Middleware

All functions are located in the com.biffweb namespace.

(wrap-anti-forgery-websockets handler)

Ensure that websocket upgrade requests pass a CSRF check.

If the client requests a websocket upgrade, the Origin header must be the
same as the :biff/base-url key in the request map. Otherwise a 403
response is given.

(wrap-render-rum handler)

If handler returns a vector, pass it to rum.core/render-static-markup and return a 200 response.

(wrap-index-files
 handler
 {:keys [index-files], :or {index-files ["index.html"]}, :as opts})

If handler returns nil, try again with each index file appended to the URI in turn.

(wrap-resource
 handler
 {:biff.middleware/keys [root index-files],
  :or {root "public", index-files ["index.html"]},
  :as ctx})
(wrap-resource handler)

Serves static resources with ring.middleware.resource/wrap-resource-request.

root:         The resource root from which static files should be served.
index-files:  See wrap-index-files.

Checks for a static resource first. If none is found, passes the request to
handler.

The single-arity version is preferred. In that case, options can be set on
the incoming Ring request.

(wrap-internal-error
 handler
 {:biff.middleware/keys [on-error], :as ctx})
(wrap-internal-error handler)

Catches exceptions from handler, prints a stack trace, and returns a 500 response.

You may optionally provide on-error, a single-argument function that receives
the request map with the :status key set to 500. The default implementation
returns a plain Internal Server Error message.

The single-arity version is preferred. In that case, options can be set on
the incoming Ring request.

(wrap-log-requests handler)

Prints execution time, status, request method, uri and query params for each request.

(wrap-https-scheme handler)

Sets the :scheme key to :https on incoming Ring requests.

This is necessary when using a reverse proxy (e.g. Nginx), otherwise
wrap-absolute-redirects will set the redirect scheme to http.

The following options can be set on incoming Ring requests:

 - :biff.middleware/secure (default: true)
   If false, this middleware will be disabled.

(wrap-session handler)

A wrapper for ring.middleware.session/wrap-session.

The following options can be set on incoming Ring requests:

 - :biff.middleware/cookie-secret
   A 16-bit base64-encoded secret. If set, sessions will be backed by
   encrypted cookies. Takes precedence over session-store.

 - :biff.middleware/session-store
   A session store for use with ring.middleware.session/wrap-session.
   Required if cookie-secret isn't set.

 - :biff.middleware/secure (default: true)
   Sets the session cookie to https-only.

 - :biff.middleware/session-max-age (default: (* 60 60 24 60))
   The session cookie's max age, in seconds.

 - :biff.middleware/session-same-site (default: :lax)
   The value of the Same-Site header for the session cookie.

(wrap-ssl handler)

A wrapper for ring.middleware.ssl/{wrap-hsts,wrap-ssl-redirect}.

The following options can be set on incoming Ring requests:

 - :biff.middleware/secure (default: true)
   If false, this middleware will be disabled.

 - :biff.middleware/hsts (default: true)
   If true, include wrap-hsts.

 - :biff.middleware/ssl-redirect (default: false)
   If true, include wrap-ssl-redirect. Don't enable this if you're using a
   reverse proxy (like Nginx).

(wrap-site-defaults handler)

A collection of middleware for website routes.

(wrap-api-defaults handler)

A collection of middleware for API routes.

(wrap-base-defaults handler)

A collection of middleware for website and API routes.

(use-wrap-ctx {:keys [biff/handler], :as ctx})

Deprecated. biff/use-jetty does this now.

A Biff component that merges the context map into incoming Ring requests.

(wrap-ring-defaults
 handler
 {:keys [biff/secret],
  :biff.middleware/keys [session-store secure session-max-age],
  :or {session-max-age (* 60 60 24 60), secure true},
  :as ctx})

Deprecated. Use wrap-base-defaults, wrap-site-defaults, and wrap-api-defaults instead.

Wraps handler with ring.middleware.defaults/wrap-defaults.

secure:          if true, uses ring.middleware.defaults/secure-site-defaults,
                 else uses site-defaults.
session-store:   passed to wrap-defaults under the [:session :store] path.
sesion-max-age:  the number of seconds after which a session should expire.

If secret is set and (secret :biff.middleware/cookie-secret) returns non-nil,
session-store is set with ring.middleware.session.cookie/cookie-store.

Disables CSRF checks. You must wrap non-API routes with
ring.middleware.anti-forgery. The Biff starter project does this by default.
Disables SSL redirects under the assumption that this is handled by e.g.
NGINX. Also sets SameSite=Lax explicitly on the session cookie.

(wrap-env handler system)

Deprecated. use-jetty handles this now.

Merges (merge-context system) with incoming requests.

(wrap-inner-defaults handler opts)

Deprecated. Use wrap-base-defaults, wrap-site-defaults, and wrap-api-defaults instead.

Wraps handler with various middleware which don't depend on the system map.

Includes wrap-log-requests, wrap-internal-error, wrap-resource, and
Muuntaja's wrap-params and wrap-format (see https://github.com/metosin/muuntaja).
opts is passed to wrap-resource and wrap-internal-error.

This function can wrap a Ring handler outside of a call to biff/start-system,
For example:

(def handler (wrap-inner-defaults ... {}))

(defn start []
  (biff/start-system
    {:biff/handler #'handler
     ...}))

This way, handler and its middleware can be redefined from the repl without
needing to restart the system.

(use-outer-default-middleware ctx)

Deprecated. Use wrap-base-defaults, wrap-site-defaults, and wrap-api-defaults instead.

A Biff component that wraps :biff/handler with middleware that depends on the system map.

Includes wrap-ring-defaults and wrap-env.