floscr/atomsync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: remove auth system

Browse Source 
Remove Bearer token auth, per-user group ACLs, and auth_test.clj.
The server now accepts all requests without authentication.
This commit is contained in:
Florian Schroedl
2026-04-16 19:17:46 +02:00
parent 06d0fa5e05
commit 5ab102b550
5 changed files with 33 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/pocketbook/core.cljs
View File

@@ -47,7 +47,7 @@
cache ;; atom containing {id -> value}
versions ;; atom containing {id -> version}
pending ;; atom containing #{id} — unsynced ids
server-opts ;; {:server url :token str} or nil
server-opts ;; {:server url} or nil
last-sync ;; atom containing epoch ms
ready-ch ;; channel, closed when initial load complete
stop-ch ;; channel to signal stop
@@ -319,15 +319,14 @@
Options:
:server — server URL (e.g. \"http://localhost:8090/sync\")
:token — auth token
:cache — custom atom to use (e.g. reagent/atom). Default: cljs.core/atom
:interval — sync interval in ms (default 30000)"
[conn group & [{:keys [server token cache interval]
[conn group & [{:keys [server cache interval]
:or {interval 30000}}]]
(let [cache-atom (or cache (atom {}))
versions (atom {})
pending (atom #{})
server-opts (when server {:server server :token token})
server-opts (when server {:server server})
last-sync (atom 0)
ready-ch (chan 1)
stop-ch (chan 1)

92
src/pocketbook/server.clj
View File

@@ -23,32 +23,8 @@
{:port 8090
:db-path "pocketbook.db"
:static-dir nil ;; nil = no static serving, or path like "example/todomvc"
:users nil ;; nil = no auth, or {"alice" {:token "abc" :groups #{"todo"}}}
:cors true})
;; ---------------------------------------------------------------------------
;; Auth
;; ---------------------------------------------------------------------------
(defn- authenticate
"Check Authorization header against config. Returns user map or nil."
[config req]
(if-let [users (:users config)]
(let [header (get-in req [:headers "authorization"] "")
token (str/replace header #"^Bearer\s+" "")]
(some (fn [[username user]]
(when (= token (:token user))
(assoc user :username username)))
users))
;; No auth configured — allow all
{:username "anonymous" :groups nil}))
(defn- authorized-group?
"Check if user has access to a specific group."
[user group]
(or (nil? (:groups user)) ;; nil = access to all groups
(contains? (:groups user) group)))
;; ---------------------------------------------------------------------------
;; SSE — live change notifications
;; ---------------------------------------------------------------------------
@@ -87,64 +63,48 @@
(update resp :headers merge
{"Access-Control-Allow-Origin" "*"
"Access-Control-Allow-Methods" "GET, POST, OPTIONS"
"Access-Control-Allow-Headers" "Content-Type, Authorization"
"Access-Control-Allow-Headers" "Content-Type"
"Access-Control-Max-Age" "86400"}))
(defn- handle-pull
"GET /sync?since=T&group=G — return all docs updated since T in group G."
[ds user req]
[ds req]
(let [params (or (:query-params req) (:params req) {})
group (get params "group" (get params :group))
since (parse-long (or (get params "since" (get params :since)) "0"))]
(if-not group
(transit-response 400 {:error "Missing 'group' parameter"})
(if-not (authorized-group? user group)
(transit-response 403 {:error "Access denied to group"})
(let [docs (db/docs-since ds group since)]
(transit-response 200 docs))))))
(let [docs (db/docs-since ds group since)]
(transit-response 200 docs)))))
(defn- handle-push
"POST /sync — accept a batch of document writes.
Body: [{:id ... :value ... :base-version N} ...]
Entries with :deleted true are treated as deletes."
[ds user req]
[ds req]
(let [body (t/decode (:body req))
docs (if (map? body) [body] body)
;; Check all docs belong to authorized groups
groups (into #{} (map #(first (str/split (:id %) #":" 2))) docs)
denied (remove #(authorized-group? user %) groups)]
(if (seq denied)
(transit-response 403 {:error (str "Access denied to groups: " (str/join ", " denied))})
(let [results (mapv (fn [doc]
(if (:deleted doc)
(db/delete! ds {:id (:id doc)
:base-version (:base-version doc 0)})
(db/upsert! ds {:id (:id doc)
:value (:value doc)
:base-version (:base-version doc 0)})))
docs)]
;; Notify SSE listeners for affected groups
(when (some #(= :ok (:status %)) results)
(sse-notify! groups))
(transit-response 200 results)))))
results (mapv (fn [doc]
(if (:deleted doc)
(db/delete! ds {:id (:id doc)
:base-version (:base-version doc 0)})
(db/upsert! ds {:id (:id doc)
:value (:value doc)
:base-version (:base-version doc 0)})))
docs)]
;; Notify SSE listeners for affected groups
(when (some #(= :ok (:status %)) results)
(sse-notify! groups))
(transit-response 200 results)))
(defn- handle-events
"GET /events?group=G — SSE endpoint. Holds connection open."
[config req]
[_config req]
(let [params (or (:query-params req) {})
group (get params "group")
user (authenticate config req)]
(cond
(not user)
(transit-response 401 {:error "Unauthorized"})
(not group)
group (get params "group")]
(if-not group
(transit-response 400 {:error "Missing 'group' parameter"})
(not (authorized-group? user group))
(transit-response 403 {:error "Access denied to group"})
:else
(http/with-channel req ch
(http/send! ch {:status 200
:headers {"Content-Type" "text/event-stream"
@@ -225,13 +185,10 @@
;; Sync endpoints
(= "/sync" (:uri req))
(let [user (authenticate config req)]
(if-not user
(transit-response 401 {:error "Unauthorized"})
(case (:request-method req)
:get (handle-pull ds user req)
:post (handle-push ds user req)
(transit-response 405 {:error "Method not allowed"}))))
(case (:request-method req)
:get (handle-pull ds req)
:post (handle-push ds req)
(transit-response 405 {:error "Method not allowed"}))
;; Static files (including / → todomvc.html)
:else
@@ -258,7 +215,6 @@
server (http/run-server handler {:port (:port config)})]
(println (str "🔶 Pocketbook server running on http://localhost:" (:port config)))
(println (str " Database: " (:db-path config)))
(println (str " Auth: " (if (:users config) "enabled" "disabled")))
(when (:static-dir config)
(println (str " Static: " (:static-dir config)))
(println (str " App: http://localhost:" (:port config) "/")))

