accordingly.
(auth-chain-middleware h)Middleware that extracts any authorization checkers from the route data and applies them. If the chain results in a request denied, a 403 response is returned.
Middleware that extracts any authorization checkers from the route data and applies them. If the chain results in a request denied, a 403 response is returned.
Creates token contents for a build, to be used by a build script.
Creates token contents for a build, to be used by a build script.
(current-user-checker _ req)Verifies that the current user matches the one in the request path
Verifies that the current user matches the one in the request path
Default token expiration period, one day
Default token expiration period, one day
(deny-all _ _)Chain checker that denies all requests
Chain checker that denies all requests
(expired? {:keys [exp]})Returns true if token has expired
Returns true if token has expired
(generate-jwt req payload)Signs a JWT using the keypair from the request context.
Signs a JWT using the keypair from the request context.
(generate-jwt-from-rt rt payload)Generates a JWT from the private key in the runtime
Generates a JWT from the private key in the runtime
(generate-keypair)Generates a new RSA keypair
Generates a new RSA keypair
(generate-secret-key)(generate-secret-key size)Generates a random secret key object
Generates a random secret key object
Creates SHA256 hash of password, returns hex encoded string
Creates SHA256 hash of password, returns hex encoded string
(make-jwk pub)Creates a JWK object from a public key that can be exposed for external verification.
Creates a JWK object from a public key that can be exposed for external verification.
Checks if the user has access to the organization
Checks if the user has access to the organization
Checks if the user has access to the organization specified in the body
Checks if the user has access to the organization specified in the body
(parse-signature s)Parses HMAC signature header, returns the algorithm and the signature.
Parses HMAC signature header, returns the algorithm and the signature.
(public-repo-checker chain req)Checks if the repository that's being accessed is public, and the
request method is GET.
Checks if the repository that's being accessed is public, and the request method is `GET`.
(readonly-checker _ req)Only allows non-destructive requests
Only allows non-destructive requests
(secure-ring-app app {:keys [storage] :as rt})Wraps the ring handler so it verifies the JWT authorization header
Wraps the ring handler so it verifies the JWT authorization header
Creates token contents for a system admin, a user that has special privileges.
Creates token contents for a system admin, a user that has special privileges.
Retrieves current user id from request
Retrieves current user id from request
Creates token contents for an authenticated user
Creates token contents for an authenticated user
(valid-security? {:keys [secret payload x-hub-signature]})Validates security header
Validates security header
(validate-hmac-security h
                        {:keys [get-secret header]
                         :or {header "x-hub-signature-256"}})Middleware that validates the HMAC security header using a fn that retrieves the secret for the request.
Middleware that validates the HMAC security header using a fn that retrieves the secret for the request.
(webhook-org-checker _ req)Verifies if the user has permissions on the webhook org
Verifies if the user has permissions on the webhook org
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs | 
| ← | Move to previous article | 
| → | Move to next article | 
| Ctrl+/ | Jump to the search field |