#actix-web-middleware #actix-middleware #ed25519 #authentication


A middleware designed to reject incoming requests that do not have a valid ed25519 signature

7 releases

0.3.0 Sep 28, 2022
0.2.2 Sep 10, 2022
0.1.2 Sep 5, 2022

#689 in Cryptography

50 downloads per month


211 lines

Ed25519 Authentication Middleware

A plug-and-play middleware to allow for automatic Ed25519 Authentication for incoming requests on your actix-web server. Simply provide the public key to authenticate the signatures against during registration of the middleware, optionally specify custom header names for the signature and timestamp headers, should they differ from X-Signature-Ed25519 or X-Signature-Timestamp respectively.

If specified, the middleware will reject any incoming requests that do not validate against the provided public key, or that do not have a valid headers. Otherwise authentication information will be made available as a AuthenticationInfo struct in the request extensions.


You can use the Ed25519 Authentication Middleware by wrapping them around your app like this:


With a provided Ed25519 &public_key of &str, you can initalize the middleware thusly:

use actix_middleware_ed25519_authentication::AuthenticatorBuilder;
use actix_web::{web, App, HttpResponse, HttpServer};

HttpServer::new(move || {
                .public_key(&public_key) // Required
                .signature_header("X-Signature-Ed25519") // Optional
                .timestamp_header("X-Signature-Timestamp") // Optional
                .reject() // Optional
                .build() // Required
            .route("/", web::post().to(HttpResponse::Ok))
    .bind(("", 3000))?


This crate is passively maintained, should you run into any edge-cases or issues while using this crate, or develop any ideas for useful extension, feel free to start discussions, open issues or open PRs!


The work on this crate would've been impossible without these useful write-ups:


~545K SLoC