2022-08-28 19:33:30 +00:00
<!DOCTYPE html> < html lang = "en" > < head > < meta charset = "utf-8" > < meta name = "viewport" content = "width=device-width, initial-scale=1.0" > < meta name = "generator" content = "rustdoc" > < meta name = "description" content = "Source of the Rust file `actix-session/src/middleware.rs`." > < meta name = "keywords" content = "rust, rustlang, rust-lang" > < title > middleware.rs - source< / title > < link rel = "preload" as = "font" type = "font/woff2" crossorigin href = "../../SourceSerif4-Regular.ttf.woff2" > < link rel = "preload" as = "font" type = "font/woff2" crossorigin href = "../../FiraSans-Regular.woff2" > < link rel = "preload" as = "font" type = "font/woff2" crossorigin href = "../../FiraSans-Medium.woff2" > < link rel = "preload" as = "font" type = "font/woff2" crossorigin href = "../../SourceCodePro-Regular.ttf.woff2" > < link rel = "preload" as = "font" type = "font/woff2" crossorigin href = "../../SourceSerif4-Bold.ttf.woff2" > < link rel = "preload" as = "font" type = "font/woff2" crossorigin href = "../../SourceCodePro-Semibold.ttf.woff2" > < link rel = "stylesheet" href = "../../normalize.css" > < link rel = "stylesheet" href = "../../rustdoc.css" id = "mainThemeStyle" > < link rel = "stylesheet" href = "../../ayu.css" disabled > < link rel = "stylesheet" href = "../../dark.css" disabled > < link rel = "stylesheet" href = "../../light.css" id = "themeStyle" > < script id = "default-settings" > < / script > < script src = "../../storage.js" > < / script > < script defer src = "../../source-script.js" > < / script > < script defer src = "../../source-files.js" > < / script > < script defer src = "../../main.js" > < / script > < noscript > < link rel = "stylesheet" href = "../../noscript.css" > < / noscript > < link rel = "icon" href = "https://actix.rs/favicon.ico" > < / head > < body class = "rustdoc source" > <!-- [if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif] --> < nav class = "mobile-topbar" > < button class = "sidebar-menu-toggle" > ☰ < / button > < a class = "sidebar-logo" href = "../../actix_session/index.html" > < div class = "logo-container" > < img src = "https://actix.rs/img/logo.png" alt = "logo" > < / div > < / a > < h2 class = "location" > < / h2 > < / nav > < nav class = "sidebar" > < a class = "sidebar-logo" href = "../../actix_session/index.html" > < div class = "logo-container" >
2022-07-31 04:17:29 +00:00
< img src = "https://actix.rs/img/logo.png" alt = "logo" > < / div > < / a > < / nav > < main > < div class = "width-limiter" > < div class = "sub-container" > < a class = "sub-logo-container" href = "../../actix_session/index.html" >
< img src = "https://actix.rs/img/logo.png" alt = "logo" > < / a > < nav class = "sub" > < form class = "search-form" > < div class = "search-container" > < span > < / span > < input class = "search-input" name = "search" autocomplete = "off" spellcheck = "false" placeholder = "Click or press ‘ ’ ‘ ’ type = "search" > < div id = "help-button" title = "help" tabindex = "-1" > < button type = "button" > ?< / button > < / div > < div id = "settings-menu" tabindex = "-1" > < a href = "../../settings.html" title = "settings" > < img width = "22" height = "22" alt = "Change settings" src = "../../wheel.svg" > < / a > < / div > < / div > < / form > < / nav > < / div > < section id = "main-content" class = "content" > < div class = "example-wrap" > < pre class = "line-numbers" > < span id = "1" > 1< / span >
2022-03-15 16:29:58 +00:00
< span id = "2" > 2< / span >
< span id = "3" > 3< / span >
< span id = "4" > 4< / span >
< span id = "5" > 5< / span >
< span id = "6" > 6< / span >
< span id = "7" > 7< / span >
< span id = "8" > 8< / span >
< span id = "9" > 9< / span >
< span id = "10" > 10< / span >
< span id = "11" > 11< / span >
< span id = "12" > 12< / span >
< span id = "13" > 13< / span >
< span id = "14" > 14< / span >
< span id = "15" > 15< / span >
< span id = "16" > 16< / span >
< span id = "17" > 17< / span >
< span id = "18" > 18< / span >
< span id = "19" > 19< / span >
< span id = "20" > 20< / span >
< span id = "21" > 21< / span >
< span id = "22" > 22< / span >
< span id = "23" > 23< / span >
< span id = "24" > 24< / span >
< span id = "25" > 25< / span >
< span id = "26" > 26< / span >
< span id = "27" > 27< / span >
< span id = "28" > 28< / span >
< span id = "29" > 29< / span >
< span id = "30" > 30< / span >
< span id = "31" > 31< / span >
< span id = "32" > 32< / span >
< span id = "33" > 33< / span >
< span id = "34" > 34< / span >
< span id = "35" > 35< / span >
< span id = "36" > 36< / span >
< span id = "37" > 37< / span >
< span id = "38" > 38< / span >
< span id = "39" > 39< / span >
< span id = "40" > 40< / span >
< span id = "41" > 41< / span >
< span id = "42" > 42< / span >
< span id = "43" > 43< / span >
< span id = "44" > 44< / span >
< span id = "45" > 45< / span >
< span id = "46" > 46< / span >
< span id = "47" > 47< / span >
< span id = "48" > 48< / span >
< span id = "49" > 49< / span >
< span id = "50" > 50< / span >
< span id = "51" > 51< / span >
< span id = "52" > 52< / span >
< span id = "53" > 53< / span >
< span id = "54" > 54< / span >
