actix/examples
1
0
Fork 0
mirror of https://github.com/actix/examples synced 2025-02-17 07:23:29 +01:00
Code Issues Releases Wiki Activity

Fix bug in cookie-auth example where secret is too short (#583)

Browse Source
This commit is contained in:
iamjpotts 2022-11-15 02:02:36 -06:00 committed by GitHub
parent 1e1767135d
commit 6fe45afe69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
auth/cookie-auth/src/main.rs
View File

@ -33,16 +33,16 @@ async fn main() -> std::io::Result<()> {
std::env::set_var("RUST_LOG", "actix_web=info"); std::env::set_var("RUST_LOG", "actix_web=info");
env_logger::init(); env_logger::init();
// Generate a random 32 byte key. Note that it is important to use a unique // Generate a random secret key. Note that it is important to use a unique
// private key for every project. Anyone with access to the key can generate // secret key for every project. Anyone with access to the key can generate
// authentication cookies for any user! // authentication cookies for any user!
let private_key = rand::thread_rng().gen::<[u8; 32]>(); let secret_key = Key::generate();
HttpServer::new(move || { HttpServer::new(move || {
App::new() App::new()
.wrap(IdentityMiddleware::default()) .wrap(IdentityMiddleware::default())
.wrap( .wrap(
SessionMiddleware::builder(CookieSessionStore::default(), Key::from(&private_key)) SessionMiddleware::builder(CookieSessionStore::default(), secret_key)
.cookie_name("auth-example".to_owned()) .cookie_name("auth-example".to_owned())
.cookie_secure(false) .cookie_secure(false)
.build(), .build(),