From c557986915205a3deac342e53facedc91bbf8a20 Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Thu, 21 Jul 2022 03:30:12 +0100 Subject: [PATCH] update actix-session everywhere --- Cargo.lock | 24 +++--------------------- auth/cookie-session/Cargo.toml | 2 +- basics/basics/Cargo.toml | 4 ++-- basics/basics/src/main.rs | 19 ++++++++++++++----- basics/todo/Cargo.toml | 2 +- basics/todo/src/main.rs | 11 ++++++++--- basics/todo/src/session.rs | 4 ++-- 7 files changed, 31 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bb28cbc1..c5fc5639 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -390,24 +390,6 @@ dependencies = [ "time 0.3.11", ] -[[package]] -name = "actix-session" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c9138a66462f1e65da829f9c0de81b44a96dfe193a4f19bfea32ee2be312368" -dependencies = [ - "actix-service", - "actix-utils", - "actix-web", - "anyhow", - "async-trait", - "derive_more", - "serde", - "serde_json", - "time 0.3.11", - "tracing", -] - [[package]] name = "actix-session" version = "0.7.0" @@ -1136,7 +1118,7 @@ name = "basics" version = "1.0.0" dependencies = [ "actix-files", - "actix-session 0.5.0", + "actix-session 0.7.0", "actix-web", "async-stream", "env_logger 0.9.0", @@ -1677,7 +1659,7 @@ dependencies = [ name = "cookie-session" version = "1.0.0" dependencies = [ - "actix-session 0.6.2", + "actix-session 0.7.0", "actix-web", "env_logger 0.9.0", "log", @@ -6207,7 +6189,7 @@ name = "todo" version = "1.0.0" dependencies = [ "actix-files", - "actix-session 0.5.0", + "actix-session 0.7.0", "actix-web", "actix-web-lab", "dotenv", diff --git a/auth/cookie-session/Cargo.toml b/auth/cookie-session/Cargo.toml index 5117c3e9..6a873b57 100644 --- a/auth/cookie-session/Cargo.toml +++ b/auth/cookie-session/Cargo.toml @@ -5,6 +5,6 @@ edition = "2021" [dependencies] actix-web = "4" -actix-session = { version = "0.6", features = ["cookie-session"] } +actix-session = { version = "0.7", features = ["cookie-session"] } log = "0.4" env_logger = "0.9" diff --git a/basics/basics/Cargo.toml b/basics/basics/Cargo.toml index 6135ad50..0e79abf2 100644 --- a/basics/basics/Cargo.toml +++ b/basics/basics/Cargo.toml @@ -4,9 +4,9 @@ version = "1.0.0" edition = "2021" [dependencies] -actix-web = "4" actix-files = "0.6" -actix-session = "0.5" +actix-session = { version = "0.7", features = ["cookie-session"] } +actix-web = "4" async-stream = "0.3" env_logger = "0.9" diff --git a/basics/basics/src/main.rs b/basics/basics/src/main.rs index 6f47aaeb..305d1251 100644 --- a/basics/basics/src/main.rs +++ b/basics/basics/src/main.rs @@ -1,8 +1,7 @@ -use std::convert::Infallible; -use std::io; +use std::{convert::Infallible, io}; use actix_files::{Files, NamedFile}; -use actix_session::{CookieSession, Session}; +use actix_session::{storage::CookieSessionStore, Session, SessionMiddleware}; use actix_web::{ error, get, http::{ @@ -13,6 +12,9 @@ use actix_web::{ }; use async_stream::stream; +// NOTE: Not a suitable session key for production. +static SESSION_SIGNING_KEY: &[u8] = &[0; 64]; + /// favicon handler #[get("/favicon")] async fn favicon() -> Result { @@ -76,14 +78,21 @@ async fn with_param(req: HttpRequest, path: web::Path<(String,)>) -> HttpRespons async fn main() -> io::Result<()> { env_logger::init_from_env(env_logger::Env::new().default_filter_or("info")); + // random key means that restarting server will invalidate existing session cookies + let key = actix_web::cookie::Key::from(SESSION_SIGNING_KEY); + log::info!("starting HTTP server at http://localhost:8080"); - HttpServer::new(|| { + HttpServer::new(move || { App::new() // enable automatic response compression - usually register this first .wrap(middleware::Compress::default()) // cookie session middleware - .wrap(CookieSession::signed(&[0; 32]).secure(false)) + .wrap( + SessionMiddleware::builder(CookieSessionStore::default(), key.clone()) + .cookie_secure(false) + .build(), + ) // enable logger - always register Actix Web Logger middleware last .wrap(middleware::Logger::default()) // register favicon diff --git a/basics/todo/Cargo.toml b/basics/todo/Cargo.toml index ce584dfe..2fffe9d3 100644 --- a/basics/todo/Cargo.toml +++ b/basics/todo/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" [dependencies] actix-files = "0.6" -actix-session = "0.5" +actix-session = { version = "0.7", features = ["cookie-session"] } actix-web = "4" actix-web-lab = "0.16" diff --git a/basics/todo/src/main.rs b/basics/todo/src/main.rs index 52a463e7..938f194c 100644 --- a/basics/todo/src/main.rs +++ b/basics/todo/src/main.rs @@ -1,7 +1,7 @@ use std::{env, io}; use actix_files::Files; -use actix_session::CookieSession; +use actix_session::{storage::CookieSessionStore, SessionMiddleware}; use actix_web::{ http, middleware::{ErrorHandlers, Logger}, @@ -15,13 +15,16 @@ mod db; mod model; mod session; -static SESSION_SIGNING_KEY: &[u8] = &[0; 32]; +// NOTE: Not a suitable session key for production. +static SESSION_SIGNING_KEY: &[u8] = &[0; 64]; #[actix_web::main] async fn main() -> io::Result<()> { dotenv().ok(); env_logger::init_from_env(env_logger::Env::new().default_filter_or("info")); + let key = actix_web::cookie::Key::from(SESSION_SIGNING_KEY); + let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set"); let pool = db::init_pool(&database_url) .await @@ -35,7 +38,9 @@ async fn main() -> io::Result<()> { let mut templates = Tera::new("templates/**/*").expect("errors in tera templates"); templates.autoescape_on(vec!["tera"]); - let session_store = CookieSession::signed(SESSION_SIGNING_KEY).secure(false); + let session_store = SessionMiddleware::builder(CookieSessionStore::default(), key.clone()) + .cookie_secure(false) + .build(); let error_handlers = ErrorHandlers::new() .handler( diff --git a/basics/todo/src/session.rs b/basics/todo/src/session.rs index 24edf661..52305495 100644 --- a/basics/todo/src/session.rs +++ b/basics/todo/src/session.rs @@ -5,11 +5,11 @@ use serde::{Deserialize, Serialize}; const FLASH_KEY: &str = "flash"; pub fn set_flash(session: &Session, flash: FlashMessage) -> Result<()> { - session.insert(FLASH_KEY, flash) + Ok(session.insert(FLASH_KEY, flash)?) } pub fn get_flash(session: &Session) -> Result> { - session.get::(FLASH_KEY) + Ok(session.get::(FLASH_KEY)?) } pub fn clear_flash(session: &Session) {