< span id = "55" > 55< / span >
< span id = "56" > 56< / span >
< span id = "57" > 57< / span >
< span id = "58" > 58< / span >
< span id = "59" > 59< / span >
< span id = "60" > 60< / span >
< span id = "61" > 61< / span >
< span id = "62" > 62< / span >
< span id = "63" > 63< / span >
< span id = "64" > 64< / span >
< span id = "65" > 65< / span >
< span id = "66" > 66< / span >
< span id = "67" > 67< / span >
< span id = "68" > 68< / span >
< span id = "69" > 69< / span >
< span id = "70" > 70< / span >
< span id = "71" > 71< / span >
< span id = "72" > 72< / span >
< span id = "73" > 73< / span >
< span id = "74" > 74< / span >
< span id = "75" > 75< / span >
< span id = "76" > 76< / span >
< span id = "77" > 77< / span >
< span id = "78" > 78< / span >
< span id = "79" > 79< / span >
< span id = "80" > 80< / span >
< span id = "81" > 81< / span >
< span id = "82" > 82< / span >
< span id = "83" > 83< / span >
< span id = "84" > 84< / span >
< span id = "85" > 85< / span >
< span id = "86" > 86< / span >
< span id = "87" > 87< / span >
< span id = "88" > 88< / span >
< span id = "89" > 89< / span >
< span id = "90" > 90< / span >
< span id = "91" > 91< / span >
< span id = "92" > 92< / span >
< span id = "93" > 93< / span >
< span id = "94" > 94< / span >
< span id = "95" > 95< / span >
< span id = "96" > 96< / span >
< span id = "97" > 97< / span >
< span id = "98" > 98< / span >
< span id = "99" > 99< / span >
2022-03-05 23:25:11 +00:00
< span id = "100" > 100< / span >
< span id = "101" > 101< / span >
< span id = "102" > 102< / span >
< span id = "103" > 103< / span >
< span id = "104" > 104< / span >
< span id = "105" > 105< / span >
< span id = "106" > 106< / span >
< span id = "107" > 107< / span >
< span id = "108" > 108< / span >
< span id = "109" > 109< / span >
< span id = "110" > 110< / span >
< span id = "111" > 111< / span >
< span id = "112" > 112< / span >
< span id = "113" > 113< / span >
< span id = "114" > 114< / span >
< span id = "115" > 115< / span >
< span id = "116" > 116< / span >
< span id = "117" > 117< / span >
< span id = "118" > 118< / span >
< span id = "119" > 119< / span >
< span id = "120" > 120< / span >
< span id = "121" > 121< / span >
< span id = "122" > 122< / span >
< span id = "123" > 123< / span >
< span id = "124" > 124< / span >
< span id = "125" > 125< / span >
< span id = "126" > 126< / span >
< span id = "127" > 127< / span >
< span id = "128" > 128< / span >
< span id = "129" > 129< / span >
< span id = "130" > 130< / span >
< span id = "131" > 131< / span >
< span id = "132" > 132< / span >
< span id = "133" > 133< / span >
< span id = "134" > 134< / span >
< span id = "135" > 135< / span >
< span id = "136" > 136< / span >
< span id = "137" > 137< / span >
< span id = "138" > 138< / span >
< span id = "139" > 139< / span >
< span id = "140" > 140< / span >
< span id = "141" > 141< / span >
< span id = "142" > 142< / span >
< span id = "143" > 143< / span >
< span id = "144" > 144< / span >
< span id = "145" > 145< / span >
< span id = "146" > 146< / span >
< span id = "147" > 147< / span >
< span id = "148" > 148< / span >
< span id = "149" > 149< / span >
< span id = "150" > 150< / span >
< span id = "151" > 151< / span >
< span id = "152" > 152< / span >
< span id = "153" > 153< / span >
< span id = "154" > 154< / span >
< span id = "155" > 155< / span >
< span id = "156" > 156< / span >
< span id = "157" > 157< / span >
< span id = "158" > 158< / span >
< span id = "159" > 159< / span >
< span id = "160" > 160< / span >
< span id = "161" > 161< / span >
< span id = "162" > 162< / span >
< span id = "163" > 163< / span >
< span id = "164" > 164< / span >
< span id = "165" > 165< / span >
< span id = "166" > 166< / span >
< span id = "167" > 167< / span >
< span id = "168" > 168< / span >
< span id = "169" > 169< / span >
< span id = "170" > 170< / span >
< span id = "171" > 171< / span >
< span id = "172" > 172< / span >
< span id = "173" > 173< / span >
< span id = "174" > 174< / span >
< span id = "175" > 175< / span >
< span id = "176" > 176< / span >
< span id = "177" > 177< / span >
< span id = "178" > 178< / span >
< span id = "179" > 179< / span >
< span id = "180" > 180< / span >
< span id = "181" > 181< / span >
< span id = "182" > 182< / span >
< span id = "183" > 183< / span >
< span id = "184" > 184< / span >
< span id = "185" > 185< / span >
< span id = "186" > 186< / span >
< span id = "187" > 187< / span >
< span id = "188" > 188< / span >
< span id = "189" > 189< / span >
< span id = "190" > 190< / span >
< span id = "191" > 191< / span >
< span id = "192" > 192< / span >
< span id = "193" > 193< / span >
< span id = "194" > 194< / span >
< span id = "195" > 195< / span >
< span id = "196" > 196< / span >
< span id = "197" > 197< / span >
< span id = "198" > 198< / span >
< span id = "199" > 199< / span >
< span id = "200" > 200< / span >
< span id = "201" > 201< / span >
< span id = "202" > 202< / span >
< span id = "203" > 203< / span >
< span id = "204" > 204< / span >
< span id = "205" > 205< / span >
< span id = "206" > 206< / span >
< span id = "207" > 207< / span >
< span id = "208" > 208< / span >
