<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `actix-session/src/middleware.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>middleware.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Regular-1f7d512b176f0f72.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Regular-018c141bf0843ffd.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/FiraSans-Medium-8f9a781e4970d388.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Regular-562dcc5011b6de7d.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceSerif4-Bold-124a1ca42af929b6.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../static.files/SourceCodePro-Semibold-d899c5a5c4aeb14a.ttf.woff2"><link rel="stylesheet" href="../../static.files/normalize-76eba96aa4d2e634.css"><link rel="stylesheet" href="../../static.files/rustdoc-ef244fc9943488f7.css" id="mainThemeStyle"><link rel="stylesheet" id="themeStyle" href="../../static.files/light-c11f492748536797.css"><link rel="stylesheet" disabled href="../../static.files/dark-a78f946771c40031.css"><link rel="stylesheet" disabled href="../../static.files/ayu-70b683d68cb31790.css"><script id="default-settings" ></script><script src="../../static.files/storage-d43fa987303ecbbb.js"></script><script defer src="../../static.files/source-script-74087aa2e88f4475.js"></script><script defer src="../../source-files.js"></script><script defer src="../../static.files/main-0dede64717b247ca.js"></script><noscript><link rel="stylesheet" href="../../static.files/noscript-201a7e04dc4c6fce.css"></noscript><link rel="icon" href="https://actix.rs/favicon.ico"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../actix_session/index.html">
<img src="https://actix.rs/img/logo.png" alt="logo"></a><form class="search-form"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../static.files/wheel-5ec35bf9ca753509.svg"></a></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
<span id="273">273</span>
<span id="274">274</span>
<span id="275">275</span>
<span id="276">276</span>
<span id="277">277</span>
<span id="278">278</span>
<span id="279">279</span>
<span id="280">280</span>
<span id="281">281</span>
<span id="282">282</span>
<span id="283">283</span>
<span id="284">284</span>
<span id="285">285</span>
<span id="286">286</span>
<span id="287">287</span>
<span id="288">288</span>
<span id="289">289</span>
<span id="290">290</span>
<span id="291">291</span>
<span id="292">292</span>
<span id="293">293</span>
<span id="294">294</span>
<span id="295">295</span>
<span id="296">296</span>
<span id="297">297</span>
<span id="298">298</span>
<span id="299">299</span>
<span id="300">300</span>
<span id="301">301</span>
<span id="302">302</span>
<span id="303">303</span>
<span id="304">304</span>
<span id="305">305</span>
<span id="306">306</span>
<span id="307">307</span>
<span id="308">308</span>
<span id="309">309</span>
<span id="310">310</span>
<span id="311">311</span>
<span id="312">312</span>
<span id="313">313</span>
<span id="314">314</span>
<span id="315">315</span>
<span id="316">316</span>
<span id="317">317</span>
<span id="318">318</span>
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
<span id="333">333</span>
<span id="334">334</span>
<span id="335">335</span>
<span id="336">336</span>
<span id="337">337</span>
<span id="338">338</span>
<span id="339">339</span>
<span id="340">340</span>
<span id="341">341</span>
<span id="342">342</span>
<span id="343">343</span>
<span id="344">344</span>
<span id="345">345</span>
<span id="346">346</span>
<span id="347">347</span>
<span id="348">348</span>
<span id="349">349</span>
<span id="350">350</span>
<span id="351">351</span>
<span id="352">352</span>
<span id="353">353</span>
<span id="354">354</span>
<span id="355">355</span>
<span id="356">356</span>
<span id="357">357</span>
<span id="358">358</span>
<span id="359">359</span>
<span id="360">360</span>
<span id="361">361</span>
<span id="362">362</span>
