actix-extras/guide/src/qs_10.md

# Middlewares

Actix middlewares system allows to add additional behavior to request/response processing.
Middleware can hook into incoming request process and modify request or halt request 
processing and return response early. Also it can hook into response processing.

Typically middlewares involves in following actions:

* Pre-process the Request
* Post-process a Response
* Modify application state
* Access external services (redis, logging, sessions)

Middlewares are registered for each application and get executed in same order as
registration order. In general, *middleware* is a type that implements
[*Middleware trait*](../actix_web/middlewares/trait.Middleware.html). Each method
in this trait has default implementation. Each method can return result immediately
or *future* object.

Here is example of simple middleware that adds request and response headers:

```rust
# extern crate http;
# extern crate actix_web;
use http::{header, HttpTryFrom};
use actix_web::*;
use actix_web::middleware::{Middleware, Started, Response};

struct Headers;  // <- Our middleware

/// Middleware implementation, middlewares are generic over application state,
/// so you can access state with `HttpRequest::state()` method.
impl<S> Middleware<S> for Headers {

    /// Method is called when request is ready. It may return
    /// future, which should resolve before next middleware get called.
    fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
        req.headers_mut().insert(
            header::CONTENT_TYPE, header::HeaderValue::from_static("text/plain"));
        Ok(Started::Done)
    }

    /// Method is called when handler returns response,
    /// but before sending http message to peer.
    fn response(&self, req: &mut HttpRequest<S>, mut resp: HttpResponse) -> Result<Response> {
        resp.headers_mut().insert(
            header::HeaderName::try_from("X-VERSION").unwrap(),
            header::HeaderValue::from_static("0.2"));
        Ok(Response::Done(resp))
    }
}

fn main() {
    Application::new()
       .middleware(Headers)  // <- Register middleware, this method could be called multiple times
       .resource("/", |r| r.h(httpcodes::HTTPOk));
}
```

Active provides several useful middlewares, like *logging*, *user sessions*, etc.


## Logging

Logging is implemented as middleware. 
It is common to register logging middleware as first middleware for application. 
Logging middleware has to be registered for each application. *Logger* middleware
uses standard log crate to log information. You should enable logger for *actix_web*
package to see access log. ([env_logger](https://docs.rs/env_logger/*/env_logger/) or similar)

### Usage

Create `Logger` middleware with the specified `format`.
Default `Logger` could be created with `default` method, it uses the default format:

```ignore
  %a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %T
```
```rust
# extern crate actix_web;
extern crate env_logger;
use actix_web::Application;
use actix_web::middleware::Logger;

fn main() {
    std::env::set_var("RUST_LOG", "actix_web=info");
    env_logger::init();

    Application::new()
       .middleware(Logger::default())
       .middleware(Logger::new("%a %{User-Agent}i"))
       .finish();
}
```

Here is example of default logging format:

```
INFO:actix_web::middleware::logger: 127.0.0.1:59934 [02/Dec/2017:00:21:43 -0800] "GET / HTTP/1.1" 302 0 "-" "curl/7.54.0" 0.000397
INFO:actix_web::middleware::logger: 127.0.0.1:59947 [02/Dec/2017:00:22:40 -0800] "GET /index.html HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0" 0.000646
```

### Format

 `%%`  The percent sign

 `%a`  Remote IP-address (IP-address of proxy if using reverse proxy)

 `%t`  Time when the request was started to process

 `%P`  The process ID of the child that serviced the request

 `%r`  First line of request

 `%s`  Response status code

 `%b`  Size of response in bytes, including HTTP headers

 `%T`  Time taken to serve the request, in seconds with floating fraction in .06f format

 `%D`  Time taken to serve the request, in milliseconds

 `%{FOO}i`  request.headers['FOO']

 `%{FOO}o`  response.headers['FOO']

 `%{FOO}e`  os.environ['FOO']


## Default headers

To set default response headers `DefaultHeaders` middleware could be used.
*DefaultHeaders* middleware does not set header if response headers already contains
specified header.

```rust
# extern crate actix_web;
use actix_web::*;

fn main() {
    let app = Application::new()
        .middleware(
            middleware::DefaultHeaders::build()
                .header("X-Version", "0.2")
                .finish())
        .resource("/test", |r| {
             r.method(Method::GET).f(|req| httpcodes::HTTPOk);
             r.method(Method::HEAD).f(|req| httpcodes::HTTPMethodNotAllowed);
        })
       .finish();
}
```

## User sessions

Actix provides general solution for session management. 
[*Session storage*](../actix_web/middleware/struct.SessionStorage.html) middleware can be 
use with different backend types to store session data in different backends. 
By default only cookie session backend is implemented. Other backend implementations 
could be added later.