< span id = "209" > 209< / span >
< span id = "210" > 210< / span >
< span id = "211" > 211< / span >
< span id = "212" > 212< / span >
< span id = "213" > 213< / span >
< span id = "214" > 214< / span >
< span id = "215" > 215< / span >
< span id = "216" > 216< / span >
< span id = "217" > 217< / span >
< span id = "218" > 218< / span >
< span id = "219" > 219< / span >
< span id = "220" > 220< / span >
< span id = "221" > 221< / span >
< span id = "222" > 222< / span >
< span id = "223" > 223< / span >
< span id = "224" > 224< / span >
< span id = "225" > 225< / span >
< span id = "226" > 226< / span >
< span id = "227" > 227< / span >
< span id = "228" > 228< / span >
< span id = "229" > 229< / span >
< span id = "230" > 230< / span >
< span id = "231" > 231< / span >
< span id = "232" > 232< / span >
< span id = "233" > 233< / span >
< span id = "234" > 234< / span >
< span id = "235" > 235< / span >
< span id = "236" > 236< / span >
< span id = "237" > 237< / span >
< span id = "238" > 238< / span >
< span id = "239" > 239< / span >
< span id = "240" > 240< / span >
< span id = "241" > 241< / span >
< span id = "242" > 242< / span >
< span id = "243" > 243< / span >
< span id = "244" > 244< / span >
< span id = "245" > 245< / span >
< span id = "246" > 246< / span >
< span id = "247" > 247< / span >
< span id = "248" > 248< / span >
< span id = "249" > 249< / span >
< span id = "250" > 250< / span >
< span id = "251" > 251< / span >
< span id = "252" > 252< / span >
< span id = "253" > 253< / span >
< span id = "254" > 254< / span >
< span id = "255" > 255< / span >
< span id = "256" > 256< / span >
< span id = "257" > 257< / span >
< span id = "258" > 258< / span >
< span id = "259" > 259< / span >
< span id = "260" > 260< / span >
< span id = "261" > 261< / span >
< span id = "262" > 262< / span >
< span id = "263" > 263< / span >
< span id = "264" > 264< / span >
< span id = "265" > 265< / span >
< span id = "266" > 266< / span >
< span id = "267" > 267< / span >
< span id = "268" > 268< / span >
< span id = "269" > 269< / span >
< span id = "270" > 270< / span >
< span id = "271" > 271< / span >
< span id = "272" > 272< / span >
< span id = "273" > 273< / span >
< span id = "274" > 274< / span >
< span id = "275" > 275< / span >
< span id = "276" > 276< / span >
< span id = "277" > 277< / span >
< span id = "278" > 278< / span >
< span id = "279" > 279< / span >
< span id = "280" > 280< / span >
< span id = "281" > 281< / span >
< span id = "282" > 282< / span >
< span id = "283" > 283< / span >
< span id = "284" > 284< / span >
< span id = "285" > 285< / span >
< span id = "286" > 286< / span >
< span id = "287" > 287< / span >
< span id = "288" > 288< / span >
< span id = "289" > 289< / span >
< span id = "290" > 290< / span >
< span id = "291" > 291< / span >
< span id = "292" > 292< / span >
< span id = "293" > 293< / span >
< span id = "294" > 294< / span >
< span id = "295" > 295< / span >
< span id = "296" > 296< / span >
< span id = "297" > 297< / span >
< span id = "298" > 298< / span >
< span id = "299" > 299< / span >
< span id = "300" > 300< / span >
< span id = "301" > 301< / span >
< span id = "302" > 302< / span >
< span id = "303" > 303< / span >
< span id = "304" > 304< / span >
< span id = "305" > 305< / span >
< span id = "306" > 306< / span >
< span id = "307" > 307< / span >
< span id = "308" > 308< / span >
< span id = "309" > 309< / span >
< span id = "310" > 310< / span >
< span id = "311" > 311< / span >
< span id = "312" > 312< / span >
< span id = "313" > 313< / span >
< span id = "314" > 314< / span >
< span id = "315" > 315< / span >
< span id = "316" > 316< / span >
< span id = "317" > 317< / span >
< span id = "318" > 318< / span >
< span id = "319" > 319< / span >
< span id = "320" > 320< / span >
< span id = "321" > 321< / span >
< span id = "322" > 322< / span >
< span id = "323" > 323< / span >
< span id = "324" > 324< / span >
< span id = "325" > 325< / span >
< span id = "326" > 326< / span >
< span id = "327" > 327< / span >
< span id = "328" > 328< / span >
< span id = "329" > 329< / span >
< span id = "330" > 330< / span >
< span id = "331" > 331< / span >
< span id = "332" > 332< / span >
< span id = "333" > 333< / span >
< span id = "334" > 334< / span >
< span id = "335" > 335< / span >
< span id = "336" > 336< / span >
< span id = "337" > 337< / span >
< span id = "338" > 338< / span >
< span id = "339" > 339< / span >
< span id = "340" > 340< / span >
< span id = "341" > 341< / span >
< span id = "342" > 342< / span >
< span id = "343" > 343< / span >
< span id = "344" > 344< / span >
< span id = "345" > 345< / span >
< span id = "346" > 346< / span >
< span id = "347" > 347< / span >
< span id = "348" > 348< / span >
< span id = "349" > 349< / span >
< span id = "350" > 350< / span >
< span id = "351" > 351< / span >
< span id = "352" > 352< / span >
< span id = "353" > 353< / span >
< span id = "354" > 354< / span >
< span id = "355" > 355< / span >
< span id = "356" > 356< / span >
< span id = "357" > 357< / span >
< span id = "358" > 358< / span >
< span id = "359" > 359< / span >
< span id = "360" > 360< / span >
