-
Notifications
You must be signed in to change notification settings - Fork 1
/
pedestal.clj
79 lines (70 loc) · 3.29 KB
/
pedestal.clj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
(ns duct.module.pedestal
(:require [duct.core :as duct]
[duct.core.merge :as merge]
[integrant.core :as ig]
[io.pedestal.http :as http]))
(defn- get-environment [config options]
(get options :environment (:duct.core/environment config :production)))
(def prod-service
{:env :prod
;; You can bring your own non-default interceptors. Make
;; sure you include routing and set it up right for
;; dev-mode. If you do, many other keys for configuring
;; default interceptors will be ignored.
;; ::http/interceptors []
;; ::http/routes routes
;; Uncomment next line to enable CORS support, add
;; string(s) specifying scheme, host and port for
;; allowed source(s):
;;
;; "http://localhost:8080"
;;
;;::http/allowed-origins ["scheme://host:port"]
;; Tune the Secure Headers
;; and specifically the Content Security Policy appropriate to your service/application
;; For more information, see: https://content-security-policy.com/
;; See also: https://github.com/pedestal/pedestal/issues/499
;;::http/secure-headers {:content-security-policy-settings {:object-src "'none'"
;; :script-src "'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:"
;; :frame-ancestors "'none'"}}
;; Root for resource interceptor that is available by default.
::http/resource-path "/public"
;; Either :jetty, :immutant or :tomcat (see comments in project.clj)
;; This can also be your own chain provider/server-fn -- http://pedestal.io/reference/architecture-overview#_chain_provider
::http/type :jetty
;;::http/host "localhost"
::http/port 8080
;; Options to pass to the container (Jetty)
::http/container-options {:h2c? true
:h2? false
;:keystore "test/hp/keystore.jks"
;:key-password "password"
;:ssl-port 8443
:ssl? false}})
(def dev-service
(merge prod-service
{:env :dev
;; do not block thread that starts web server
::http/join? false
;; Routes can be a function that resolve routes,
;; we can use this to set the routes to be reloadable
;; ::http/routes #(route/expand-routes (deref #'service/routes))
;; all origins are allowed in dev mode
::http/allowed-origins {:creds true :allowed-origins (constantly true)}
;; Content Security Policy (CSP) is mostly turned off in dev mode
::http/secure-headers {:content-security-policy-settings {:object-src "'none'"}}}))
(def base-service
{:production prod-service
:development dev-service})
(defmethod ig/init-key :duct.module/pedestal
[_ {:keys [default? dev?]
:or {default? true}
:as options}]
{:req #{}
:fn (fn [config]
(let [environment (get-environment config options)]
(duct/merge-configs
config
{:duct.server/pedestal {:base-service (merge/displace (get base-service environment))
:default? default?
:dev? (if (some? dev?) dev? (= environment :development))}})))})