All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
b-social/liberator-mixin
.liberator.mixin
:routes
to :router
in liberator.mixin.hal
and
liberator.mixin.hypermedia
to reflect upstream changes in hype
.liberator.mixin.core
and the specific mixins moved respectively to:
liberator.mixin.authorisation
liberator.mixin.context
liberator.mixin.hal
liberator.mixin.hypermedia
liberator.mixin.json
liberator.mixin.logging
liberator.mixin.validation
liberator.mixin.logging
mixin now expects a cartus.core/Logger
rather
than implementing a custom protocol for logging. The liberator.mixin.hal
mixin has also been updated to use cartus.core
for logging.liberator.mixin.hal/with-exception-handler
, the
exception is first converted to a map using clojure.core/Throwable->map
in
order to retain detail.:self
introduced as part of the
liberator.mixin.hypermedia
mixin has been renamed to :self-link
for
clarity and the corresponding :self
entry added to context has been
renamed to :self-link
.is-
prefix on predicates in liberator.mixin.core
has been dropped to
follow convention.SpecBackedValidator
has been added to liberator.mixin.validation
allowing a spec to be used as a validator, along with a function
spec-validator
to assist in construction of the validator.MultiValidator
and supporting combine
function has been added to
liberator.mixin.validation
allowing validators to be combined such that all
validators must report valid in order for the combined to report valid and
such that problems from all validators are combined in the combined validator.resource-attribute-as-value
and resource-attribute-as-fn
, for
fetching resource attributes from context, have been added in
liberator.mixin.util
.
resource-attribute-as-value
fetches the attribute from the resource and
invokes it passing context, returning the result.resource-attribute-as-fn
fetches the attribute from the resource and
partially applies it using the context, returning a function of the
remaining parametersliberator-mixin.hal
namespace now includes a
with-malformed-handler
mixin for correctly handling malformed responses as
a HAL resource.allowed?
would
duplicate values in sequential collections of the context.liberator-mixin.hal
namespace now includes a
with-method-not-allowed-handler
mixin for correctly handling method not
allowed responses as a HAL resource.with-hal-mixin
mixin now includes the with-exception-handler
,
with-unauthorized-handler
, with-forbidden-handler
and
with-method-not-allowed-handler
mixins.with-jwt-scopes
mixin now allows specifying whether a token is required
on the request via the :token-required?
configuration option.with-bearer-token
now allows the :token-type
configuration option to be a
seq of accepted token types, with nil
representing there being no token type
identifier in the header value. All :token-type
s are attempted when parsing
a token header.liberator-mixin.hal
namespace now includes a with-unauthorized-handler
mixin for correctly handling unauthorized responses as a HAL resource.with-jwt-scopes
mixin has been added in
liberator-mixin.authorisation.unverified
allowing the scopes claim to be
extracted to context but not verified.with-bearer-token
mixin now allows the header to look in for a token
to be specified via the :token-header-name
configuration option, which
defaults to "Authorization".:token-required?
configuration option now allows a map of methods to
booleans to be used, such that requiring a token can be opted out of for
certain methods.:token-missing
configuration option for with-token-authorization
has been removed in favour of a new :token-required?
configuration option,
which when false will allow requests to proceed even if there is no token
on the request.malformed?
and allowed?
decisions for liberator have now been used
rather than manually constructing responses within
liberator-mixin.authorisation
.with-handle-unauthorized-token
mixin has been renamed to
with-www-authenticate-header
.:as-response
rather than overriding
:handle-unauthorized
.ScopeValidator
now allows required scopes to be specified by request
method.with-access-token
mixin has been renamed to with-bearer-token
.with-jws-access-token
mixin has been renamed to
with-token-authorization
.with-www-authenticate
mixin has been renamed to
with-handle-unauthorized-token
.:token-missing
configuration option has been added for use by
with-token-authorization
allowing the action to perform in the case of a
missing token to be customises, defaulting to responding with an unauthorized
response.liberator-mixin.hal
namespace now includes a with-forbidden-handler
mixin for correctly handling forbidden responses as a HAL resource.No observable change.
with-jws-access-token
mixin now allows a seq of ClaimValidator
instances to be provided via the :token-validators
configuration option
making the claim validator more general purpose and extensible and less
opinionated.scope-validator
function has been replaced with a ScopeValidator
type,
implementing ClaimValidator
which can be used in the aforementioned
:token-validators
seq.with-logger
mixin has been introduced in the liberator-mixin.logging
namespace, allowing a logger
to be set on the context for use by other
mixins.WWW-Authenticate
header was incorrectly reporting the underlying error.
