diff --git a/actix-session/Cargo.toml b/actix-session/Cargo.toml index f016d511f..46c3570d3 100644 --- a/actix-session/Cargo.toml +++ b/actix-session/Cargo.toml @@ -30,7 +30,10 @@ redis-rs-tls-session = ["redis-rs-session", "redis/tokio-native-tls-comp"] [dependencies] actix-service = "2" actix-utils = "3" -actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies"] } +actix-web = { version = "4", default_features = false, features = [ + "cookies", + "secure-cookies", +] } anyhow = "1" async-trait = "0.1" @@ -44,14 +47,27 @@ tracing = { version = "0.1.30", default-features = false, features = ["log"] } actix = { version = "0.13", default-features = false, optional = true } actix-redis = { version = "0.12", optional = true } futures-core = { version = "0.3.7", default-features = false, optional = true } +secrecy = "0.8" # redis-rs-session -redis = { version = "0.21", default-features = false, features = ["aio", "tokio-comp", "connection-manager"], optional = true } +redis = { version = "0.21", default-features = false, features = [ + "aio", + "tokio-comp", + "connection-manager", +], optional = true } [dev-dependencies] -actix-session = { path = ".", features = ["cookie-session", "redis-actor-session", "redis-rs-session"] } +actix-session = { path = ".", features = [ + "cookie-session", + "redis-actor-session", + "redis-rs-session", +] } actix-test = "0.1.0-beta.10" -actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies", "macros"] } +actix-web = { version = "4", default_features = false, features = [ + "cookies", + "secure-cookies", + "macros", +] } env_logger = "0.9" log = "0.4" diff --git a/actix-session/src/session.rs b/actix-session/src/session.rs index 35aaaa3f2..7b6684573 100644 --- a/actix-session/src/session.rs +++ b/actix-session/src/session.rs @@ -17,6 +17,8 @@ use anyhow::Context; use derive_more::{Display, From}; use serde::{de::DeserializeOwned, Serialize}; +use crate::storage::SessionKey; + /// The primary interface to access and modify session state. /// /// [`Session`] is an [extractor](#impl-FromRequest)—you can specify it as an input type for your @@ -77,6 +79,7 @@ impl Default for SessionStatus { struct SessionInner { state: HashMap, status: SessionStatus, + session_key: SessionKey, } impl Session { @@ -101,7 +104,13 @@ impl Session { Ok(None) } } - + /// Get a the session key itself from the overall session. + /// + /// Needs to be implemented + pub fn get_session_key(&self) -> secrecy::Secret { + let key = self.0.borrow().session_key.clone(); + secrecy::Secret::new(key) + } /// Get all raw key-value data from the session. /// /// Note that values are JSON encoded. diff --git a/actix-session/src/storage/session_key.rs b/actix-session/src/storage/session_key.rs index ad5c47a1d..fa0269b26 100644 --- a/actix-session/src/storage/session_key.rs +++ b/actix-session/src/storage/session_key.rs @@ -17,8 +17,8 @@ use derive_more::{Display, From}; /// let session_key: Result = key.try_into(); /// assert!(session_key.is_err()); /// ``` -#[derive(Debug, PartialEq, Eq)] -pub struct SessionKey(String); +#[derive(Debug, PartialEq, Eq, Default, Clone)] +pub struct SessionKey(pub String); impl TryFrom for SessionKey { type Error = InvalidSessionKeyError; @@ -41,6 +41,12 @@ impl AsRef for SessionKey { } } +impl secrecy::Zeroize for SessionKey { + fn zeroize(&mut self) { + self.0.zeroize(); + } +} + impl From for String { fn from(key: SessionKey) -> Self { key.0