#web #middleware #authentication #utility #actix-web

actix-jwt-auth-middleware

This crate implements a JSON Webtoken (JWT) middleware for the actix-web framework

5 unstable releases

0.3.0 Mar 14, 2023
0.2.0 Dec 11, 2022
0.1.2 Jul 16, 2022
0.1.1 Jun 1, 2022
0.1.0 Jun 1, 2022

#657 in HTTP server

Download history 131/week @ 2023-11-03 121/week @ 2023-11-10 151/week @ 2023-11-17 179/week @ 2023-11-24 122/week @ 2023-12-01 102/week @ 2023-12-08 67/week @ 2023-12-15 73/week @ 2023-12-22 103/week @ 2023-12-29 121/week @ 2024-01-05 71/week @ 2024-01-12 58/week @ 2024-01-19 75/week @ 2024-01-26 50/week @ 2024-02-02 146/week @ 2024-02-09 256/week @ 2024-02-16

531 downloads per month
Used in actix-error-mapper-middle…

MIT license

53KB
824 lines

actix-jwt-auth-middleware

This crate builds upon the jwt-compact crate to provide a jwt authentication middleware for the actix-web framework.

The jwt implementation supports the revocation for tokens via access and refresh tokens.

It provides multiple cryptographic signing and verifying algorithms such as HS256, HS384, HS512, EdDSA and ES256. For more infos on that mater please refer to the Supported algorithms section of the jwt-compact crate.

Features

  • easy use of custom jwt claims
  • automatic extraction of the custom claims
  • extraction of tokens from query parameters, http headers and cookies
  • verify only mode (only public key required)
  • automatic renewal of access token (customizable)
  • easy way to set expiration time of access and refresh tokens
  • simple UseJWT trait for protecting a App or Scope (Resource is currently experimental #91611)
  • refresh authorizer function that has access to application state

Automatic Extraction of Claims

This crate tightly integrates into the actix-web ecosystem, this makes it easy to Automatic extract the jwt claims from a valid token.

#[derive(Serialize, Deserialize, Clone, FromRequest)]
struct UserClaims {
    id: u32,
    role: Role,
}
#[derive(Serialize, Deserialize, Clone, Debug)]
enum Role {
    Admin,
    RegularUser,
}
#[get("/hello")]
async fn hello(user_claims: UserClaims) -> impl Responder {
    format!(
        "Hello user with id: {}, i see you are a {:?}!",
            user_claims.id, user_claims.role
    )
}

For this your custom claim type has to implement the FromRequest trait or it has to be annotated with the #[derive(actix-jwt-auth-middleware::FromRequest)] macro which implements this trait for your type.

Simple Example

#[derive(Serialize, Deserialize, Clone, Debug, FromRequest)]
struct User {
    id: u32,
}

#[actix_web::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key_pair = KeyPair::random();

    HttpServer::new(move || {
        let authority = Authority::<User, Ed25519, _, _>::new()
            .refresh_authorizer(|| async move { Ok(()) })
            .token_signer(Some(
                TokenSigner::new()
                    .signing_key(key_pair.secret_key().clone())
                    .algorithm(Ed25519)
                    .build()
                    .expect(""),
            ))
            .verifying_key(key_pair.public_key())
            .build()
            .expect("");

        App::new()
            .service(login)
            .use_jwt(authority, web::scope("").service(hello))
    })
    .bind(("127.0.0.1", 8080))?
    .run()
    .await?;

    Ok(())
}

#[get("/login")]
async fn login(token_signer: web::Data<TokenSigner<User, Ed25519>>) -> AuthResult<HttpResponse> {
    let user = User { id: 1 };
    Ok(HttpResponse::Ok()
        .cookie(token_signer.create_access_cookie(&user)?)
        .cookie(token_signer.create_refresh_cookie(&user)?)
        .body("You are now logged in"))
}

#[get("/hello")]
async fn hello(user: User) -> impl Responder {
    format!("Hello there, i see your user id is {}.", user.id)
}

For more examples please referee to the examples directory.

License: MIT

Dependencies

~20–33MB
~582K SLoC