All functions are located in the com.biffweb
namespace.
(wrap-anti-forgery-websockets handler)
Ensure that websocket upgrade requests pass a CSRF check.
If the client requests a websocket upgrade, the Origin header must be the
same as the :biff/base-url key in the request map. Otherwise a 403
response is given.
(wrap-render-rum handler)
If handler returns a vector, pass it to rum.core/render-static-markup and return a 200 response.
(wrap-index-files
handler
{:keys [index-files], :or {index-files ["index.html"]}, :as opts})
If handler returns nil, try again with each index file appended to the URI in turn.
(wrap-resource
handler
{:biff.middleware/keys [root index-files],
:or {root "public", index-files ["index.html"]},
:as ctx})
(wrap-resource handler)
Serves static resources with ring.middleware.resource/wrap-resource-request.
root: The resource root from which static files should be served.
index-files: See wrap-index-files.
Checks for a static resource first. If none is found, passes the request to
handler.
The single-arity version is preferred. In that case, options can be set on
the incoming Ring request.
(wrap-internal-error
handler
{:biff.middleware/keys [on-error], :as ctx})
(wrap-internal-error handler)
Catches exceptions from handler, prints a stack trace, and returns a 500 response.
You may optionally provide on-error, a single-argument function that receives
the request map with the :status key set to 500. The default implementation
returns a plain Internal Server Error message.
The single-arity version is preferred. In that case, options can be set on
the incoming Ring request.
(wrap-log-requests handler)
Prints execution time, status, request method, uri and query params for each request.
(wrap-https-scheme handler)
Sets the :scheme key to :https on incoming Ring requests.
This is necessary when using a reverse proxy (e.g. Nginx), otherwise
wrap-absolute-redirects will set the redirect scheme to http.
The following options can be set on incoming Ring requests:
- :biff.middleware/secure (default: true)
If false, this middleware will be disabled.
(wrap-session handler)
A wrapper for ring.middleware.session/wrap-session.
The following options can be set on incoming Ring requests:
- :biff.middleware/cookie-secret
A 16-bit base64-encoded secret. If set, sessions will be backed by
encrypted cookies. Takes precedence over session-store.
- :biff.middleware/session-store
A session store for use with ring.middleware.session/wrap-session.
Required if cookie-secret isn't set.
- :biff.middleware/secure (default: true)
Sets the session cookie to https-only.
- :biff.middleware/session-max-age (default: (* 60 60 24 60))
The session cookie's max age, in seconds.
- :biff.middleware/session-same-site (default: :lax)
The value of the Same-Site header for the session cookie.
(wrap-ssl handler)
A wrapper for ring.middleware.ssl/{wrap-hsts,wrap-ssl-redirect}.
The following options can be set on incoming Ring requests:
- :biff.middleware/secure (default: true)
If false, this middleware will be disabled.
- :biff.middleware/hsts (default: true)
If true, include wrap-hsts.
- :biff.middleware/ssl-redirect (default: false)
If true, include wrap-ssl-redirect. Don't enable this if you're using a
reverse proxy (like Nginx).
(wrap-site-defaults handler)
A collection of middleware for website routes.
(wrap-api-defaults handler)
A collection of middleware for API routes.
(wrap-base-defaults handler)
A collection of middleware for website and API routes.
(use-wrap-ctx {:keys [biff/handler], :as ctx})
Deprecated. biff/use-jetty does this now.
A Biff component that merges the context map into incoming Ring requests.
(wrap-ring-defaults
handler
{:keys [biff/secret],
:biff.middleware/keys [session-store secure session-max-age],
:or {session-max-age (* 60 60 24 60), secure true},
:as ctx})
Deprecated. Use wrap-base-defaults, wrap-site-defaults, and wrap-api-defaults instead.
Wraps handler with ring.middleware.defaults/wrap-defaults.
secure: if true, uses ring.middleware.defaults/secure-site-defaults,
else uses site-defaults.
session-store: passed to wrap-defaults under the [:session :store] path.
sesion-max-age: the number of seconds after which a session should expire.
If secret is set and (secret :biff.middleware/cookie-secret) returns non-nil,
session-store is set with ring.middleware.session.cookie/cookie-store.
Disables CSRF checks. You must wrap non-API routes with
ring.middleware.anti-forgery. The Biff starter project does this by default.
Disables SSL redirects under the assumption that this is handled by e.g.
NGINX. Also sets SameSite=Lax explicitly on the session cookie.
(wrap-env handler system)
Deprecated. use-jetty handles this now.
Merges (merge-context system) with incoming requests.
(wrap-inner-defaults handler opts)
Deprecated. Use wrap-base-defaults, wrap-site-defaults, and wrap-api-defaults instead.
Wraps handler with various middleware which don't depend on the system map.
Includes wrap-log-requests, wrap-internal-error, wrap-resource, and
Muuntaja's wrap-params and wrap-format (see https://github.com/metosin/muuntaja).
opts is passed to wrap-resource and wrap-internal-error.
This function can wrap a Ring handler outside of a call to biff/start-system,
For example:
(def handler (wrap-inner-defaults ... {}))
(defn start []
(biff/start-system
{:biff/handler #'handler
...}))
This way, handler and its middleware can be redefined from the repl without
needing to restart the system.
(use-outer-default-middleware ctx)
Deprecated. Use wrap-base-defaults, wrap-site-defaults, and wrap-api-defaults instead.
A Biff component that wraps :biff/handler with middleware that depends on the system map.
Includes wrap-ring-defaults and wrap-env.