Authentication middleware for Drawbridge endpoints.
A Drawbridge endpoint is remote code execution by design, so it
should never be exposed without authentication. wrap-token
provides a minimal, dependency-free bearer-token scheme that pairs
with the client side's HTTP header support (.nrepl.edn's
[:drawbridge :http-headers], the bridge's --token argument, or
ring-client-transport's :http-headers option).
Authentication middleware for Drawbridge endpoints. A Drawbridge endpoint is remote code execution by design, so it should never be exposed without authentication. `wrap-token` provides a minimal, dependency-free bearer-token scheme that pairs with the client side's HTTP header support (`.nrepl.edn`'s [:drawbridge :http-headers], the bridge's `--token` argument, or `ring-client-transport`'s :http-headers option).
(wrap-token handler token)Middleware that rejects any request not carrying an
Authorization: Bearer <token> header matching token, responding
with a JSON 401. Apply it outside the param middlewares so
unauthenticated requests are rejected before any parsing.
Middleware that rejects any request not carrying an `Authorization: Bearer <token>` header matching `token`, responding with a JSON 401. Apply it outside the param middlewares so unauthenticated requests are rejected before any parsing.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |