Bearer auth

2025-06-29 19:24:58 +02:00 · 2018-05-30 16:43:39 +03:00
parent eee5365e0b
commit 716bffeb8e
30 changed files with 1192 additions and 308 deletions
--- a/examples/basic.rs
+++ b/examples/basic.rs
@ -1,40 +0,0 @@
-extern crate actix_web;
-extern crate actix_web_httpauth;
-
-use actix_web::{server, App, HttpRequest, FromRequest, Result};
-use actix_web::middleware::{Middleware, Started};
-use actix_web_httpauth::basic::{BasicAuth, Config};
-
-struct AuthMiddleware;
-
-impl<S> Middleware<S> for AuthMiddleware {
-    fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
-        let mut config = Config::default();
-        config.realm("Restricted area".to_string());
-        let auth = BasicAuth::from_request(&req, &config)?;
-
-        // Please note that this is only an example,
-        // do not ever hardcode your credentials!
-        if auth.username == "root" && auth.password == "pass" {
-            Ok(Started::Done)
-        } else {
-            let response = BasicAuth::error_response(&config);
-            Ok(Started::Response(response))
-        }
-    }
-
-}
-
-fn index(auth: BasicAuth) -> String {
-    format!("Hello, {}", auth.username)
-}
-
-fn main() {
-    server::new(|| App::new()
-            // Comment the `.middleware()` line and let `BasicAuth` extractor
-            // in the `index` handler do the authentication routine
-            .middleware(AuthMiddleware)
-            .resource("/", |r| r.with(index)))
-       .bind("127.0.0.1:8088").unwrap()
-       .run();
-}
--- a/examples/extractor_basic.rs
+++ b/examples/extractor_basic.rs
@ -0,0 +1,36 @@
+extern crate actix_web;
+extern crate actix_web_httpauth;
+
+use actix_web::{server, App, Result, HttpRequest, FromRequest};
+use actix_web::middleware::{Middleware, Started};
+use actix_web_httpauth::extractors::basic::{BasicAuth, Config};
+use actix_web_httpauth::extractors::AuthenticationError;
+
+struct Auth;
+
+impl<S> Middleware<S> for Auth {
+    fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
+        let mut config = Config::default();
+        config.realm("WallyWorld");
+        let auth = BasicAuth::from_request(&req, &config)?;
+
+        if auth.username() == "Aladdin" && auth.password() == Some("open sesame") {
+            Ok(Started::Done)
+        } else {
+            Err(AuthenticationError::from(config).into())
+        }
+    }
+}
+
+fn index(_req: HttpRequest) -> String {
+    "Hello, authorized user!".to_string()
+}
+
+fn main() {
+    server::new(|| App::new()
+            .middleware(Auth)
+            .resource("/", |r| r.with(index))
+        )
+        .bind("127.0.0.1:8088").unwrap()
+        .run();
+}
--- a/examples/extractor_bearer.rs
+++ b/examples/extractor_bearer.rs
@ -0,0 +1,40 @@
+extern crate actix_web;
+extern crate actix_web_httpauth;
+
+use actix_web::{server, App, HttpRequest, Result, FromRequest};
+use actix_web_httpauth::extractors::AuthenticationError;
+use actix_web_httpauth::extractors::bearer::{BearerAuth, Config, Error};
+use actix_web::middleware::{Middleware, Started};
+
+struct Auth;
+
+impl<S> Middleware<S> for Auth {
+    fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
+        let mut config = Config::default();
+        config.realm("Restricted area");
+        config.scope("openid profile email");
+        let auth = BearerAuth::from_request(&req, &config)?;
+
+        if auth.token() == "mF_9.B5f-4.1JqM" {
+            Ok(Started::Done)
+        } else {
+            Err(AuthenticationError::from(config)
+                .with_error(Error::InvalidToken)
+                .into())
+        }
+    }
+
+}
+
+fn index(_req: HttpRequest) -> String {
+    "Hello, authorized user!".to_string()
+}
+
+fn main() {
+    server::new(|| App::new()
+            .middleware(Auth)
+            .resource("/", |r| r.with(index))
+        )
+        .bind("127.0.0.1:8088").unwrap()
+        .run();
+}
--- a/examples/header_www_authenticate_basic.rs
+++ b/examples/header_www_authenticate_basic.rs
@ -0,0 +1,25 @@
+extern crate actix_web;
+extern crate actix_web_httpauth;
+
+use actix_web::{server, App, HttpRequest, HttpResponse};
+use actix_web::http::StatusCode;
+use actix_web_httpauth::headers::www_authenticate::{WWWAuthenticate};
+use actix_web_httpauth::headers::www_authenticate::basic::Basic;
+
+
+fn index(req: HttpRequest) -> HttpResponse {
+    let challenge = Basic {
+        realm: Some("Restricted area".to_string()),
+    };
+
+    req.build_response(StatusCode::UNAUTHORIZED)
+        .set(WWWAuthenticate(challenge))
+        .finish()
+}
+
+fn main() {
+    server::new(|| App::new()
+            .resource("/", |r| r.with(index)))
+       .bind("127.0.0.1:8088").unwrap()
+       .run();
+}
--- a/examples/header_www_authenticate_bearer.rs
+++ b/examples/header_www_authenticate_bearer.rs
@ -0,0 +1,29 @@
+extern crate actix_web;
+extern crate actix_web_httpauth;
+
+use actix_web::{server, App, HttpRequest, HttpResponse};
+use actix_web::http::StatusCode;
+use actix_web_httpauth::headers::www_authenticate::{WWWAuthenticate};
+use actix_web_httpauth::headers::www_authenticate::bearer::{Bearer, Error};
+
+
+fn index(req: HttpRequest) -> HttpResponse {
+    let challenge = Bearer {
+        realm: Some("example".to_string()),
+        scope: Some("openid profile email".to_string()),
+        error: Some(Error::InvalidToken),
+        error_description: Some("The access token expired".to_string()),
+        error_uri: Some("http://example.org".to_string()),
+    };
+
+    req.build_response(StatusCode::UNAUTHORIZED)
+        .set(WWWAuthenticate(challenge))
+        .finish()
+}
+
+fn main() {
+    server::new(|| App::new()
+            .resource("/", |r| r.with(index)))
+       .bind("127.0.0.1:8088").unwrap()
+       .run();
+}