This is the hermetic Reference Manual, version 0.1, generated automatically by Declt version 4.0 beta 2 "William Riker" on Tue Jul 15 05:16:59 2025 GMT+0.
The main system appears first, followed by any subsystem dependency.
hermeticFernando Borretti
MIT
# Hermetic
Simple authentication for [Clack](http://clacklisp.org/)-based Common Lisp web
applications.
# Usage
See the demo app for a complete example.
## Available Password-Hashing Functions
To mitigate the risks of the NSA convincing people to hash passwords with things
like SHA-256, only PBKDF2 (And eventually scrypt) is supported
* ‘:pbkdf2-sha1‘
* ‘:pbkdf2-sha256‘
* ‘:pbkdf2-sha512‘
## ‘setup‘
Hermetic is not opinionated, doesn’t integrate into an existing database or
create any models. As such, it needs to be told how to find a user’s
information to provide authentication. This is what ‘setup‘ is for:
“‘lisp
(setup
:user-p ;; str->bool, t if a username exists, nil otherwise
:user-pass ;; str->str, maps a username to a password (hash, hopefully)
:user-roles ;; str->(list sym), maps a username to a list of roles,
;; for example: (:user) (:user :tester :staff) (:user :admin)
:session ;; the /expression/ for the session object. ningle:*session* on
;; Ningle <https://github.com/fukamachi/ningle>.
:denied ;; A function that displays an "access denied" message
)
“‘
For example, if your users are stored in a simple in-memory hash-table as in the
demo app:
“‘lisp
(defmacro get-user (username)
‘(gethash ,username *users*))
(setup
:user-p #’(lambda (user) (get-user user))
:user-pass #’(lambda (user) (getf (get-user user) :pass))
:user-roles #’(lambda (user) (getf (get-user user) :roles))
:session *session*)
“‘
## ‘login‘
When creating your login view, the ‘login‘ macro handles most of the work for
you.
## ‘auth‘
Grants access to a site only to users whose roles intersect with the roles in
the first argument.
If an access denied page is not provided, the global one is used instead.
Example:
“‘lisp
(setf (route *app* "/user/profile/:userid" :method :GET)
(lambda (params
(auth (:user)
(render-template "templates/profile.html")
(render-error "You have to log in to view user profiles.")))))
“‘
## Misc.
When ‘auth‘ isn’t enough to determine who gets to use what, Hermetic provides a
few functions for accessing user data from inside a view.
* ‘logged-in-p‘: Exactly what it says on the tin.
* ‘user-name‘: Returns the username of the current user.
* ‘roles‘: Returns the list of roles of the current user.
* ‘role-p‘: Checks if a user has a role.
## ‘logout‘
Logs the user out. Takes two expressions, ‘on-success‘ and ‘on-failure‘.
# License
Copyright (c) 2013 Fernando Borretti (eudoxiahp@gmail.com).
Licensed under the MIT License.
0.1
clack (system).
cl-pass (system).
src (module).
Modules are listed depth-first from the system components tree.
Files are sorted by type and then listed depth-first from the systems components trees.
hermetic/src/hermetic.lispsrc (module).
*denied-page* (special variable).
*session* (special variable).
*user-p* (special variable).
*user-pass* (special variable).
*user-roles* (special variable).
authorize (function).
Packages are listed by definition order.
hermeticcl-pass.
common-lisp.
*denied-page* (special variable).
*session* (special variable).
*user-p* (special variable).
*user-pass* (special variable).
*user-roles* (special variable).
authorize (function).
Definitions are sorted by export status, category, package, and then by lexicographic order.
Provide functions for *user-p* and *user-pass*
A function that gets called when a user tries to access a page without sufficient privileges
The expression for accessing the session object.
A function that takes a username string, and returns t
if a user by that name exists in the database, otherwise nil.
A function to retrieve the hash of a user’s password from its username
A function that maps a username to a list of roles.
| Jump to: | A F L M R S U |
|---|
| Jump to: | A F L M R S U |
|---|
| Jump to: | *
S |
|---|
| Jump to: | *
S |
|---|
| Jump to: | F H M P S |
|---|
| Jump to: | F H M P S |
|---|