This has now been resolved.with-www-authenticate
mixin now allows an :error-body
to be set on
the context, used as the body of the error response.with-jws-access-token-mixin
has been added that sets up all parts of JWS
access token management.with-access-token
mixin has been pulled out of with-jws-access-token
so that extracting and parsing the token can be performed independently
without further verification.:token-key
option used by with-jws-access-token
now accepts a function
in addition to a value, which is called with context
in order to retrieve
the token key.liberator-mixin.jws-authorisation
namespace has been renamed to
liberator-mixin.authorisation
.with-jws-authorisation
mixin has been renamed to
with-jws-access-token
.with-jws-unauthorised
mixin has been renamed to with-www-authenticate
.with-jws-access-token
has moved from mixin construction
time to runtime by adding :token-type
, :token-options
, :token-key
,
:token-claims
and :token-parser
configuration options to the liberator
handler map.scope-validator
function has been added to liberator-mixin.authorisation
returning a claim validator to be used in the :token-claims
configuration
option.with-jws-authorisation
mixin required the token type in the
authorization header (e.g., "Bearer") to match specific casing. Now, the check
is case-insensitive.with-jws-unauthorised
has been tidied up to
use a standard error format.with-jws-unauthorised-as-json
has been renamed to with-jws-unauthorised
and no longer returns a JSON error body in the case of an authorisation
failure, to comply with the JWT RFC.with-jws-unauthorised-as-json
mixin was
invalid due to a typo. This has now been resolved.with-jws-unauthorised-as-json
mixin was not correctly rendering error
responses due to a missing representation media type. This has now been
resolved.with-jws-unauthorised-as-json
mixin now includes an OpenID conformant
error header on the response in the case of a JWS authorisation failure.with-jws-unauthorised-as-json
mixin has been added to the
liberator-mixin.jws-authorisation
namespace allowing a JWS authorisation
failure to produce a descriptive JSON error response.liberator-mixin.jws-authorisation
namespace has been introduced with a
with-jws-authorisation
mixin which allows verifying a JWS token on the
request, including verifying the contents of the scope claim.liberator-mixin.context
has now been partially documented.liberator-mixin.hal
, liberator-mixin.hypermedia
and
liberator-mixin.json
has been improved.jason
and camel-snake-kebab
dependencies have been upgraded.liberator-mixin.context
has now been documented.liberator-mixin.context/with-attributes-in-context
mixin has been
introduced, allowing multiple attributes to be added to context at once.liberator-mixin.core
has now been documented.liberator-mixin.core/merge-decisions
and liberator-mixin.core/merge-resource-definitions
now have increased test
coverage.left
is false
,
no merge would take place during
liberator-mixin.core/merge-resource-definitions
.liberator-mixin.validation
mixin now allows nil
validators, so that
the validator can be something like (by-method :post (validator))
in a
resource that supports both GET and POST requests.FnBackedValidator
and factory function have been added to simplify
building Validator
instances from existing functions.liberator-mixin.validation
mixin now validates all known, validatable
methods by default.jason
has been upgraded to the latest version.jason
which provides default support
for time types.liberator-mixin.hypermedia
have been replaced
by hype
, which now supersedes them in capability.slurp
ing body before attempting JSON parse.jason
has been upgraded to a version that fixes a bug in the library.hal
and json
mixins now use jason
for JSON encoding and decoding
instead of cheshire
.allowed-methods
,
available-media-types
etc can now be merged.json->map
and map->json
are now public.Unreleased.
No observable change.
liberator-mixin
.No observable change.
Released without CHANGELOG.md.
Can you improve this documentation? These fine people already did:
Toby Clemson, Alex Parlett, Jonas Svalin, Paul Hutchin, Tristram Oaten, Jakob Durstberger, jimmythompson, Samuel Fekete, Ina Tsetsova & John Cowie Del CorralEdit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close