1
0
mirror of https://github.com/actix/actix-extras.git synced 2024-12-04 20:11:55 +01:00
actix-extras/actix-identity
John Vandenberg 48646d1bd3
build(deps): update derive_more to v1.0 (#458)
* build(deps): update derive_more to v1.0

* chore: remove overspecified deps

* chore: use from the derive module

* chore: restore unrelated version reqs

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>
2024-08-18 14:21:56 +00:00
..
examples Rebuild actix-identity on top of actix-session (#246) 2022-07-09 19:00:15 +01:00
src build(deps): update derive_more to v1.0 (#458) 2024-08-18 14:21:56 +00:00
tests/integration build(deps): update reqwest requirement from 0.11 to 0.12 (#454) 2024-08-06 14:19:02 +00:00
Cargo.toml build(deps): update derive_more to v1.0 (#458) 2024-08-18 14:21:56 +00:00
CHANGES.md docs: update session dependants changelogs 2024-08-07 01:05:57 +01:00
LICENSE-APACHE move identity service separate crate 2019-06-12 15:52:48 +06:00
LICENSE-MIT move identity service separate crate 2019-06-12 15:52:48 +06:00
README.md chore(actix-identity): prepare release 0.7.1 2024-03-02 18:32:58 +00:00

actix-identity

Identity management for Actix Web.

crates.io Documentation Apache 2.0 or MIT licensed Dependency Status

Identity management for Actix Web.

actix-identity can be used to track identity of a user across multiple requests. It is built on top of HTTP sessions, via actix-session.

Getting started

To start using identity management in your Actix Web application you must register [IdentityMiddleware] and SessionMiddleware as middleware on your App:

use actix_web::{cookie::Key, App, HttpServer, HttpResponse};
use actix_identity::IdentityMiddleware;
use actix_session::{storage::RedisSessionStore, SessionMiddleware};

#[actix_web::main]
async fn main() {
    // When using `Key::generate()` it is important to initialize outside of the
    // `HttpServer::new` closure. When deployed the secret key should be read from a
    // configuration file or environment variables.
    let secret_key = Key::generate();

    let redis_store = RedisSessionStore::new("redis://127.0.0.1:6379")
        .await
        .unwrap();

    HttpServer::new(move || {
        App::new()
            // Install the identity framework first.
            .wrap(IdentityMiddleware::default())
            // The identity system is built on top of sessions. You must install the session
            // middleware to leverage `actix-identity`. The session middleware must be mounted
            // AFTER the identity middleware: `actix-web` invokes middleware in the OPPOSITE
            // order of registration when it receives an incoming request.
            .wrap(SessionMiddleware::new(
                 redis_store.clone(),
                 secret_key.clone(),
            ))
            // Your request handlers [...]
    })
}

User identities can be created, accessed and destroyed using the [Identity] extractor in your request handlers:

use actix_web::{get, post, HttpResponse, Responder, HttpRequest, HttpMessage};
use actix_identity::Identity;
use actix_session::storage::RedisSessionStore;

#[get("/")]
async fn index(user: Option<Identity>) -> impl Responder {
    if let Some(user) = user {
        format!("Welcome! {}", user.id().unwrap())
    } else {
        "Welcome Anonymous!".to_owned()
    }
}

#[post("/login")]
async fn login(request: HttpRequest) -> impl Responder {
    // Some kind of authentication should happen here
    // e.g. password-based, biometric, etc.
    // [...]

    // attach a verified user identity to the active session
    Identity::login(&request.extensions(), "User1".into()).unwrap();

    HttpResponse::Ok()
}

#[post("/logout")]
async fn logout(user: Identity) -> impl Responder {
    user.logout();
    HttpResponse::Ok()
}

Advanced configuration

By default, actix-identity does not automatically log out users. You can change this behaviour by customising the configuration for [IdentityMiddleware] via [IdentityMiddleware::builder].

In particular, you can automatically log out users who: