1
0
mirror of https://github.com/fafhrd91/actix-web synced 2024-12-01 02:54:36 +01:00
actix-web/src/middleware/identity.rs

466 lines
14 KiB
Rust
Raw Normal View History

2019-03-10 03:04:40 +01:00
//! Request identity service for Actix applications.
//!
//! [**IdentityService**](struct.IdentityService.html) middleware can be
//! used with different policies types to store identity information.
//!
//! By default, only cookie identity policy is implemented. Other backend
//! implementations can be added separately.
//!
//! [**CookieIdentityPolicy**](struct.CookieIdentityPolicy.html)
//! uses cookies as identity storage.
//!
//! To access current request identity
//! [**RequestIdentity**](trait.RequestIdentity.html) should be used.
//! *HttpRequest* implements *RequestIdentity* trait.
//!
//! ```rust
2019-03-10 05:40:09 +01:00
//! use actix_web::middleware::identity::Identity;
2019-03-10 03:04:40 +01:00
//! use actix_web::middleware::identity::{CookieIdentityPolicy, IdentityService};
//! use actix_web::*;
//!
2019-03-10 05:40:09 +01:00
//! fn index(id: Identity) -> String {
2019-03-10 03:04:40 +01:00
//! // access request identity
2019-03-10 05:40:09 +01:00
//! if let Some(id) = id.identity() {
//! format!("Welcome! {}", id)
2019-03-10 03:04:40 +01:00
//! } else {
2019-03-10 05:40:09 +01:00
//! "Welcome Anonymous!".to_owned()
2019-03-10 03:04:40 +01:00
//! }
//! }
//!
2019-03-10 05:40:09 +01:00
//! fn login(id: Idenity) -> HttpResponse {
//! id.remember("User1".to_owned()); // <- remember identity
2019-03-10 03:04:40 +01:00
//! HttpResponse::Ok().finish()
//! }
//!
2019-03-10 05:40:09 +01:00
//! fn logout(id: Identity) -> HttpResponse {
//! id.forget(); // <- remove identity
2019-03-10 03:04:40 +01:00
//! HttpResponse::Ok().finish()
//! }
//!
//! fn main() {
//! let app = App::new().middleware(IdentityService::new(
//! // <- create identity middleware
//! CookieIdentityPolicy::new(&[0; 32]) // <- create cookie session backend
//! .name("auth-cookie")
2019-03-10 05:40:09 +01:00
//! .secure(false))
//! .service(web::resource("/index.html").to(index)
//! .service(web::resource("/login.html").to(login)
//! .service(web::resource("/logout.html").to(logout)
2019-03-10 03:04:40 +01:00
//! ));
//! }
//! ```
2019-03-10 05:40:09 +01:00
use std::cell::RefCell;
2019-03-10 03:04:40 +01:00
use std::rc::Rc;
2019-03-10 05:40:09 +01:00
use actix_service::{Service, Transform};
2019-03-10 03:04:40 +01:00
use cookie::{Cookie, CookieJar, Key, SameSite};
2019-03-10 05:40:09 +01:00
use futures::future::{ok, Either, FutureResult};
use futures::{Future, IntoFuture, Poll};
2019-03-10 03:04:40 +01:00
use time::Duration;
2019-03-10 05:40:09 +01:00
use crate::error::{Error, Result};
use crate::http::header::{self, HeaderValue};
use crate::request::HttpRequest;
use crate::service::{ServiceFromRequest, ServiceRequest, ServiceResponse};
use crate::FromRequest;
use crate::HttpMessage;
2019-03-10 03:04:40 +01:00
2019-03-10 05:40:09 +01:00
/// The extractor type to obtain your identity from a request.