< span id = "361" > 361< / span >
< span id = "362" > 362< / span >
< span id = "363" > 363< / span >
< span id = "364" > 364< / span >
< span id = "365" > 365< / span >
< span id = "366" > 366< / span >
< span id = "367" > 367< / span >
< span id = "368" > 368< / span >
< span id = "369" > 369< / span >
< span id = "370" > 370< / span >
< span id = "371" > 371< / span >
< span id = "372" > 372< / span >
< span id = "373" > 373< / span >
< span id = "374" > 374< / span >
< span id = "375" > 375< / span >
< span id = "376" > 376< / span >
< span id = "377" > 377< / span >
< span id = "378" > 378< / span >
< span id = "379" > 379< / span >
< span id = "380" > 380< / span >
< span id = "381" > 381< / span >
< span id = "382" > 382< / span >
< span id = "383" > 383< / span >
< span id = "384" > 384< / span >
< span id = "385" > 385< / span >
< span id = "386" > 386< / span >
< span id = "387" > 387< / span >
< span id = "388" > 388< / span >
< span id = "389" > 389< / span >
< span id = "390" > 390< / span >
< span id = "391" > 391< / span >
< span id = "392" > 392< / span >
< span id = "393" > 393< / span >
< span id = "394" > 394< / span >
< span id = "395" > 395< / span >
< span id = "396" > 396< / span >
< span id = "397" > 397< / span >
< span id = "398" > 398< / span >
< span id = "399" > 399< / span >
< span id = "400" > 400< / span >
< span id = "401" > 401< / span >
< span id = "402" > 402< / span >
< span id = "403" > 403< / span >
< span id = "404" > 404< / span >
< span id = "405" > 405< / span >
< span id = "406" > 406< / span >
< span id = "407" > 407< / span >
< span id = "408" > 408< / span >
< span id = "409" > 409< / span >
< span id = "410" > 410< / span >
< span id = "411" > 411< / span >
< span id = "412" > 412< / span >
< span id = "413" > 413< / span >
< span id = "414" > 414< / span >
< span id = "415" > 415< / span >
< span id = "416" > 416< / span >
< span id = "417" > 417< / span >
< span id = "418" > 418< / span >
< span id = "419" > 419< / span >
< span id = "420" > 420< / span >
< span id = "421" > 421< / span >
< span id = "422" > 422< / span >
< span id = "423" > 423< / span >
< span id = "424" > 424< / span >
< span id = "425" > 425< / span >
< span id = "426" > 426< / span >
< span id = "427" > 427< / span >
< span id = "428" > 428< / span >
< span id = "429" > 429< / span >
< span id = "430" > 430< / span >
< span id = "431" > 431< / span >
< span id = "432" > 432< / span >
< span id = "433" > 433< / span >
< span id = "434" > 434< / span >
< span id = "435" > 435< / span >
< span id = "436" > 436< / span >
< span id = "437" > 437< / span >
< span id = "438" > 438< / span >
< span id = "439" > 439< / span >
< span id = "440" > 440< / span >
< span id = "441" > 441< / span >
< span id = "442" > 442< / span >
< span id = "443" > 443< / span >
< span id = "444" > 444< / span >
< span id = "445" > 445< / span >
< span id = "446" > 446< / span >
< span id = "447" > 447< / span >
< span id = "448" > 448< / span >
< span id = "449" > 449< / span >
< span id = "450" > 450< / span >
< span id = "451" > 451< / span >
< span id = "452" > 452< / span >
< span id = "453" > 453< / span >
< span id = "454" > 454< / span >
< span id = "455" > 455< / span >
< span id = "456" > 456< / span >
< span id = "457" > 457< / span >
< span id = "458" > 458< / span >
< span id = "459" > 459< / span >
< span id = "460" > 460< / span >
< span id = "461" > 461< / span >
< span id = "462" > 462< / span >
< span id = "463" > 463< / span >
2022-08-24 17:10:06 +00:00
< / pre > < pre class = "rust" > < code > < span class = "kw" > use < / span > std::{collections::HashMap, convert::TryInto, fmt, future::Future, pin::Pin, rc::Rc};
< span class = "kw" > use < / span > actix_utils::future::{ready, Ready};
< span class = "kw" > use < / span > actix_web::{
body::MessageBody,
cookie::{Cookie, CookieJar, Key},
dev::{forward_ready, ResponseHead, Service, ServiceRequest, ServiceResponse, Transform},
http::header::{HeaderValue, SET_COOKIE},
HttpResponse,
2022-03-05 23:25:11 +00:00
};
2022-08-24 17:10:06 +00:00
< span class = "kw" > use < / span > anyhow::Context;
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
< span class = "kw" > use crate< / span > ::{
config::{
< span class = "self" > self< / span > , Configuration, CookieConfiguration, CookieContentSecurity, SessionMiddlewareBuilder,
TtlExtensionPolicy,
2022-07-03 20:20:50 +00:00
},
2022-08-24 17:10:06 +00:00
storage::{LoadError, SessionKey, SessionStore},
Session, SessionStatus,
2022-03-05 23:25:11 +00:00
};
2022-08-24 17:10:06 +00:00
< span class = "doccomment" > /// A middleware for session management in Actix Web applications.
///
/// [`SessionMiddleware`] takes care of a few jobs:
///
/// - Instructs the session storage backend to create/update/delete/retrieve the state attached to
/// a session according to its status and the operations that have been performed against it;
/// - Set/remove a cookie, on the client side, to enable a user to be consistently associated with
/// the same session across multiple HTTP requests.
///
/// Use [`SessionMiddleware::new`] to initialize the session framework using the default parameters.