[*Cookie session backend*](../actix_web/middleware/struct.CookieSessionBackend.html)
uses signed cookies as session storage. *Cookie session backend* creates sessions which
are limited to storing fewer than 4000 bytes of data (as the payload must fit into a
single cookie). Internal server error get generated if session contains more than 4000 bytes.

You need to pass a random value to the constructor of *CookieSessionBackend*.
This is private key for cookie session. When this value is changed, all session data is lost.
Note that whatever you write into your session is visible by the user (but not modifiable).

In general case, you create
[*Session storage*](../actix_web/middleware/struct.SessionStorage.html) middleware
and initializes it with specific backend implementation, like *CookieSessionBackend*.
To access session data
[*HttpRequest::session()*](../actix_web/middleware/trait.RequestSession.html#tymethod.session)
method has to be used. This method returns
[*Session*](../actix_web/middleware/struct.Session.html) object, which allows to get or set
session data.

```rust
# extern crate actix;
# extern crate actix_web;
use actix_web::*;
use actix_web::middleware::{RequestSession, SessionStorage, CookieSessionBackend};

fn index(mut req: HttpRequest) -> Result<&'static str> {
    // access session data
    if let Some(count) = req.session().get::<i32>("counter")? {
        println!("SESSION value: {}", count);
        req.session().set("counter", count+1)?;
    } else {
        req.session().set("counter", 1)?;
    }

    Ok("Welcome!")
}

fn main() {
#   let sys = actix::System::new("basic-example");
    HttpServer::new(
        || Application::new()
            .middleware(SessionStorage::new(          // <- create session middleware
                CookieSessionBackend::build(&[0; 32]) // <- create cookie session backend
                    .secure(false)
                    .finish()
            )))
        .bind("127.0.0.1:59880").unwrap()
        .start();
#     actix::Arbiter::system().do_send(actix::msgs::SystemExit(0));
#     let _ = sys.run();
}
```
added default headers middleware 2017-12-04 05:47:15 +01:00			`# Middlewares`

user guide spelling 2018-01-13 20:17:48 +01:00			`Actix middlewares system allows to add additional behavior to request/response processing.`
			`Middleware can hook into incoming request process and modify request or halt request`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`processing and return response early. Also it can hook into response processing.`

			`Typically middlewares involves in following actions:`

			`* Pre-process the Request`
			`* Post-process a Response`
			`* Modify application state`
			`* Access external services (redis, logging, sessions)`

rename module 2017-12-27 04:59:41 +01:00			`Middlewares are registered for each application and get executed in same order as`
user guide spelling 2018-01-13 20:17:48 +01:00			`registration order. In general, middleware is a type that implements`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`[Middleware trait](../actix_web/middlewares/trait.Middleware.html). Each method`
user guide spelling 2018-01-13 20:17:48 +01:00			`in this trait has default implementation. Each method can return result immediately`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`or future object.`

			`Here is example of simple middleware that adds request and response headers:`

			```rust
			`# extern crate http;`
			`# extern crate actix_web;`
			`use http::{header, HttpTryFrom};`
			`use actix_web::*;`
rename module 2017-12-27 04:59:41 +01:00			`use actix_web::middleware::{Middleware, Started, Response};`
more info for middleware guide 2017-12-26 16:58:21 +01:00
			`struct Headers; // <- Our middleware`

			`/// Middleware implementation, middlewares are generic over application state,`
			/// so you can access state with `HttpRequest::state()` method.
			`impl<S> Middleware<S> for Headers {`

			`/// Method is called when request is ready. It may return`
			`/// future, which should resolve before next middleware get called.`
refactor Middleware trait, use Result 2018-01-10 07:48:35 +01:00			`fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`req.headers_mut().insert(`
			`header::CONTENT_TYPE, header::HeaderValue::from_static("text/plain"));`
refactor Middleware trait, use Result 2018-01-10 07:48:35 +01:00			`Ok(Started::Done)`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`}`

			`/// Method is called when handler returns response,`
			`/// but before sending http message to peer.`
refactor Middleware trait, use Result 2018-01-10 07:48:35 +01:00			`fn response(&self, req: &mut HttpRequest<S>, mut resp: HttpResponse) -> Result<Response> {`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`resp.headers_mut().insert(`
			`header::HeaderName::try_from("X-VERSION").unwrap(),`
			`header::HeaderValue::from_static("0.2"));`
refactor Middleware trait, use Result 2018-01-10 07:48:35 +01:00			`Ok(Response::Done(resp))`
more info for middleware guide 2017-12-26 16:58:21 +01:00			`}`
			`}`

			`fn main() {`
			`Application::new()`
			`.middleware(Headers) // <- Register middleware, this method could be called multiple times`
			`.resource("/", \|r\| r.h(httpcodes::HTTPOk));`
			`}`
			```

