update actix-session everywhere

2024-11-23 22:41:07 +01:00 · 2022-07-21 03:30:12 +01:00 · 2022-07-21 03:30:12 +01:00 · c557986915
commit c557986915
parent 5c9f69bb07
7 changed files with 31 additions and 35 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -390,24 +390,6 @@ dependencies = [
 "time 0.3.11",
 ]

-[[package]]
-name = "actix-session"
-version = "0.6.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c9138a66462f1e65da829f9c0de81b44a96dfe193a4f19bfea32ee2be312368"
-dependencies = [
- "actix-service",
- "actix-utils",
- "actix-web",
- "anyhow",
- "async-trait",
- "derive_more",
- "serde",
- "serde_json",
- "time 0.3.11",
- "tracing",
-]
-
 [[package]]
 name = "actix-session"
 version = "0.7.0"
@ -1136,7 +1118,7 @@ name = "basics"
 version = "1.0.0"
 dependencies = [
 "actix-files",
- "actix-session 0.5.0",
+ "actix-session 0.7.0",
 "actix-web",
 "async-stream",
 "env_logger 0.9.0",
@ -1677,7 +1659,7 @@ dependencies = [
 name = "cookie-session"
 version = "1.0.0"
 dependencies = [
- "actix-session 0.6.2",
+ "actix-session 0.7.0",
 "actix-web",
 "env_logger 0.9.0",
 "log",
@ -6207,7 +6189,7 @@ name = "todo"
 version = "1.0.0"
 dependencies = [
 "actix-files",
- "actix-session 0.5.0",
+ "actix-session 0.7.0",
 "actix-web",
 "actix-web-lab",
 "dotenv",
--- a/auth/cookie-session/Cargo.toml
+++ b/auth/cookie-session/Cargo.toml
@ -5,6 +5,6 @@ edition = "2021"

 [dependencies]
 actix-web = "4"
-actix-session = { version = "0.6", features = ["cookie-session"] }
+actix-session = { version = "0.7", features = ["cookie-session"] }
 log = "0.4"
 env_logger = "0.9"
--- a/basics/basics/Cargo.toml
+++ b/basics/basics/Cargo.toml
@ -4,9 +4,9 @@ version = "1.0.0"
 edition = "2021"

 [dependencies]
-actix-web = "4"
 actix-files = "0.6"
-actix-session = "0.5"
+actix-session = { version = "0.7", features = ["cookie-session"] }
+actix-web = "4"

 async-stream = "0.3"
 env_logger = "0.9"
--- a/basics/basics/src/main.rs
+++ b/basics/basics/src/main.rs
@ -1,8 +1,7 @@
-use std::convert::Infallible;
-use std::io;
+use std::{convert::Infallible, io};

 use actix_files::{Files, NamedFile};
-use actix_session::{CookieSession, Session};
+use actix_session::{storage::CookieSessionStore, Session, SessionMiddleware};
 use actix_web::{
    error, get,
    http::{
@ -13,6 +12,9 @@ use actix_web::{
 };
 use async_stream::stream;

+// NOTE: Not a suitable session key for production.
+static SESSION_SIGNING_KEY: &[u8] = &[0; 64];
+
 /// favicon handler
 #[get("/favicon")]
 async fn favicon() -> Result<impl Responder> {
@ -76,14 +78,21 @@ async fn with_param(req: HttpRequest, path: web::Path<(String,)>) -> HttpRespons
 async fn main() -> io::Result<()> {
    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));

+    // random key means that restarting server will invalidate existing session cookies
+    let key = actix_web::cookie::Key::from(SESSION_SIGNING_KEY);
+
    log::info!("starting HTTP server at http://localhost:8080");

-    HttpServer::new(|| {
+    HttpServer::new(move || {
        App::new()
            // enable automatic response compression - usually register this first
            .wrap(middleware::Compress::default())
            // cookie session middleware
-            .wrap(CookieSession::signed(&[0; 32]).secure(false))
+            .wrap(
+                SessionMiddleware::builder(CookieSessionStore::default(), key.clone())
+                    .cookie_secure(false)
+                    .build(),
+            )
            // enable logger - always register Actix Web Logger middleware last
            .wrap(middleware::Logger::default())
            // register favicon
--- a/basics/todo/Cargo.toml
+++ b/basics/todo/Cargo.toml
@ -5,7 +5,7 @@ edition = "2021"

 [dependencies]
 actix-files = "0.6"
-actix-session = "0.5"
+actix-session = { version = "0.7", features = ["cookie-session"] }
 actix-web = "4"
 actix-web-lab = "0.16"

--- a/basics/todo/src/main.rs
+++ b/basics/todo/src/main.rs
@ -1,7 +1,7 @@
 use std::{env, io};

 use actix_files::Files;
-use actix_session::CookieSession;
+use actix_session::{storage::CookieSessionStore, SessionMiddleware};
 use actix_web::{
    http,
    middleware::{ErrorHandlers, Logger},
@ -15,13 +15,16 @@ mod db;
 mod model;
 mod session;

-static SESSION_SIGNING_KEY: &[u8] = &[0; 32];
+// NOTE: Not a suitable session key for production.
+static SESSION_SIGNING_KEY: &[u8] = &[0; 64];

 #[actix_web::main]
 async fn main() -> io::Result<()> {
    dotenv().ok();
    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));

+    let key = actix_web::cookie::Key::from(SESSION_SIGNING_KEY);
+
    let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set");
    let pool = db::init_pool(&database_url)
        .await
@ -35,7 +38,9 @@ async fn main() -> io::Result<()> {
        let mut templates = Tera::new("templates/**/*").expect("errors in tera templates");
        templates.autoescape_on(vec!["tera"]);

-        let session_store = CookieSession::signed(SESSION_SIGNING_KEY).secure(false);
+        let session_store = SessionMiddleware::builder(CookieSessionStore::default(), key.clone())
+            .cookie_secure(false)
+            .build();

        let error_handlers = ErrorHandlers::new()
            .handler(
--- a/basics/todo/src/session.rs
+++ b/basics/todo/src/session.rs
@ -5,11 +5,11 @@ use serde::{Deserialize, Serialize};
 const FLASH_KEY: &str = "flash";

 pub fn set_flash(session: &Session, flash: FlashMessage) -> Result<()> {
-    session.insert(FLASH_KEY, flash)
+    Ok(session.insert(FLASH_KEY, flash)?)
 }

 pub fn get_flash(session: &Session) -> Result<Option<FlashMessage>> {
-    session.get::<FlashMessage>(FLASH_KEY)
+    Ok(session.get::<FlashMessage>(FLASH_KEY)?)
 }

 pub fn clear_flash(session: &Session) {