<span id="363">363</span>
<span id="364">364</span>
<span id="365">365</span>
<span id="366">366</span>
<span id="367">367</span>
<span id="368">368</span>
<span id="369">369</span>
<span id="370">370</span>
<span id="371">371</span>
<span id="372">372</span>
<span id="373">373</span>
<span id="374">374</span>
<span id="375">375</span>
<span id="376">376</span>
<span id="377">377</span>
<span id="378">378</span>
<span id="379">379</span>
<span id="380">380</span>
<span id="381">381</span>
<span id="382">382</span>
<span id="383">383</span>
<span id="384">384</span>
<span id="385">385</span>
<span id="386">386</span>
<span id="387">387</span>
<span id="388">388</span>
<span id="389">389</span>
<span id="390">390</span>
<span id="391">391</span>
<span id="392">392</span>
<span id="393">393</span>
<span id="394">394</span>
<span id="395">395</span>
<span id="396">396</span>
<span id="397">397</span>
<span id="398">398</span>
<span id="399">399</span>
<span id="400">400</span>
<span id="401">401</span>
<span id="402">402</span>
<span id="403">403</span>
<span id="404">404</span>
<span id="405">405</span>
<span id="406">406</span>
<span id="407">407</span>
<span id="408">408</span>
<span id="409">409</span>
<span id="410">410</span>
<span id="411">411</span>
<span id="412">412</span>
<span id="413">413</span>
<span id="414">414</span>
<span id="415">415</span>
<span id="416">416</span>
<span id="417">417</span>
<span id="418">418</span>
<span id="419">419</span>
<span id="420">420</span>
<span id="421">421</span>
<span id="422">422</span>
<span id="423">423</span>
<span id="424">424</span>
<span id="425">425</span>
<span id="426">426</span>
<span id="427">427</span>
<span id="428">428</span>
<span id="429">429</span>
<span id="430">430</span>
<span id="431">431</span>
<span id="432">432</span>
<span id="433">433</span>
<span id="434">434</span>
<span id="435">435</span>
<span id="436">436</span>
<span id="437">437</span>
<span id="438">438</span>
<span id="439">439</span>
<span id="440">440</span>
<span id="441">441</span>
<span id="442">442</span>
<span id="443">443</span>
<span id="444">444</span>
<span id="445">445</span>
<span id="446">446</span>
<span id="447">447</span>
<span id="448">448</span>
<span id="449">449</span>
<span id="450">450</span>
<span id="451">451</span>
<span id="452">452</span>
<span id="453">453</span>
<span id="454">454</span>
<span id="455">455</span>
<span id="456">456</span>
<span id="457">457</span>
<span id="458">458</span>
<span id="459">459</span>
<span id="460">460</span>
<span id="461">461</span>
<span id="462">462</span>
<span id="463">463</span>
<span id="464">464</span>
<span id="465">465</span>
</pre><pre class="rust"><code><span class="kw">use </span>std::{collections::HashMap, convert::TryInto, fmt, future::Future, pin::Pin, rc::Rc};
<span class="kw">use </span>actix_utils::future::{ready, Ready};
<span class="kw">use </span>actix_web::{
body::MessageBody,
cookie::{Cookie, CookieJar, Key},
dev::{forward_ready, ResponseHead, Service, ServiceRequest, ServiceResponse, Transform},
http::header::{HeaderValue, SET_COOKIE},
HttpResponse,
};
<span class="kw">use </span>anyhow::Context;
<span class="kw">use crate</span>::{
config::{
<span class="self">self</span>, Configuration, CookieConfiguration, CookieContentSecurity, SessionMiddlewareBuilder,
TtlExtensionPolicy,
},
storage::{LoadError, SessionKey, SessionStore},
Session, SessionStatus,
};
<span class="doccomment">/// A middleware for session management in Actix Web applications.
///
/// [`SessionMiddleware`] takes care of a few jobs:
///
/// - Instructs the session storage backend to create/update/delete/retrieve the state attached to
/// a session according to its status and the operations that have been performed against it;
/// - Set/remove a cookie, on the client side, to enable a user to be consistently associated with
/// the same session across multiple HTTP requests.