			`Active provides several useful middlewares, like logging, user sessions, etc.`


added default headers middleware 2017-12-04 05:47:15 +01:00			`## Logging`

more info for middleware guide 2017-12-26 16:58:21 +01:00			`Logging is implemented as middleware.`
added default headers middleware 2017-12-04 05:47:15 +01:00			`It is common to register logging middleware as first middleware for application.`
add logger info 2018-02-20 21:49:42 +01:00			`Logging middleware has to be registered for each application. Logger middleware`
			`uses standard log crate to log information. You should enable logger for actix_web`
			`package to see access log. ([env_logger](https://docs.rs/env_logger/*/env_logger/) or similar)`
added default headers middleware 2017-12-04 05:47:15 +01:00
			`### Usage`

rename module 2017-12-27 04:59:41 +01:00			Create `Logger` middleware with the specified `format`.
added default headers middleware 2017-12-04 05:47:15 +01:00			Default `Logger` could be created with `default` method, it uses the default format:

			```ignore
refactor http actor usage 2018-01-01 02:26:32 +01:00			`%a %t "%r" %s %b "%{Referer}i" "%{User-Agent}i" %T`
added default headers middleware 2017-12-04 05:47:15 +01:00			```
			```rust
simplify application creation 2017-12-06 20:00:39 +01:00			`# extern crate actix_web;`
add logger info 2018-02-20 21:49:42 +01:00			`extern crate env_logger;`
added default headers middleware 2017-12-04 05:47:15 +01:00			`use actix_web::Application;`
rename module 2017-12-27 04:59:41 +01:00			`use actix_web::middleware::Logger;`
added default headers middleware 2017-12-04 05:47:15 +01:00
			`fn main() {`
add logger info 2018-02-20 21:49:42 +01:00			`std::env::set_var("RUST_LOG", "actix_web=info");`
			`env_logger::init();`

simplify Application creation; update url dispatch guide section 2017-12-11 23:16:29 +01:00			`Application::new()`
added default headers middleware 2017-12-04 05:47:15 +01:00			`.middleware(Logger::default())`
			`.middleware(Logger::new("%a %{User-Agent}i"))`
			`.finish();`
			`}`
			```

			`Here is example of default logging format:`

			```
rename module 2017-12-27 04:59:41 +01:00			`INFO:actix_web::middleware::logger: 127.0.0.1:59934 [02/Dec/2017:00:21:43 -0800] "GET / HTTP/1.1" 302 0 "-" "curl/7.54.0" 0.000397`
			`INFO:actix_web::middleware::logger: 127.0.0.1:59947 [02/Dec/2017:00:22:40 -0800] "GET /index.html HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0" 0.000646`
added default headers middleware 2017-12-04 05:47:15 +01:00			```

			`### Format`

			`%%` The percent sign

			`%a` Remote IP-address (IP-address of proxy if using reverse proxy)

			`%t` Time when the request was started to process

			`%P` The process ID of the child that serviced the request

			`%r` First line of request

			`%s` Response status code

			`%b` Size of response in bytes, including HTTP headers

introduce route predicates 2017-12-04 22:32:05 +01:00			`%T` Time taken to serve the request, in seconds with floating fraction in .06f format
added default headers middleware 2017-12-04 05:47:15 +01:00
			`%D` Time taken to serve the request, in milliseconds

			`%{FOO}i` request.headers['FOO']

			`%{FOO}o` response.headers['FOO']

			`%{FOO}e` os.environ['FOO']