/// To create a new instance of [`SessionMiddleware`] you need to provide:
///
/// - an instance of the session storage backend you wish to use (i.e. an implementation of
/// [`SessionStore`]);
/// - a secret key, to sign or encrypt the content of client-side session cookie.
///
/// # How did we choose defaults?
/// You should not regret adding `actix-session` to your dependencies and going to production using
/// the default configuration. That is why, when in doubt, we opt to use the most secure option for
/// each configuration parameter.
///
/// We expose knobs to change the default to suit your needs—i.e., if you know what you are doing,
/// we will not stop you. But being a subject-matter expert should not be a requirement to deploy
/// reasonably secure implementation of sessions.
///
/// # Examples
/// ```no_run
/// use actix_web::{web, App, HttpServer, HttpResponse, Error};
/// use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
/// use actix_web::cookie::Key;
///
/// // The secret key would usually be read from a configuration file/environment variables.
/// fn get_secret_key() -> Key {
/// # todo!()
/// // [...]
/// }
///
/// #[actix_web::main]
/// async fn main() -> std::io::Result< ()> {
/// let secret_key = get_secret_key();
/// let redis_connection_string = " 127.0.0.1:6379" ;
/// HttpServer::new(move ||
/// App::new()
/// // Add session management to your application using Redis for session state storage
/// .wrap(
/// SessionMiddleware::new(
/// RedisActorSessionStore::new(redis_connection_string),
/// secret_key.clone()
/// )
/// )
/// .default_service(web::to(|| HttpResponse::Ok())))
/// .bind((" 127.0.0.1" , 8080))?
/// .run()
/// .await
/// }
/// ```
///
/// If you want to customise use [`builder`](Self::builder) instead of [`new`](Self::new):
///
/// ```no_run
/// use actix_web::{App, cookie::{Key, time}, Error, HttpResponse, HttpServer, web};
/// use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
/// use actix_session::config::PersistentSession;
///
/// // The secret key would usually be read from a configuration file/environment variables.
/// fn get_secret_key() -> Key {
/// # todo!()
/// // [...]
/// }
///
/// #[actix_web::main]
/// async fn main() -> std::io::Result< ()> {
/// let secret_key = get_secret_key();
/// let redis_connection_string = " 127.0.0.1:6379" ;
/// HttpServer::new(move ||
/// App::new()
/// // Customise session length!
/// .wrap(
/// SessionMiddleware::builder(
/// RedisActorSessionStore::new(redis_connection_string),
/// secret_key.clone()
/// )
/// .session_lifecycle(
/// PersistentSession::default()
/// .session_ttl(time::Duration::days(5))
/// )
/// .build(),
/// )
/// .default_service(web::to(|| HttpResponse::Ok())))
/// .bind((" 127.0.0.1" , 8080))?
/// .run()
/// .await
/// }
/// ```
< / span > < span class = "attribute" > #[derive(Clone)]
< / span > < span class = "kw" > pub struct < / span > SessionMiddleware< Store: SessionStore> {
storage_backend: Rc< Store> ,
configuration: Rc< Configuration> ,
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > impl< / span > < Store: SessionStore> SessionMiddleware< Store> {
< span class = "doccomment" > /// Use [`SessionMiddleware::new`] to initialize the session framework using the default
/// parameters.
///
/// To create a new instance of [`SessionMiddleware`] you need to provide:
/// - an instance of the session storage backend you wish to use (i.e. an implementation of
/// [`SessionStore`]);
/// - a secret key, to sign or encrypt the content of client-side session cookie.
< / span > < span class = "kw" > pub fn < / span > new(store: Store, key: Key) -> < span class = "self" > Self < / span > {
< span class = "self" > Self< / span > ::builder(store, key).build()
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "doccomment" > /// A fluent API to configure [`SessionMiddleware`].
///
/// It takes as input the two required inputs to create a new instance of [`SessionMiddleware`]:
/// - an instance of the session storage backend you wish to use (i.e. an implementation of
/// [`SessionStore`]);
/// - a secret key, to sign or encrypt the content of client-side session cookie.
< / span > < span class = "kw" > pub fn < / span > builder(store: Store, key: Key) -> SessionMiddlewareBuilder< Store> {
SessionMiddlewareBuilder::new(store, config::default_configuration(key))
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > pub< / span > (< span class = "kw" > crate< / span > ) < span class = "kw" > fn < / span > from_parts(store: Store, configuration: Configuration) -> < span class = "self" > Self < / span > {
< span class = "self" > Self < / span > {
storage_backend: Rc::new(store),
configuration: Rc::new(configuration),
2022-03-05 23:25:11 +00:00
}
}
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > impl< / span > < S, B, Store> Transform< S, ServiceRequest> < span class = "kw" > for < / span > SessionMiddleware< Store>
< span class = "kw" > where
< / span > S: Service< ServiceRequest, Response = ServiceResponse< B> , Error = actix_web::Error> + < span class = "lifetime" > ' static< / span > ,
S::Future: < span class = "lifetime" > ' static< / span > ,
B: MessageBody + < span class = "lifetime" > ' static< / span > ,
Store: SessionStore + < span class = "lifetime" > ' static< / span > ,
2022-03-05 23:25:11 +00:00
{
2022-08-24 17:10:06 +00:00
< span class = "kw" > type < / span > Response = ServiceResponse< B> ;
< span class = "kw" > type < / span > Error = actix_web::Error;
< span class = "kw" > type < / span > Transform = InnerSessionMiddleware< S, Store> ;
< span class = "kw" > type < / span > InitError = ();
< span class = "kw" > type < / span > Future = Ready< < span class = "prelude-ty" > Result< / span > < < span class = "self" > Self< / span > ::Transform, < span class = "self" > Self< / span > ::InitError> > ;
< span class = "kw" > fn < / span > new_transform(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > , service: S) -> < span class = "self" > Self< / span > ::Future {
ready(< span class = "prelude-val" > Ok< / span > (InnerSessionMiddleware {
service: Rc::new(service),
configuration: Rc::clone(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > .configuration),
storage_backend: Rc::clone(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > .storage_backend),
2022-03-05 23:25:11 +00:00
}))
}
}
2022-08-24 17:10:06 +00:00
< span class = "doccomment" > /// Short-hand to create an `actix_web::Error` instance that will result in an `Internal Server
/// Error` response while preserving the error root cause (e.g. in logs).