///
/// Use [`SessionMiddleware::new`] to initialize the session framework using the default parameters.
/// To create a new instance of [`SessionMiddleware`] you need to provide:
///
/// - an instance of the session storage backend you wish to use (i.e. an implementation of
/// [`SessionStore`]);
/// - a secret key, to sign or encrypt the content of client-side session cookie.
///
/// # How did we choose defaults?
/// You should not regret adding `actix-session` to your dependencies and going to production using
/// the default configuration. That is why, when in doubt, we opt to use the most secure option for
/// each configuration parameter.
///
/// We expose knobs to change the default to suit your needs—i.e., if you know what you are doing,
/// we will not stop you. But being a subject-matter expert should not be a requirement to deploy
/// reasonably secure implementation of sessions.
///
/// # Examples
/// ```no_run
/// use actix_web::{web, App, HttpServer, HttpResponse, Error};
/// use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
/// use actix_web::cookie::Key;
///
/// // The secret key would usually be read from a configuration file/environment variables.
/// fn get_secret_key() -> Key {
/// # todo!()
/// // [...]
/// }
///
/// #[actix_web::main]
/// async fn main() -> std::io::Result<()> {
/// let secret_key = get_secret_key();
/// let redis_connection_string = "127.0.0.1:6379";
/// HttpServer::new(move ||
/// App::new()
/// // Add session management to your application using Redis for session state storage
/// .wrap(
/// SessionMiddleware::new(
/// RedisActorSessionStore::new(redis_connection_string),
/// secret_key.clone()
/// )
/// )
/// .default_service(web::to(|| HttpResponse::Ok())))
/// .bind(("127.0.0.1", 8080))?
/// .run()
/// .await
/// }
/// ```
///
/// If you want to customise use [`builder`](Self::builder) instead of [`new`](Self::new):
///
/// ```no_run
/// use actix_web::{App, cookie::{Key, time}, Error, HttpResponse, HttpServer, web};
/// use actix_session::{Session, SessionMiddleware, storage::RedisActorSessionStore};
/// use actix_session::config::PersistentSession;
///
/// // The secret key would usually be read from a configuration file/environment variables.
/// fn get_secret_key() -> Key {
/// # todo!()
/// // [...]
/// }
///
/// #[actix_web::main]
/// async fn main() -> std::io::Result<()> {
/// let secret_key = get_secret_key();
/// let redis_connection_string = "127.0.0.1:6379";
/// HttpServer::new(move ||
/// App::new()
/// // Customise session length!
/// .wrap(
/// SessionMiddleware::builder(
/// RedisActorSessionStore::new(redis_connection_string),
/// secret_key.clone()
/// )
/// .session_lifecycle(
/// PersistentSession::default()
/// .session_ttl(time::Duration::days(5))
/// )
/// .build(),
/// )
/// .default_service(web::to(|| HttpResponse::Ok())))
/// .bind(("127.0.0.1", 8080))?
/// .run()
/// .await
/// }
/// ```
</span><span class="attr">#[derive(Clone)]
</span><span class="kw">pub struct </span>SessionMiddleware<Store: SessionStore> {
storage_backend: Rc<Store>,
configuration: Rc<Configuration>,
}
<span class="kw">impl</span><Store: SessionStore> SessionMiddleware<Store> {
<span class="doccomment">/// Use [`SessionMiddleware::new`] to initialize the session framework using the default
/// parameters.
///
/// To create a new instance of [`SessionMiddleware`] you need to provide:
/// - an instance of the session storage backend you wish to use (i.e. an implementation of
/// [`SessionStore`]);
/// - a secret key, to sign or encrypt the content of client-side session cookie.
</span><span class="kw">pub fn </span>new(store: Store, key: Key) -> <span class="self">Self </span>{
<span class="self">Self</span>::builder(store, key).build()
}
<span class="doccomment">/// A fluent API to configure [`SessionMiddleware`].
