reitit/doc/ring/dynamic_extensions.md

# Dynamic Extensions

`ring-handler` injects the `Match` into a request and it can be extracted at runtime with `reitit.ring/get-match`. This can be used to build ad-hoc extensions to the system.

Example middleware to guard routes based on user roles:

```clj
(require '[reitit.ring :as ring])
(require '[clojure.set :as set])

(defn wrap-enforce-roles [handler]
  (fn [{:keys [my-roles] :as request}]
    (let [required (some-> request (ring/get-match) :data ::roles)]
      (if (and (seq required) (not (set/subset? required my-roles)))
        {:status 403, :body "forbidden"}
        (handler request)))))
```

Mounted to an app via router data (affecting all routes):

```clj
(def handler (constantly {:status 200, :body "ok"}))

(def app
  (ring/ring-handler
    (ring/router
      [["/api"
        ["/ping" handler]
        ["/admin" {::roles #{:admin}}
         ["/ping" handler]]]]
      {:data {:middleware [wrap-enforce-roles]}})))
```

Anonymous access to public route:

```clj
(app {:request-method :get, :uri "/api/ping"})
; {:status 200, :body "ok"}
```

Anonymous access to guarded route:

```clj
(app {:request-method :get, :uri "/api/admin/ping"})
; {:status 403, :body "forbidden"}
```

Authorized access to guarded route:

```clj
(app {:request-method :get, :uri "/api/admin/ping", :my-roles #{:admin}})
; {:status 200, :body "ok"}
```

Dynamic extensions are nice, but we can do much better. See [data-driven middleware](data_driven_middleware.md) and [compiling routes](compiling_middleware.md).
Coercion docs 2017-12-10 14:57:09 +00:00			`# Dynamic Extensions`
Re-organize docs 2017-09-18 05:30:03 +00:00
Walk the docs, fix links, maybe better texts 2017-10-30 06:46:20 +00:00			`ring-handler` injects the `Match` into a request and it can be extracted at runtime with `reitit.ring/get-match`. This can be used to build ad-hoc extensions to the system.
Re-organize docs 2017-09-18 05:30:03 +00:00
			`Example middleware to guard routes based on user roles:`

			```clj
Tuning the docs 2018-02-11 17:15:25 +00:00			`(require '[reitit.ring :as ring])`
Re-organize docs 2017-09-18 05:30:03 +00:00			`(require '[clojure.set :as set])`

			`(defn wrap-enforce-roles [handler]`
Update dynamic_extensions.md I find the clarity of this example important because the implementation of (ring/get-match) https://github.com/metosin/reitit/blob/c23f591283883bcebae482e723aa34284cfd048c/modules/reitit-ring/src/reitit/ring.cljc#L309 doesn't explain what's going on here. I find the destructing of the qualified keyword `::roles` unnecessary to the example. To this end I propose using an unqualified keyword. Additionally there is a collision between the name of the required rolls to access the route and the name of the roles held by the user making the request. To this end I propose having the roles held by the user named `:my-roles` 2020-02-28 13:44:05 +00:00			`(fn [{:keys [my-roles] :as request}]`
BREAKING: route :meta => :data 2017-11-18 10:47:16 +00:00			`(let [required (some-> request (ring/get-match) :data ::roles)]`
Update dynamic_extensions.md I find the clarity of this example important because the implementation of (ring/get-match) https://github.com/metosin/reitit/blob/c23f591283883bcebae482e723aa34284cfd048c/modules/reitit-ring/src/reitit/ring.cljc#L309 doesn't explain what's going on here. I find the destructing of the qualified keyword `::roles` unnecessary to the example. To this end I propose using an unqualified keyword. Additionally there is a collision between the name of the required rolls to access the route and the name of the roles held by the user making the request. To this end I propose having the roles held by the user named `:my-roles` 2020-02-28 13:44:05 +00:00			`(if (and (seq required) (not (set/subset? required my-roles)))`
Re-organize docs 2017-09-18 05:30:03 +00:00			`{:status 403, :body "forbidden"}`
			`(handler request)))))`
			```

Fix: typos in documentation 2019-01-27 20:11:47 +00:00			`Mounted to an app via router data (affecting all routes):`
Re-organize docs 2017-09-18 05:30:03 +00:00
			```clj
			`(def handler (constantly {:status 200, :body "ok"}))`

			`(def app`
			`(ring/ring-handler`
			`(ring/router`
			`[["/api"`
			`["/ping" handler]`
			`["/admin" {::roles #{:admin}}`
			`["/ping" handler]]]]`
BREAKING: route :meta => :data 2017-11-18 10:47:16 +00:00			`{:data {:middleware [wrap-enforce-roles]}})))`
Re-organize docs 2017-09-18 05:30:03 +00:00			```

			`Anonymous access to public route:`

			```clj
			`(app {:request-method :get, :uri "/api/ping"})`
			`; {:status 200, :body "ok"}`
			```

			`Anonymous access to guarded route:`

			```clj
			`(app {:request-method :get, :uri "/api/admin/ping"})`
			`; {:status 403, :body "forbidden"}`
			```

			`Authorized access to guarded route:`

			```clj
Update dynamic_extensions.md I find the clarity of this example important because the implementation of (ring/get-match) https://github.com/metosin/reitit/blob/c23f591283883bcebae482e723aa34284cfd048c/modules/reitit-ring/src/reitit/ring.cljc#L309 doesn't explain what's going on here. I find the destructing of the qualified keyword `::roles` unnecessary to the example. To this end I propose using an unqualified keyword. Additionally there is a collision between the name of the required rolls to access the route and the name of the roles held by the user making the request. To this end I propose having the roles held by the user named `:my-roles` 2020-02-28 13:44:05 +00:00			`(app {:request-method :get, :uri "/api/admin/ping", :my-roles #{:admin}})`
Re-organize docs 2017-09-18 05:30:03 +00:00			`; {:status 200, :body "ok"}`
			```
Tuning the docs 2018-02-11 17:15:25 +00:00
			`Dynamic extensions are nice, but we can do much better. See [data-driven middleware](data_driven_middleware.md) and [compiling routes](compiling_middleware.md).`