< / span > < span class = "kw" > fn < / span > e500< E: fmt::Debug + fmt::Display + < span class = "lifetime" > ' static< / span > > (err: E) -> actix_web::Error {
< span class = "comment" > // We do not use `actix_web::error::ErrorInternalServerError` because we do not want to
// leak internal implementation details to the caller.
//
// `actix_web::error::ErrorInternalServerError` includes the error Display representation
// as body of the error responses, leading to messages like " There was an issue persisting
// the session state" reaching API clients. We don' t want that, we want opaque 500s.
< / span > actix_web::error::InternalError::from_response(
err,
HttpResponse::InternalServerError().finish(),
2022-03-25 18:12:41 +00:00
)
2022-08-24 17:10:06 +00:00
.into()
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "attribute" > #[doc(hidden)]
#[non_exhaustive]
< / span > < span class = "kw" > pub struct < / span > InnerSessionMiddleware< S, Store: SessionStore + < span class = "lifetime" > ' static< / span > > {
service: Rc< S> ,
configuration: Rc< Configuration> ,
storage_backend: Rc< Store> ,
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > impl< / span > < S, B, Store> Service< ServiceRequest> < span class = "kw" > for < / span > InnerSessionMiddleware< S, Store>
< span class = "kw" > where
< / span > S: Service< ServiceRequest, Response = ServiceResponse< B> , Error = actix_web::Error> + < span class = "lifetime" > ' static< / span > ,
S::Future: < span class = "lifetime" > ' static< / span > ,
Store: SessionStore + < span class = "lifetime" > ' static< / span > ,
2022-03-05 23:25:11 +00:00
{
2022-08-24 17:10:06 +00:00
< span class = "kw" > type < / span > Response = ServiceResponse< B> ;
< span class = "kw" > type < / span > Error = actix_web::Error;
< span class = "attribute" > #[allow(clippy::type_complexity)]
< / span > < span class = "kw" > type < / span > Future = Pin< Box< < span class = "kw" > dyn < / span > Future< Output = < span class = "prelude-ty" > Result< / span > < < span class = "self" > Self< / span > ::Response, < span class = "self" > Self< / span > ::Error> > > > ;
< span class = "macro" > forward_ready!< / span > (service);
< span class = "kw" > fn < / span > call(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > , < span class = "kw-2" > mut < / span > req: ServiceRequest) -> < span class = "self" > Self< / span > ::Future {
< span class = "kw" > let < / span > service = Rc::clone(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > .service);
< span class = "kw" > let < / span > storage_backend = Rc::clone(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > .storage_backend);
< span class = "kw" > let < / span > configuration = Rc::clone(< span class = "kw-2" > & < / span > < span class = "self" > self< / span > .configuration);
Box::pin(< span class = "kw" > async move < / span > {
< span class = "kw" > let < / span > session_key = extract_session_key(< span class = "kw-2" > & < / span > req, < span class = "kw-2" > & < / span > configuration.cookie);
< span class = "kw" > let < / span > (session_key, session_state) =
load_session_state(session_key, storage_backend.as_ref()).< span class = "kw" > await< / span > < span class = "question-mark" > ?< / span > ;
Session::set_session(< span class = "kw-2" > & mut < / span > req, session_state);
< span class = "kw" > let < / span > < span class = "kw-2" > mut < / span > res = service.call(req).< span class = "kw" > await< / span > < span class = "question-mark" > ?< / span > ;
< span class = "kw" > let < / span > (status, session_state) = Session::get_changes(< span class = "kw-2" > & mut < / span > res);
< span class = "kw" > match < / span > session_key {
< span class = "prelude-val" > None < / span > => {
< span class = "comment" > // we do not create an entry in the session store if there is no state attached
// to a fresh session
< / span > < span class = "kw" > if < / span > !session_state.is_empty() {
< span class = "kw" > let < / span > session_key = storage_backend
.save(session_state, < span class = "kw-2" > & < / span > configuration.session.state_ttl)
.< span class = "kw" > await
< / span > .map_err(e500)< span class = "question-mark" > ?< / span > ;
set_session_cookie(
res.response_mut().head_mut(),
session_key,
< span class = "kw-2" > & < / span > configuration.cookie,
2022-03-05 23:25:11 +00:00
)
2022-08-24 17:10:06 +00:00
.map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
}
}
2022-08-24 17:10:06 +00:00
< span class = "prelude-val" > Some< / span > (session_key) => {
< span class = "kw" > match < / span > status {
SessionStatus::Changed => {
< span class = "kw" > let < / span > session_key = storage_backend
.update(
session_key,
session_state,
< span class = "kw-2" > & < / span > configuration.session.state_ttl,
2022-03-05 23:25:11 +00:00
)
2022-08-24 17:10:06 +00:00
.< span class = "kw" > await
< / span > .map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
set_session_cookie(
res.response_mut().head_mut(),
session_key,
< span class = "kw-2" > & < / span > configuration.cookie,
2022-03-05 23:25:11 +00:00
)
2022-08-24 17:10:06 +00:00
.map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
SessionStatus::Purged => {
storage_backend.delete(< span class = "kw-2" > & < / span > session_key).< span class = "kw" > await< / span > .map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
delete_session_cookie(
res.response_mut().head_mut(),
< span class = "kw-2" > & < / span > configuration.cookie,
2022-03-05 23:25:11 +00:00
)
2022-08-24 17:10:06 +00:00
.map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
SessionStatus::Renewed => {