///
/// It takes as input the two required inputs to create a new instance of [`SessionMiddleware`]:
/// - an instance of the session storage backend you wish to use (i.e. an implementation of
/// [`SessionStore`]);
/// - a secret key, to sign or encrypt the content of client-side session cookie.
</span><span class="kw">pub fn </span>builder(store: Store, key: Key) -> SessionMiddlewareBuilder<Store> {
SessionMiddlewareBuilder::new(store, config::default_configuration(key))
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>from_parts(store: Store, configuration: Configuration) -> <span class="self">Self </span>{
<span class="self">Self </span>{
storage_backend: Rc::new(store),
configuration: Rc::new(configuration),
}
}
}
<span class="kw">impl</span><S, B, Store> Transform<S, ServiceRequest> <span class="kw">for </span>SessionMiddleware<Store>
<span class="kw">where
</span>S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + <span class="lifetime">'static</span>,
S::Future: <span class="lifetime">'static</span>,
B: MessageBody + <span class="lifetime">'static</span>,
Store: SessionStore + <span class="lifetime">'static</span>,
{
<span class="kw">type </span>Response = ServiceResponse<B>;
<span class="kw">type </span>Error = actix_web::Error;
<span class="kw">type </span>Transform = InnerSessionMiddleware<S, Store>;
<span class="kw">type </span>InitError = ();
<span class="kw">type </span>Future = Ready<<span class="prelude-ty">Result</span><<span class="self">Self</span>::Transform, <span class="self">Self</span>::InitError>>;
<span class="kw">fn </span>new_transform(<span class="kw-2">&</span><span class="self">self</span>, service: S) -> <span class="self">Self</span>::Future {
ready(<span class="prelude-val">Ok</span>(InnerSessionMiddleware {
service: Rc::new(service),
configuration: Rc::clone(<span class="kw-2">&</span><span class="self">self</span>.configuration),
storage_backend: Rc::clone(<span class="kw-2">&</span><span class="self">self</span>.storage_backend),
}))
}
}
<span class="doccomment">/// Short-hand to create an `actix_web::Error` instance that will result in an `Internal Server
/// Error` response while preserving the error root cause (e.g. in logs).
</span><span class="kw">fn </span>e500<E: fmt::Debug + fmt::Display + <span class="lifetime">'static</span>>(err: E) -> actix_web::Error {
<span class="comment">// We do not use `actix_web::error::ErrorInternalServerError` because we do not want to
// leak internal implementation details to the caller.
//
// `actix_web::error::ErrorInternalServerError` includes the error Display representation
// as body of the error responses, leading to messages like "There was an issue persisting
// the session state" reaching API clients. We don't want that, we want opaque 500s.
</span>actix_web::error::InternalError::from_response(
err,
HttpResponse::InternalServerError().finish(),
)
.into()
}
<span class="attr">#[doc(hidden)]
#[non_exhaustive]
</span><span class="kw">pub struct </span>InnerSessionMiddleware<S, Store: SessionStore + <span class="lifetime">'static</span>> {
service: Rc<S>,
configuration: Rc<Configuration>,
storage_backend: Rc<Store>,
}
<span class="kw">impl</span><S, B, Store> Service<ServiceRequest> <span class="kw">for </span>InnerSessionMiddleware<S, Store>
<span class="kw">where
</span>S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + <span class="lifetime">'static</span>,
S::Future: <span class="lifetime">'static</span>,
Store: SessionStore + <span class="lifetime">'static</span>,
{
<span class="kw">type </span>Response = ServiceResponse<B>;
<span class="kw">type </span>Error = actix_web::Error;
<span class="attr">#[allow(clippy::type_complexity)]
</span><span class="kw">type </span>Future = Pin<Box<<span class="kw">dyn </span>Future<Output = <span class="prelude-ty">Result</span><<span class="self">Self</span>::Response, <span class="self">Self</span>::Error>>>>;
<span class="macro">forward_ready!</span>(service);
<span class="kw">fn </span>call(<span class="kw-2">&</span><span class="self">self</span>, <span class="kw-2">mut </span>req: ServiceRequest) -> <span class="self">Self</span>::Future {