2019-03-10 03:04:40 +01:00
///
/// ```rust
/// use actix_web::*;
2019-03-10 05:40:09 +01:00
/// use actix_web::middleware::identity::Identity;
2019-03-10 03:04:40 +01:00
///
2019-03-10 05:40:09 +01:00
/// fn index(id: Identity) -> Result<String> {
2019-03-10 03:04:40 +01:00
/// // access request identity
2019-03-10 05:40:09 +01:00
/// if let Some(id) = id.identity() {
2019-03-10 03:04:40 +01:00
/// Ok(format!("Welcome! {}", id))
/// } else {
/// Ok("Welcome Anonymous!".to_owned())
/// }
/// }
///
2019-03-10 05:40:09 +01:00
/// fn login(id: Identity) -> HttpResponse {
/// id.remember("User1".to_owned()); // <- remember identity
2019-03-10 03:04:40 +01:00
/// HttpResponse::Ok().finish()
/// }
///
2019-03-10 05:40:09 +01:00
/// fn logout(id: Identity) -> HttpResponse {
/// id.forget(); // <- remove identity
2019-03-10 03:04:40 +01:00
/// HttpResponse::Ok().finish()
/// }
/// # fn main() {}
/// ```
2019-03-10 05:40:09 +01:00
#[derive(Clone)]
pub struct Identity(HttpRequest);
impl Identity {
2019-03-10 03:04:40 +01:00
/// Return the claimed identity of the user associated request or
/// ``None`` if no identity can be found associated with the request.
2019-03-10 05:40:09 +01:00
pub fn identity(&self) -> Option<String> {
if let Some(id) = self.0.extensions().get::<IdentityItem>() {
id.id.clone()
} else {
None
2019-03-10 03:04:40 +01:00
}
}
2019-03-10 05:40:09 +01:00
/// Remember identity.
pub fn remember(&self, identity: String) {
if let Some(id) = self.0.extensions_mut().get_mut::<IdentityItem>() {
id.id = Some(identity);
id.changed = true;
2019-03-10 03:04:40 +01:00
}
}
2019-03-10 05:40:09 +01:00
/// This method is used to 'forget' the current identity on subsequent
/// requests.
pub fn forget(&self) {
if let Some(id) = self.0.extensions_mut().get_mut::<IdentityItem>() {
id.id = None;
id.changed = true;
2019-03-10 03:04:40 +01:00
}
}
}
2019-03-10 05:40:09 +01:00
struct IdentityItem {
id: Option<String>,
changed: bool,
}
2019-03-10 03:04:40 +01:00
2019-03-10 05:40:09 +01:00
/// Extractor implementation for Identity type.
///
/// ```rust
/// # use actix_web::*;
/// use actix_web::middleware::identity::Identity;
///
/// fn index(id: Identity) -> String {
/// // access request identity
/// if let Some(id) = id.identity() {
/// format!("Welcome! {}", id)
/// } else {
/// "Welcome Anonymous!".to_owned()
/// }
/// }
/// # fn main() {}
/// ```
impl<P> FromRequest<P> for Identity {
type Error = Error;
type Future = Result<Identity, Error>;
type Config = ();
#[inline]
fn from_request(req: &mut ServiceFromRequest<P>) -> Self::Future {
Ok(Identity(req.clone()))
}
2019-03-10 03:04:40 +01:00
}
/// Identity policy definition.
2019-03-10 05:40:09 +01:00
pub trait IdentityPolicy: Sized + 'static {
/// The return type of the middleware
type Future: IntoFuture<Item = Option<String>, Error = Error>;
2019-03-10 03:04:40 +01:00
/// The return type of the middleware
2019-03-10 05:40:09 +01:00
type ResponseFuture: IntoFuture<Item = (), Error = Error>;
2019-03-10 03:04:40 +01:00
/// Parse the session from request and load data from a service identity.
2019-03-10 05:40:09 +01:00
fn from_request<P>(&self, request: &mut ServiceRequest<P>) -> Self::Future;
/// Write changes to response
fn to_response<B>(
&self,
identity: Option<String>,
changed: bool,
response: &mut ServiceResponse<B>,
) -> Self::ResponseFuture;
2019-03-10 03:04:40 +01:00
}
/// Request identity middleware
///
/// ```rust
/// use actix_web::App;
2019-03-10 05:40:09 +01:00
/// use actix_web::middleware::identity::{CookieIdentityPolicy, IdentityService};
2019-03-10 03:04:40 +01:00
///
/// fn main() {
/// let app = App::new().middleware(IdentityService::new(
/// // <- create identity middleware
/// CookieIdentityPolicy::new(&[0; 32]) // <- create cookie session backend
/// .name("auth-cookie")
/// .secure(false),
/// ));
/// }
/// ```
pub struct IdentityService<T> {
2019-03-10 05:40:09 +01:00
backend: Rc<T>,
2019-03-10 03:04:40 +01:00
}
impl<T> IdentityService<T> {
/// Create new identity service with specified backend.
