问题描述
我需要验证用户是否具有某些路由的权限.我已经建立了3个作用域"(来宾,身份验证用户,管理员),但现在我不知道如何检查用户是否有权访问这些路由.
I need to verify if the user has permission for some routes.I have made 3 "scopes" (guest, auth-user, admin) and now I don't know how to check if the user has access to these routes.
我正在尝试实现auth-中间件,并且该中间件应检查用户是否具有正确的cookie或令牌. (我可以从请求标头中打印出cookie),但是我不知道如何导入,使用actix_identity并可以访问此中间件中的id参数.
I'm trying to implement auth-middleware and this middleware should check if the user has the correct cookie or token. (I'm able to print out a cookie from request header), but I have no idea how to import, use actix_identity, and have access to id parameter inside this middleware.
我相信我的问题不仅在于Actix身份,而且我无法在中间件内部传递参数.
I believe that my problem isn't only regarding Actix-identity, but I'm not able to pass parameters inside middleware.
#[actix_rt::main]
async fn main() -> std::io::Result<()> {
let cookie_key = conf.server.key;
// Register http routes
let mut server = HttpServer::new(move || {
App::new()
// Enable logger
.wrap(Logger::default())
.wrap(IdentityService::new(
CookieIdentityPolicy::new(cookie_key.as_bytes())
.name("auth-cookie")
.path("/")
.secure(false),
))
//limit the maximum amount of data that server will accept
.data(web::JsonConfig::default().limit(4096))
//normal routes
.service(web::resource("/").route(web::get().to(status)))
// .configure(routes)
.service(
web::scope("/api")
// guest endpoints
.service(web::resource("/user_login").route(web::post().to(login)))
.service(web::resource("/user_logout").route(web::post().to(logout)))
// admin endpoints
.service(
web::scope("/admin")
// .wrap(AdminAuthMiddleware)
.service(
web::resource("/create_admin").route(web::post().to(create_admin)),
)
.service(
web::resource("/delete_admin/{username}/{_:/?}")
.route(web::delete().to(delete_admin)),
),
)
//user auth routes
.service(
web::scope("/auth")
// .wrap(UserAuthMiddleware)
.service(web::resource("/get_user").route(web::get().to(get_user))),
),
)
});
// Enables us to hot reload the server
let mut listenfd = ListenFd::from_env();
server = if let Some(l) = listenfd.take_tcp_listener(0).unwrap() {
server.listen(l)?
} else {
server.bind(ip)?
};
server.run().await
我尝试过的资源:
-
为Actix API创建身份验证中间件 https://www.jamesbaum.co.uk/blether/creating-authentication-middleware-actix-rust-react/
Creating authentication middleware for Actix APIhttps://www.jamesbaum.co.uk/blether/creating-authentication-middleware-actix-rust-react/
中间件中的Actix-web令牌验证 https://users.rust-lang.org/t/actix-web-token-validation-in-middleware/38205
Actix-web token validation in middleware https://users.rust-lang.org/t/actix-web-token-validation-in-middleware/38205
Actix中间件示例 https://github.com/actix/examples/tree/master/middleware
Actix middleware examples https://github.com/actix/examples/tree/master/middleware
也许我认为完全错误,而auth-middleware并不是解决我的问题的最佳解决方案.希望您能帮助我创建受保护的路线"
Maybe I think completely wrong and auth-middleware isn't the best solution for my problem.I hope that you can help me create "protected routes"
推荐答案
实际上,在最新的actix-web 3.0版中很难做到这一点.我所做的是从 actix-web 1.0 版本,并根据自己的喜好对其进行了修改.但是,这不是即插即用的.播放代码. 此处和此处是我的版本.通常,我会避免使用actix-web,而让线程/参与者在后台生成并让其执行HTTP请求是一场噩梦.然后尝试与处理程序共享结果.
Well this is in fact quite difficult to achieve in the newest actix-web version 3.0. What I did was copy the CookieIdentityPolicy middleware from the actix-web 1.0 version and modified it to my liking. However this is not plug & play code. Here and here is my version of it. Generally I would avoid actix-web, getting a thread / actor to spawn in the background and having it perform HTTP Requests are a nightmare. Then trying to share the results with handlers even more so.
这篇关于如何在actix-web中建立受保护的路由的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!