web中建立受保护的路由

web中建立受保护的路由

本文介绍了如何在actix-web中建立受保护的路由的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要验证用户是否具有某些路由的权限.我已经建立了3个作用域"(来宾,身份验证用户,管理员),但现在我不知道如何检查用户是否有权访问这些路由.

I need to verify if the user has permission for some routes.I have made 3 "scopes" (guest, auth-user, admin) and now I don't know how to check if the user has access to these routes.

我正在尝试实现auth-中间件,并且该中间件应检查用户是否具有正确的cookie或令牌. (我可以从请求标头中打印出cookie),但是我不知道如何导入,使用actix_identity并可以访问此中间件中的id参数.

I'm trying to implement auth-middleware and this middleware should check if the user has the correct cookie or token. (I'm able to print out a cookie from request header), but I have no idea how to import, use actix_identity, and have access to id parameter inside this middleware.

我相信我的问题不仅在于Actix身份,而且我无法在中间件内部传递参数.

I believe that my problem isn't only regarding Actix-identity, but I'm not able to pass parameters inside middleware.

#[actix_rt::main]
async fn main() -> std::io::Result<()> {

    let cookie_key = conf.server.key;

    // Register http routes
    let mut server = HttpServer::new(move || {
        App::new()
            // Enable logger
            .wrap(Logger::default())
            .wrap(IdentityService::new(
                CookieIdentityPolicy::new(cookie_key.as_bytes())
                    .name("auth-cookie")
                    .path("/")
                    .secure(false),
            ))
            //limit the maximum amount of data that server will accept
            .data(web::JsonConfig::default().limit(4096))
            //normal routes
            .service(web::resource("/").route(web::get().to(status)))
            // .configure(routes)
            .service(
                web::scope("/api")
                    // guest endpoints
                    .service(web::resource("/user_login").route(web::post().to(login)))
                    .service(web::resource("/user_logout").route(web::post().to(logout)))
                    // admin endpoints
                    .service(
                        web::scope("/admin")
                            // .wrap(AdminAuthMiddleware)
                            .service(
                                web::resource("/create_admin").route(web::post().to(create_admin)),
                            )
                            .service(
                                web::resource("/delete_admin/{username}/{_:/?}")
                                    .route(web::delete().to(delete_admin)),
                            ),
                    )
                    //user auth routes
                    .service(
                        web::scope("/auth")
                            // .wrap(UserAuthMiddleware)
                            .service(web::resource("/get_user").route(web::get().to(get_user))),
                    ),
            )
    });

    // Enables us to hot reload the server
    let mut listenfd = ListenFd::from_env();
    server = if let Some(l) = listenfd.take_tcp_listener(0).unwrap() {
        server.listen(l)?
    } else {
        server.bind(ip)?
    };

    server.run().await

我尝试过的资源:

  1. 为Actix API创建身份验证中间件 https://www.jamesbaum.co.uk/blether/creating-authentication-middleware-actix-rust-react/

  1. Creating authentication middleware for Actix APIhttps://www.jamesbaum.co.uk/blether/creating-authentication-middleware-actix-rust-react/

中间件中的Actix-web令牌验证 https://users.rust-lang.org/t/actix-web-token-validation-in-middleware/38205

Actix-web token validation in middleware https://users.rust-lang.org/t/actix-web-token-validation-in-middleware/38205

Actix中间件示例 https://github.com/actix/examples/tree/master/middleware

Actix middleware examples https://github.com/actix/examples/tree/master/middleware

也许我认为完全错误,而auth-middleware并不是解决我的问题的最佳解决方案.希望您能帮助我创建受保护的路线"

Maybe I think completely wrong and auth-middleware isn't the best solution for my problem.I hope that you can help me create "protected routes"

推荐答案

实际上,在最新的actix-web 3.0版中很难做到这一点.我所做的是从 actix-web 1.0 版本,并根据自己的喜好对其进行了修改.但是,这不是即插即用的.播放代码. 此处此处是我的版本.通常,我会避免使用actix-web,而让线程/参与者在后台生成并让其执行HTTP请求是一场噩梦.然后尝试与处理程序共享结果.

Well this is in fact quite difficult to achieve in the newest actix-web version 3.0. What I did was copy the CookieIdentityPolicy middleware from the actix-web 1.0 version and modified it to my liking. However this is not plug & play code. Here and here is my version of it. Generally I would avoid actix-web, getting a thread / actor to spawn in the background and having it perform HTTP Requests are a nightmare. Then trying to share the results with handlers even more so.

这篇关于如何在actix-web中建立受保护的路由的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 16:41