12
src/pocketbook/sync.cljs
View File

@@ -55,15 +55,14 @@
(defn pull!
"Pull documents from server updated since `since` for `group`.
Returns a channel yielding {:ok true :docs [...]} or {:ok false :error str}."
[{:keys [server token]} group since]
[{:keys [server]} group since]
(let [ch (chan 1)
url (str server "?group=" (js/encodeURIComponent group)
"&since=" since)]
(async/go
(let [result (async/<! (fetch-transit
{:url url
:method "GET"
:headers (when token {"Authorization" (str "Bearer " token)})}))]
:method "GET"}))]
(if (:ok result)
(put! ch {:ok true :docs (:body result)})
(put! ch result))
@@ -78,14 +77,13 @@
"Push a batch of documents to the server.
Each doc: {:id str :value any :base-version int} or {:id str :deleted true :base-version int}.
Returns a channel yielding {:ok true :results [...]} or {:ok false :error str}."
[{:keys [server token]} docs]
[{:keys [server]} docs]
(let [ch (chan 1)]
(async/go
(let [result (async/<! (fetch-transit
{:url server
:method "POST"
:body docs
:headers (when token {"Authorization" (str "Bearer " token)})}))]
:body docs}))]
(if (:ok result)
(put! ch {:ok true :results (:body result)})
(put! ch result))
@@ -99,7 +97,7 @@
(defn listen-events
"Open an SSE connection to /events?group=G. Calls `on-change` when the
server signals new data. Returns a cleanup function."
[{:keys [server token]} group on-change]
[{:keys [server]} group on-change]
(let [base-url (-> server
(str/replace #"/sync$" "")
(str/replace #"/$" ""))