storage_backend.delete(< span class = "kw-2" > & < / span > session_key).< span class = "kw" > await< / span > .map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
< span class = "kw" > let < / span > session_key = storage_backend
.save(session_state, < span class = "kw-2" > & < / span > configuration.session.state_ttl)
.< span class = "kw" > await
< / span > .map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
set_session_cookie(
res.response_mut().head_mut(),
session_key,
< span class = "kw-2" > & < / span > configuration.cookie,
2022-03-05 23:25:11 +00:00
)
2022-08-24 17:10:06 +00:00
.map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
SessionStatus::Unchanged => {
< span class = "kw" > if < / span > < span class = "macro" > matches!< / span > (
configuration.ttl_extension_policy,
TtlExtensionPolicy::OnEveryRequest
2022-07-03 20:20:50 +00:00
) {
2022-08-24 17:10:06 +00:00
storage_backend
.update_ttl(< span class = "kw-2" > & < / span > session_key, < span class = "kw-2" > & < / span > configuration.session.state_ttl)
.< span class = "kw" > await
< / span > .map_err(e500)< span class = "question-mark" > ?< / span > ;
< span class = "kw" > if < / span > configuration.cookie.max_age.is_some() {
set_session_cookie(
res.response_mut().head_mut(),
session_key,
< span class = "kw-2" > & < / span > configuration.cookie,
2022-07-03 20:20:50 +00:00
)
2022-08-24 17:10:06 +00:00
.map_err(e500)< span class = "question-mark" > ?< / span > ;
2022-07-03 20:20:50 +00:00
}
}
2022-03-05 23:25:11 +00:00
}
2022-07-03 20:20:50 +00:00
};
2022-03-05 23:25:11 +00:00
}
2022-07-03 20:20:50 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "prelude-val" > Ok< / span > (res)
2022-03-05 23:25:11 +00:00
})
}
}
2022-08-24 17:10:06 +00:00
< span class = "doccomment" > /// Examines the session cookie attached to the incoming request, if there is one, and tries
/// to extract the session key.
///
/// It returns `None` if there is no session cookie or if the session cookie is considered invalid
/// (e.g., when failing a signature check).
< / span > < span class = "kw" > fn < / span > extract_session_key(req: < span class = "kw-2" > & < / span > ServiceRequest, config: < span class = "kw-2" > & < / span > CookieConfiguration) -> < span class = "prelude-ty" > Option< / span > < SessionKey> {
< span class = "kw" > let < / span > cookies = req.cookies().ok()< span class = "question-mark" > ?< / span > ;
< span class = "kw" > let < / span > session_cookie = cookies
.iter()
.find(|< span class = "kw-2" > & < / span > cookie| cookie.name() == config.name)< span class = "question-mark" > ?< / span > ;
< span class = "kw" > let < / span > < span class = "kw-2" > mut < / span > jar = CookieJar::new();
jar.add_original(session_cookie.clone());
< span class = "kw" > let < / span > verification_result = < span class = "kw" > match < / span > config.content_security {
CookieContentSecurity::Signed => jar.signed(< span class = "kw-2" > & < / span > config.key).get(< span class = "kw-2" > & < / span > config.name),
CookieContentSecurity::Private => jar.private(< span class = "kw-2" > & < / span > config.key).get(< span class = "kw-2" > & < / span > config.name),
2022-03-05 23:25:11 +00:00
};
2022-08-24 17:10:06 +00:00
< span class = "kw" > if < / span > verification_result.is_none() {
2022-03-05 23:25:11 +00:00
< span class = "macro" > tracing::warn!< / span > (
< span class = "string" > " The session cookie attached to the incoming request failed to pass cryptographic \
2022-08-24 17:10:06 +00:00
checks (signature verification/decryption)."
< / span > );
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > match < / span > verification_result< span class = "question-mark" > ?< / span > .value().to_owned().try_into() {
< span class = "prelude-val" > Ok< / span > (session_key) => < span class = "prelude-val" > Some< / span > (session_key),
< span class = "prelude-val" > Err< / span > (err) => {
2022-03-05 23:25:11 +00:00
< span class = "macro" > tracing::warn!< / span > (
2022-08-24 17:10:06 +00:00
error.message = %err,
error.cause_chain = < span class = "question-mark" > ?< / span > err,
< span class = "string" > " Invalid session key, ignoring."
< / span > );
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
< span class = "prelude-val" > None
< / span > }
2022-03-05 23:25:11 +00:00
}
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > async fn < / span > load_session_state< Store: SessionStore> (
session_key: < span class = "prelude-ty" > Option< / span > < SessionKey> ,
storage_backend: < span class = "kw-2" > & < / span > Store,
) -> < span class = "prelude-ty" > Result< / span > < (< span class = "prelude-ty" > Option< / span > < SessionKey> , HashMap< String, String> ), actix_web::Error> {
< span class = "kw" > if let < / span > < span class = "prelude-val" > Some< / span > (session_key) = session_key {
< span class = "kw" > match < / span > storage_backend.load(< span class = "kw-2" > & < / span > session_key).< span class = "kw" > await < / span > {
< span class = "prelude-val" > Ok< / span > (state) => {
< span class = "kw" > if let < / span > < span class = "prelude-val" > Some< / span > (state) = state {
< span class = "prelude-val" > Ok< / span > ((< span class = "prelude-val" > Some< / span > (session_key), state))
} < span class = "kw" > else < / span > {
< span class = "comment" > // We discard the existing session key given that the state attached to it can
// no longer be found (e.g. it expired or we suffered some data loss in the
// storage). Regenerating the session key will trigger the `save` workflow
// instead of the `update` workflow if the session state is modified during the
// lifecycle of the current request.