pub fn new(backend: T) -> Self {
2019-03-10 05:40:09 +01:00
IdentityService {
backend: Rc::new(backend),
}
2019-03-10 03:04:40 +01:00
}
}
2019-03-10 05:40:09 +01:00
impl<S, T, P, B> Transform<S> for IdentityService<T>
where
P: 'static,
S: Service<Request = ServiceRequest<P>, Response = ServiceResponse<B>> + 'static,
S::Future: 'static,
T: IdentityPolicy,
B: 'static,
{
type Request = ServiceRequest<P>;
type Response = ServiceResponse<B>;
type Error = S::Error;
type InitError = ();
type Transform = IdentityServiceMiddleware<S, T>;
type Future = FutureResult<Self::Transform, Self::InitError>;
fn new_transform(&self, service: S) -> Self::Future {
ok(IdentityServiceMiddleware {
backend: self.backend.clone(),
service: Rc::new(RefCell::new(service)),
})
2019-03-10 03:04:40 +01:00
}
}
2019-03-10 05:40:09 +01:00
pub struct IdentityServiceMiddleware<S, T> {
backend: Rc<T>,
service: Rc<RefCell<S>>,
2019-03-10 03:04:40 +01:00
}
2019-03-10 05:40:09 +01:00
impl<S, T, P, B> Service for IdentityServiceMiddleware<S, T>
where
P: 'static,
B: 'static,
S: Service<Request = ServiceRequest<P>, Response = ServiceResponse<B>> + 'static,
S::Future: 'static,
T: IdentityPolicy,
{
type Request = ServiceRequest<P>;
type Response = ServiceResponse<B>;
type Error = S::Error;
type Future = Box<Future<Item = Self::Response, Error = Self::Error>>;
fn poll_ready(&mut self) -> Poll<(), Self::Error> {
self.service.borrow_mut().poll_ready()
2019-03-10 03:04:40 +01:00
}
2019-03-10 05:40:09 +01:00
fn call(&mut self, mut req: ServiceRequest<P>) -> Self::Future {
let srv = self.service.clone();
let backend = self.backend.clone();
Box::new(
self.backend.from_request(&mut req).into_future().then(
move |res| match res {
Ok(id) => {
req.extensions_mut()
.insert(IdentityItem { id, changed: false });
Either::A(srv.borrow_mut().call(req).and_then(move |mut res| {
let id =
res.request().extensions_mut().remove::<IdentityItem>();
if let Some(id) = id {
return Either::A(
backend
.to_response(id.id, id.changed, &mut res)
.into_future()
.then(move |t| match t {
Ok(_) => Ok(res),
Err(e) => Ok(res.error_response(e)),
}),
);
} else {
Either::B(ok(res))
}
}))
}
Err(err) => Either::B(ok(req.error_response(err))),
},
),
)
2019-03-10 03:04:40 +01:00
}
}
struct CookieIdentityInner {
key: Key,
name: String,
path: String,
domain: Option<String>,
secure: bool,
max_age: Option<Duration>,
same_site: Option<SameSite>,
}
impl CookieIdentityInner {
fn new(key: &[u8]) -> CookieIdentityInner {
CookieIdentityInner {
key: Key::from_master(key),
name: "actix-identity".to_owned(),
path: "/".to_owned(),
domain: None,
secure: true,
max_age: None,
same_site: None,
}
}
2019-03-10 05:40:09 +01:00
fn set_cookie<B>(
&self,
resp: &mut ServiceResponse<B>,
id: Option<String>,
) -> Result<()> {
2019-03-10 03:04:40 +01:00
let some = id.is_some();
{
let id = id.unwrap_or_else(String::new);
let mut cookie = Cookie::new(self.name.clone(), id);
cookie.set_path(self.path.clone());
cookie.set_secure(self.secure);
cookie.set_http_only(true);
if let Some(ref domain) = self.domain {
cookie.set_domain(domain.clone());
}
if let Some(max_age) = self.max_age {
cookie.set_max_age(max_age);
}
if let Some(same_site) = self.same_site {
cookie.set_same_site(same_site);
}
let mut jar = CookieJar::new();
if some {
jar.private(&self.key).add(cookie);
} else {
jar.add_original(cookie.clone());
jar.private(&self.key).remove(cookie);
}
for cookie in jar.delta() {
let val = HeaderValue::from_str(&cookie.to_string())?;
resp.headers_mut().append(header::SET_COOKIE, val);
}
}
Ok(())
}
2019-03-10 05:40:09 +01:00
fn load<T>(&self, req: &ServiceRequest<T>) -> Option<String> {
2019-03-10 03:04:40 +01:00
if let Ok(cookies) = req.cookies() {
for cookie in cookies.iter() {
if cookie.name() == self.name {
let mut jar = CookieJar::new();
jar.add_original(cookie.clone());
let cookie_opt = jar.private(&self.key).get(&self.name);
if let Some(cookie) = cookie_opt {
return Some(cookie.value().into());
}
}
}
}
None
}
}
/// Use cookies for request identity storage.