			`## Default headers`

fix doc 2017-12-11 23:27:09 +01:00			To set default response headers `DefaultHeaders` middleware could be used.
update session guide section 2017-12-20 00:44:25 +01:00			`DefaultHeaders middleware does not set header if response headers already contains`
			`specified header.`
added default headers middleware 2017-12-04 05:47:15 +01:00
			```rust
simplify application creation 2017-12-06 20:00:39 +01:00			`# extern crate actix_web;`
added default headers middleware 2017-12-04 05:47:15 +01:00			`use actix_web::*;`

			`fn main() {`
simplify Application creation; update url dispatch guide section 2017-12-11 23:16:29 +01:00			`let app = Application::new()`
added default headers middleware 2017-12-04 05:47:15 +01:00			`.middleware(`
rename module 2017-12-27 04:59:41 +01:00			`middleware::DefaultHeaders::build()`
added default headers middleware 2017-12-04 05:47:15 +01:00			`.header("X-Version", "0.2")`
			`.finish())`
			`.resource("/test", \|r\| {`
renamed Route::handler to Route::f, added Route::h to register Handler 2017-12-04 23:07:53 +01:00			`r.method(Method::GET).f(\|req\| httpcodes::HTTPOk);`
			`r.method(Method::HEAD).f(\|req\| httpcodes::HTTPMethodNotAllowed);`
added default headers middleware 2017-12-04 05:47:15 +01:00			`})`
			`.finish();`
			`}`
			```

			`## User sessions`
update guide 2017-12-14 07:36:28 +01:00
update session guide section 2017-12-20 00:44:25 +01:00			`Actix provides general solution for session management.`
user guide spelling 2018-01-13 20:17:48 +01:00			`[Session storage](../actix_web/middleware/struct.SessionStorage.html) middleware can be`
update session guide section 2017-12-20 00:44:25 +01:00			`use with different backend types to store session data in different backends.`
			`By default only cookie session backend is implemented. Other backend implementations`
			`could be added later.`

rename module 2017-12-27 04:59:41 +01:00			`[Cookie session backend](../actix_web/middleware/struct.CookieSessionBackend.html)`
			`uses signed cookies as session storage. Cookie session backend creates sessions which`
			`are limited to storing fewer than 4000 bytes of data (as the payload must fit into a`
update session guide section 2017-12-20 00:44:25 +01:00			`single cookie). Internal server error get generated if session contains more than 4000 bytes.`

			`You need to pass a random value to the constructor of CookieSessionBackend.`
			`This is private key for cookie session. When this value is changed, all session data is lost.`
			`Note that whatever you write into your session is visible by the user (but not modifiable).`

user guide spelling 2018-01-13 20:17:48 +01:00			`In general case, you create`
rename module 2017-12-27 04:59:41 +01:00			`[Session storage](../actix_web/middleware/struct.SessionStorage.html) middleware`
			`and initializes it with specific backend implementation, like CookieSessionBackend.`
update session guide section 2017-12-20 00:44:25 +01:00			`To access session data`
rename module 2017-12-27 04:59:41 +01:00			`[HttpRequest::session()](../actix_web/middleware/trait.RequestSession.html#tymethod.session)`
update session guide section 2017-12-20 00:44:25 +01:00			`method has to be used. This method returns`
rename module 2017-12-27 04:59:41 +01:00			`[Session](../actix_web/middleware/struct.Session.html) object, which allows to get or set`
update session guide section 2017-12-20 00:44:25 +01:00			`session data.`

			```rust
			`# extern crate actix;`
			`# extern crate actix_web;`
			`use actix_web::*;`
rename module 2017-12-27 04:59:41 +01:00			`use actix_web::middleware::{RequestSession, SessionStorage, CookieSessionBackend};`
update session guide section 2017-12-20 00:44:25 +01:00
			`fn index(mut req: HttpRequest) -> Result<&'static str> {`
			`// access session data`
			`if let Some(count) = req.session().get::<i32>("counter")? {`
			`println!("SESSION value: {}", count);`
			`req.session().set("counter", count+1)?;`
			`} else {`
			`req.session().set("counter", 1)?;`
			`}`

			`Ok("Welcome!")`
			`}`

			`fn main() {`
			`# let sys = actix::System::new("basic-example");`
			`HttpServer::new(`
			`\|\| Application::new()`
rename module 2017-12-27 04:59:41 +01:00			`.middleware(SessionStorage::new( // <- create session middleware`
update guide example 2017-12-20 03:38:02 +01:00			`CookieSessionBackend::build(&[0; 32]) // <- create cookie session backend`
update session guide section 2017-12-20 00:44:25 +01:00			`.secure(false)`
			`.finish()`
rename module 2017-12-27 04:59:41 +01:00			`)))`
update session guide section 2017-12-20 00:44:25 +01:00			`.bind("127.0.0.1:59880").unwrap()`
			`.start();`
use newer api 2018-02-13 07:56:47 +01:00			`# actix::Arbiter::system().do_send(actix::msgs::SystemExit(0));`
update session guide section 2017-12-20 00:44:25 +01:00			`# let _ = sys.run();`
			`}`
			```