Wrapping resource handlers with bidi

How can I use friend and bidi to wrap resource handlers?

I've succeeded in getting oAuth to authenticate a route:

(defn auth-handler [request] (friend/authorize #{::user}
                                               {:status 200
                                                :body   "a secret"}))

(def routes ["/" {true auth-handler}])

(def app (make-handler routes))

(web/run-dmc (-> app
                   var
                   (friend/authenticate
                     {:allow-anon? true
                      :workflows   [(oauth/workflow
                                      {:client-config client-config
                                       :uri-config    uri-config
                                       :credential-fn credential-fn})]})
                   (wrap-resource "public")
                   (wrap-defaults site-defaults)
                   ))

This works on the '/' route, but I would like to make sure some resources can not be reached without authing first.

That seems to be possible with the friend/wrap-authorize function:

My closest attempt works on the auth wrapped routes, but does not match on the non /dev/ routes:

(def routes ["/" [["dev/" [[true (friend/wrap-authorize (resources {:prefix "dev/"}) #{::user})]]]
                  [true (resources {:prefix "public/"})]]])


(match-route routes "/dev/index.html")
=>
{:handler #object[cemerick.friend$wrap_authorize$fn__24411
              0x2400d0be
              "cemerick.friend$wrap_authorize$fn__24411@2400d0be"]}
;correct

(match-route routes "/index.html")
=>
nil
;not correct

I think I the Matched part for the Route Pattern [true (resources {:prefix "public/"})] is wrong because when I change it to a :key the `index.html' does match.

How can I match non /dev/* routes to the public resources?

The main problem here is that the resource route should be

["" (resources {:prefix "public/"})]

Empty string instead of true.

The documentation does state: After the pattern is matched, the remaining part of the path is added to the given prefix.

But frankly I consider this to be pretty surprising behavior.

I made a minimal example project here that successfully routes /index.html https://github.com/timothypratley/bidi-resources

Notably, requesting /index.html2 results in an exception, which is again not what I expected at all. I was expecting a 404. o_O

I really like bidi in ClojureScript, but so far am finding it a tough slog on the server side... The way I got a clue into why true doesn't work is by overwriting the Resources definition with my own version that printed out the inputs, and saw that :remainder was empty.