///
/// The constructors take a key as an argument.
/// This is the private key for cookie - when this value is changed,
/// all identities are lost. The constructors will panic if the key is less
/// than 32 bytes in length.
///
/// # Example
///
/// ```rust
/// # extern crate actix_web;
/// use actix_web::middleware::identity::{CookieIdentityPolicy, IdentityService};
/// use actix_web::App;
///
/// fn main() {
/// let app = App::new().middleware(IdentityService::new(
/// // <- create identity middleware
/// CookieIdentityPolicy::new(&[0; 32]) // <- construct cookie policy
/// .domain("www.rust-lang.org")
/// .name("actix_auth")
/// .path("/")
/// .secure(true),
/// ));
/// }
/// ```
pub struct CookieIdentityPolicy(Rc<CookieIdentityInner>);
impl CookieIdentityPolicy {
/// Construct new `CookieIdentityPolicy` instance.
///
/// Panics if key length is less than 32 bytes.
pub fn new(key: &[u8]) -> CookieIdentityPolicy {
CookieIdentityPolicy(Rc::new(CookieIdentityInner::new(key)))
}
/// Sets the `path` field in the session cookie being built.
pub fn path<S: Into<String>>(mut self, value: S) -> CookieIdentityPolicy {
Rc::get_mut(&mut self.0).unwrap().path = value.into();
self
}
/// Sets the `name` field in the session cookie being built.
pub fn name<S: Into<String>>(mut self, value: S) -> CookieIdentityPolicy {
Rc::get_mut(&mut self.0).unwrap().name = value.into();
self
}
/// Sets the `domain` field in the session cookie being built.
pub fn domain<S: Into<String>>(mut self, value: S) -> CookieIdentityPolicy {
Rc::get_mut(&mut self.0).unwrap().domain = Some(value.into());
self
}
/// Sets the `secure` field in the session cookie being built.
///
/// If the `secure` field is set, a cookie will only be transmitted when the
/// connection is secure - i.e. `https`
pub fn secure(mut self, value: bool) -> CookieIdentityPolicy {
Rc::get_mut(&mut self.0).unwrap().secure = value;
self
}
/// Sets the `max-age` field in the session cookie being built.
pub fn max_age(mut self, value: Duration) -> CookieIdentityPolicy {
Rc::get_mut(&mut self.0).unwrap().max_age = Some(value);
self
}
/// Sets the `same_site` field in the session cookie being built.
pub fn same_site(mut self, same_site: SameSite) -> Self {
Rc::get_mut(&mut self.0).unwrap().same_site = Some(same_site);
self
}
}
2019-03-10 05:40:09 +01:00
impl IdentityPolicy for CookieIdentityPolicy {
type Future = Result<Option<String>, Error>;
type ResponseFuture = Result<(), Error>;
2019-03-10 03:04:40 +01:00
2019-03-10 05:40:09 +01:00
fn from_request<P>(&self, req: &mut ServiceRequest<P>) -> Self::Future {
Ok(self.0.load(req))
}
fn to_response<B>(
&self,
id: Option<String>,
changed: bool,
res: &mut ServiceResponse<B>,
) -> Self::ResponseFuture {
if changed {
let _ = self.0.set_cookie(res, id);
}
Ok(())
2019-03-10 03:04:40 +01:00
}
}