<span class="kw">let </span>service = Rc::clone(<span class="kw-2">&</span><span class="self">self</span>.service);
<span class="kw">let </span>storage_backend = Rc::clone(<span class="kw-2">&</span><span class="self">self</span>.storage_backend);
<span class="kw">let </span>configuration = Rc::clone(<span class="kw-2">&</span><span class="self">self</span>.configuration);
Box::pin(<span class="kw">async move </span>{
<span class="kw">let </span>session_key = extract_session_key(<span class="kw-2">&</span>req, <span class="kw-2">&</span>configuration.cookie);
<span class="kw">let </span>(session_key, session_state) =
load_session_state(session_key, storage_backend.as_ref()).<span class="kw">await</span><span class="question-mark">?</span>;
Session::set_session(<span class="kw-2">&mut </span>req, session_state);
<span class="kw">let </span><span class="kw-2">mut </span>res = service.call(req).<span class="kw">await</span><span class="question-mark">?</span>;
<span class="kw">let </span>(status, session_state) = Session::get_changes(<span class="kw-2">&mut </span>res);
<span class="kw">match </span>session_key {
<span class="prelude-val">None </span>=> {
<span class="comment">// we do not create an entry in the session store if there is no state attached
// to a fresh session
</span><span class="kw">if </span>!session_state.is_empty() {
<span class="kw">let </span>session_key = storage_backend
.save(session_state, <span class="kw-2">&</span>configuration.session.state_ttl)
.<span class="kw">await
</span>.map_err(e500)<span class="question-mark">?</span>;
set_session_cookie(
res.response_mut().head_mut(),
session_key,
<span class="kw-2">&</span>configuration.cookie,
)
.map_err(e500)<span class="question-mark">?</span>;
}
}
<span class="prelude-val">Some</span>(session_key) => {
<span class="kw">match </span>status {
SessionStatus::Changed => {
<span class="kw">let </span>session_key = storage_backend
.update(
session_key,
session_state,
<span class="kw-2">&</span>configuration.session.state_ttl,
)
.<span class="kw">await
</span>.map_err(e500)<span class="question-mark">?</span>;
set_session_cookie(
res.response_mut().head_mut(),
session_key,
<span class="kw-2">&</span>configuration.cookie,
)
.map_err(e500)<span class="question-mark">?</span>;
}
SessionStatus::Purged => {
storage_backend.delete(<span class="kw-2">&</span>session_key).<span class="kw">await</span>.map_err(e500)<span class="question-mark">?</span>;
delete_session_cookie(
res.response_mut().head_mut(),
<span class="kw-2">&</span>configuration.cookie,
)
.map_err(e500)<span class="question-mark">?</span>;
}
SessionStatus::Renewed => {
storage_backend.delete(<span class="kw-2">&</span>session_key).<span class="kw">await</span>.map_err(e500)<span class="question-mark">?</span>;
<span class="kw">let </span>session_key = storage_backend
.save(session_state, <span class="kw-2">&</span>configuration.session.state_ttl)
.<span class="kw">await
</span>.map_err(e500)<span class="question-mark">?</span>;
set_session_cookie(
res.response_mut().head_mut(),
session_key,
<span class="kw-2">&</span>configuration.cookie,
)
.map_err(e500)<span class="question-mark">?</span>;
}
SessionStatus::Unchanged => {
<span class="kw">if </span><span class="macro">matches!</span>(
configuration.ttl_extension_policy,
TtlExtensionPolicy::OnEveryRequest
) {
storage_backend
.update_ttl(<span class="kw-2">&</span>session_key, <span class="kw-2">&</span>configuration.session.state_ttl)
.<span class="kw">await
</span>.map_err(e500)<span class="question-mark">?</span>;
<span class="kw">if </span>configuration.cookie.max_age.is_some() {
set_session_cookie(
res.response_mut().head_mut(),
session_key,
<span class="kw-2">&</span>configuration.cookie,
)
.map_err(e500)<span class="question-mark">?</span>;
}
}
}
};
}
}
<span class="prelude-val">Ok</span>(res)
})
}
}
<span class="doccomment">/// Examines the session cookie attached to the incoming request, if there is one, and tries
/// to extract the session key.
