Lib.rs

Web programmingHTTP serverActix
#actix-web #identity-management #session-management #security #user-identity #web-framework #user-management

actix-identity

Identity management for Actix Web

by Nikolay Kim, Rob Ede, actix

24 releases

0.8.0 Sep 13, 2024
0.7.1 Mar 2, 2024
0.7.0 Jan 11, 2024
0.6.0 Sep 16, 2023
0.1.0 Jun 12, 2019

#635 in HTTP server

Download history 3753/week @ 2024-08-01 4388/week @ 2024-08-08 4367/week @ 2024-08-15 4397/week @ 2024-08-22 4263/week @ 2024-08-29 4407/week @ 2024-09-05 6415/week @ 2024-09-12 5145/week @ 2024-09-19 5767/week @ 2024-09-26 5117/week @ 2024-10-03 4409/week @ 2024-10-10 4811/week @ 2024-10-17 5517/week @ 2024-10-24 4508/week @ 2024-10-31 3507/week @ 2024-11-07 3363/week @ 2024-11-14

17,626 downloads per month
Used in 12 crates (11 directly)

MIT/Apache

160KB
2.5K SLoC

actix-identity

Identity management for Actix Web.

crates.io Documentation Apache 2.0 or MIT licensed Dependency Status

Identity management for Actix Web.

actix-identity can be used to track identity of a user across multiple requests. It is built on top of HTTP sessions, via actix-session.

Getting started

To start using identity management in your Actix Web application you must register IdentityMiddleware and SessionMiddleware as middleware on your App:

use actix_web::{cookie::Key, App, HttpServer, HttpResponse};
use actix_identity::IdentityMiddleware;
use actix_session::{storage::RedisSessionStore, SessionMiddleware};

#[actix_web::main]
async fn main() {
    // When using `Key::generate()` it is important to initialize outside of the
    // `HttpServer::new` closure. When deployed the secret key should be read from a
    // configuration file or environment variables.
    let secret_key = Key::generate();

    let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
        .await
        .unwrap();

    HttpServer::new(move || {
        App::new()
            // Install the identity framework first.
            .wrap(IdentityMiddleware::default())
            // The identity system is built on top of sessions. You must install the session
            // middleware to leverage `actix-identity`. The session middleware must be mounted
            // AFTER the identity middleware: `actix-web` invokes middleware in the OPPOSITE
            // order of registration when it receives an incoming request.
            .wrap(SessionMiddleware::new(
                 redis_store.clone(),
                 secret_key.clone(),
            ))
            // Your request handlers [...]
    })
}

User identities can be created, accessed and destroyed using the Identity extractor in your request handlers:

use actix_web::{get, post, HttpResponse, Responder, HttpRequest, HttpMessage};
use actix_identity::Identity;
use actix_session::storage::RedisSessionStore;

#[get("/")]
async fn index(user: Option<Identity>) -> impl Responder {
    if let Some(user) = user {
        format!("Welcome! {}", user.id().unwrap())
    } else {
        "Welcome Anonymous!".to_owned()
    }
}

#[post("/login")]
async fn login(request: HttpRequest) -> impl Responder {
    // Some kind of authentication should happen here
    // e.g. password-based, biometric, etc.
    // [...]

    // attach a verified user identity to the active session
    Identity::login(&request.extensions(), "User1".into()).unwrap();

    HttpResponse::Ok()
}

#[post("/logout")]
async fn logout(user: Identity) -> impl Responder {
    user.logout();
    HttpResponse::Ok()
}

Advanced configuration

By default, actix-identity does not automatically log out users. You can change this behaviour by customising the configuration for IdentityMiddleware via IdentityMiddleware::builder.

In particular, you can automatically log out users who:

Dependencies

~15–26MB
~440K SLoC