< / span > < span class = "macro" > tracing::info!< / span > (
2022-03-05 23:25:11 +00:00
< span class = "string" > " No session state has been found for a valid session key, creating a new \
2022-08-24 17:10:06 +00:00
empty session."
< / span > );
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
< span class = "prelude-val" > Ok< / span > ((< span class = "prelude-val" > None< / span > , HashMap::new()))
2022-03-05 23:25:11 +00:00
}
}
2022-08-24 17:10:06 +00:00
< span class = "prelude-val" > Err< / span > (err) => < span class = "kw" > match < / span > err {
LoadError::Deserialization(err) => {
2022-03-05 23:25:11 +00:00
< span class = "macro" > tracing::warn!< / span > (
2022-08-24 17:10:06 +00:00
error.message = %err,
error.cause_chain = < span class = "question-mark" > ?< / span > err,
< span class = "string" > " Invalid session state, creating a new empty session."
< / span > );
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
< span class = "prelude-val" > Ok< / span > ((< span class = "prelude-val" > Some< / span > (session_key), HashMap::new()))
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
LoadError::Other(err) => < span class = "prelude-val" > Err< / span > (e500(err)),
2022-03-05 23:25:11 +00:00
},
}
2022-08-24 17:10:06 +00:00
} < span class = "kw" > else < / span > {
< span class = "prelude-val" > Ok< / span > ((< span class = "prelude-val" > None< / span > , HashMap::new()))
2022-03-05 23:25:11 +00:00
}
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > fn < / span > set_session_cookie(
response: < span class = "kw-2" > & mut < / span > ResponseHead,
session_key: SessionKey,
config: < span class = "kw-2" > & < / span > CookieConfiguration,
) -> < span class = "prelude-ty" > Result< / span > < (), anyhow::Error> {
< span class = "kw" > let < / span > value: String = session_key.into();
< span class = "kw" > let < / span > < span class = "kw-2" > mut < / span > cookie = Cookie::new(config.name.clone(), value);
cookie.set_secure(config.secure);
cookie.set_http_only(config.http_only);
cookie.set_same_site(config.same_site);
cookie.set_path(config.path.clone());
< span class = "kw" > if let < / span > < span class = "prelude-val" > Some< / span > (max_age) = config.max_age {
cookie.set_max_age(max_age);
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > if let < / span > < span class = "prelude-val" > Some< / span > (< span class = "kw-2" > ref < / span > domain) = config.domain {
cookie.set_domain(domain.clone());
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > let < / span > < span class = "kw-2" > mut < / span > jar = CookieJar::new();
< span class = "kw" > match < / span > config.content_security {
CookieContentSecurity::Signed => jar.signed_mut(< span class = "kw-2" > & < / span > config.key).add(cookie),
CookieContentSecurity::Private => jar.private_mut(< span class = "kw-2" > & < / span > config.key).add(cookie),
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
< span class = "comment" > // set cookie
< / span > < span class = "kw" > let < / span > cookie = jar.delta().next().unwrap();
< span class = "kw" > let < / span > val = HeaderValue::from_str(< span class = "kw-2" > & < / span > cookie.encoded().to_string())
.context(< span class = "string" > " Failed to attach a session cookie to the outgoing response" < / span > )< span class = "question-mark" > ?< / span > ;
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
response.headers_mut().append(SET_COOKIE, val);
2022-03-05 23:25:11 +00:00
< span class = "prelude-val" > Ok< / span > (())
}
2022-08-24 17:10:06 +00:00
< span class = "kw" > fn < / span > delete_session_cookie(
response: < span class = "kw-2" > & mut < / span > ResponseHead,
config: < span class = "kw-2" > & < / span > CookieConfiguration,
) -> < span class = "prelude-ty" > Result< / span > < (), anyhow::Error> {
< span class = "kw" > let < / span > removal_cookie = Cookie::build(config.name.clone(), < span class = "string" > " " < / span > )
.path(config.path.clone())
.http_only(config.http_only);
< span class = "kw" > let < / span > < span class = "kw-2" > mut < / span > removal_cookie = < span class = "kw" > if let < / span > < span class = "prelude-val" > Some< / span > (< span class = "kw-2" > ref < / span > domain) = config.domain {
removal_cookie.domain(domain)
} < span class = "kw" > else < / span > {
removal_cookie
2022-03-05 23:25:11 +00:00
}
2022-08-24 17:10:06 +00:00
.finish();
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
removal_cookie.make_removal();
2022-03-05 23:25:11 +00:00
2022-08-24 17:10:06 +00:00
< span class = "kw" > let < / span > val = HeaderValue::from_str(< span class = "kw-2" > & < / span > removal_cookie.to_string())
.context(< span class = "string" > " Failed to attach a session removal cookie to the outgoing response" < / span > )< span class = "question-mark" > ?< / span > ;
response.headers_mut().append(SET_COOKIE, val);
2022-03-05 23:25:11 +00:00
< span class = "prelude-val" > Ok< / span > (())
}
< / code > < / pre > < / div >
2022-09-10 23:05:41 +00:00
< / section > < / div > < / main > < div id = "rustdoc-vars" data-root-path = "../../" data-current-crate = "actix_session" data-themes = "ayu,dark,light" data-resource-suffix = "" data-rustdoc-version = "1.65.0-nightly (1d37ed661 2022-09-09)" > < / div > < / body > < / html >