///
/// It returns `None` if there is no session cookie or if the session cookie is considered invalid
/// (e.g., when failing a signature check).
</span><span class="kw">fn </span>extract_session_key(req: <span class="kw-2">&</span>ServiceRequest, config: <span class="kw-2">&</span>CookieConfiguration) -> <span class="prelude-ty">Option</span><SessionKey> {
<span class="kw">let </span>cookies = req.cookies().ok()<span class="question-mark">?</span>;
<span class="kw">let </span>session_cookie = cookies
.iter()
.find(|<span class="kw-2">&</span>cookie| cookie.name() == config.name)<span class="question-mark">?</span>;
<span class="kw">let </span><span class="kw-2">mut </span>jar = CookieJar::new();
jar.add_original(session_cookie.clone());
<span class="kw">let </span>verification_result = <span class="kw">match </span>config.content_security {
CookieContentSecurity::Signed => jar.signed(<span class="kw-2">&</span>config.key).get(<span class="kw-2">&</span>config.name),
CookieContentSecurity::Private => jar.private(<span class="kw-2">&</span>config.key).get(<span class="kw-2">&</span>config.name),
};
<span class="kw">if </span>verification_result.is_none() {
<span class="macro">tracing::warn!</span>(
<span class="string">"The session cookie attached to the incoming request failed to pass cryptographic \
checks (signature verification/decryption)."
</span>);
}
<span class="kw">match </span>verification_result<span class="question-mark">?</span>.value().to_owned().try_into() {
<span class="prelude-val">Ok</span>(session_key) => <span class="prelude-val">Some</span>(session_key),
<span class="prelude-val">Err</span>(err) => {
<span class="macro">tracing::warn!</span>(
error.message = %err,
error.cause_chain = <span class="question-mark">?</span>err,
<span class="string">"Invalid session key, ignoring."
</span>);
<span class="prelude-val">None
</span>}
}
}
<span class="kw">async fn </span>load_session_state<Store: SessionStore>(
session_key: <span class="prelude-ty">Option</span><SessionKey>,
storage_backend: <span class="kw-2">&</span>Store,
) -> <span class="prelude-ty">Result</span><(<span class="prelude-ty">Option</span><SessionKey>, HashMap<String, String>), actix_web::Error> {
<span class="kw">if let </span><span class="prelude-val">Some</span>(session_key) = session_key {
<span class="kw">match </span>storage_backend.load(<span class="kw-2">&</span>session_key).<span class="kw">await </span>{
<span class="prelude-val">Ok</span>(state) => {
<span class="kw">if let </span><span class="prelude-val">Some</span>(state) = state {
<span class="prelude-val">Ok</span>((<span class="prelude-val">Some</span>(session_key), state))
} <span class="kw">else </span>{
<span class="comment">// We discard the existing session key given that the state attached to it can
// no longer be found (e.g. it expired or we suffered some data loss in the
// storage). Regenerating the session key will trigger the `save` workflow
// instead of the `update` workflow if the session state is modified during the
// lifecycle of the current request.
</span><span class="macro">tracing::info!</span>(
<span class="string">"No session state has been found for a valid session key, creating a new \
empty session."
</span>);
<span class="prelude-val">Ok</span>((<span class="prelude-val">None</span>, HashMap::new()))
}
}
<span class="prelude-val">Err</span>(err) => <span class="kw">match </span>err {
LoadError::Deserialization(err) => {
<span class="macro">tracing::warn!</span>(
error.message = %err,
error.cause_chain = <span class="question-mark">?</span>err,
<span class="string">"Invalid session state, creating a new empty session."
</span>);
<span class="prelude-val">Ok</span>((<span class="prelude-val">Some</span>(session_key), HashMap::new()))
}
LoadError::Other(err) => <span class="prelude-val">Err</span>(e500(err)),
},
}
} <span class="kw">else </span>{
<span class="prelude-val">Ok</span>((<span class="prelude-val">None</span>, HashMap::new()))
}
}
<span class="kw">fn </span>set_session_cookie(
response: <span class="kw-2">&mut </span>ResponseHead,
session_key: SessionKey,
config: <span class="kw-2">&</span>CookieConfiguration,
) -> <span class="prelude-ty">Result</span><(), anyhow::Error> {
<span class="kw">let </span>value: String = session_key.into();
<span class="kw">let </span><span class="kw-2">mut </span>cookie = Cookie::new(config.name.clone(), value);
cookie.set_secure(config.secure);
cookie.set_http_only(config.http_only);
cookie.set_same_site(config.same_site);
cookie.set_path(config.path.clone());
<span class="kw">if let </span><span class="prelude-val">Some</span>(max_age) = config.max_age {
cookie.set_max_age(max_age);
}
<span class="kw">if let </span><span class="prelude-val">Some</span>(<span class="kw-2">ref </span>domain) = config.domain {
cookie.set_domain(domain.clone());
}
<span class="kw">let </span><span class="kw-2">mut </span>jar = CookieJar::new();
<span class="kw">match </span>config.content_security {
CookieContentSecurity::Signed => jar.signed_mut(<span class="kw-2">&</span>config.key).add(cookie),
CookieContentSecurity::Private => jar.private_mut(<span class="kw-2">&</span>config.key).add(cookie),
}
<span class="comment">// set cookie
</span><span class="kw">let </span>cookie = jar.delta().next().unwrap();
<span class="kw">let </span>val = HeaderValue::from_str(<span class="kw-2">&</span>cookie.encoded().to_string())
.context(<span class="string">"Failed to attach a session cookie to the outgoing response"</span>)<span class="question-mark">?</span>;
response.headers_mut().append(SET_COOKIE, val);
<span class="prelude-val">Ok</span>(())
}
<span class="kw">fn </span>delete_session_cookie(
response: <span class="kw-2">&mut </span>ResponseHead,
config: <span class="kw-2">&</span>CookieConfiguration,
) -> <span class="prelude-ty">Result</span><(), anyhow::Error> {
<span class="kw">let </span>removal_cookie = Cookie::build(config.name.clone(), <span class="string">""</span>)
.path(config.path.clone())
.secure(config.secure)
.http_only(config.http_only)
.same_site(config.same_site);
<span class="kw">let </span><span class="kw-2">mut </span>removal_cookie = <span class="kw">if let </span><span class="prelude-val">Some</span>(<span class="kw-2">ref </span>domain) = config.domain {
removal_cookie.domain(domain)
} <span class="kw">else </span>{
removal_cookie
}
.finish();
removal_cookie.make_removal();
<span class="kw">let </span>val = HeaderValue::from_str(<span class="kw-2">&</span>removal_cookie.to_string())
.context(<span class="string">"Failed to attach a session removal cookie to the outgoing response"</span>)<span class="question-mark">?</span>;
response.headers_mut().append(SET_COOKIE, val);
<span class="prelude-val">Ok</span>(())
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-static-root-path="../../static.files/" data-current-crate="actix_session" data-themes="" data-resource-suffix="" data-rustdoc-version="1.67.0-nightly (73c9eaf21 2022-11-07)" data-search-js="search-39ee4160c7dc16c9.js" data-settings-js="settings-3a0b9947ba1bd99a.js" data-settings-css="settings-a66f7524084a489a.css" ></div></body></html>