Skip to main content

actix_jwt/
lib.rs

1//! Full-featured JWT authentication middleware for [actix-web].
2//!
3//! This crate is a Rust port of
4//! [`echo-jwt`](https://github.com/LdDl/echo-jwt) (Go implementation, itself a port of
5//! [`gin-jwt`](https://github.com/appleboy/gin-jwt) to the Echo framework).
6//! It goes far beyond simple token validation - it provides login, logout and
7//! refresh handlers, refresh-token rotation with a pluggable store, cookie
8//! management, RSA / HMAC signing, RBAC authorizer callback and more.
9//!
10//! # Feature flags
11//!
12//! | Flag | Default | Description |
13//! |------|---------|-------------|
14//! | `redis-store` | off | Enables `RedisRefreshTokenStore` backed by the [`redis`](https://crates.io/crates/redis) crate. |
15//!
16//! # Quick start
17//!
18//! ```rust,no_run
19//! use std::sync::Arc;
20//!
21//! use actix_web::{web, App, HttpRequest, HttpResponse, HttpServer};
22//! use actix_jwt::{ActixJwtMiddleware, extract_claims};
23//!
24//! #[actix_web::main]
25//! async fn main() -> std::io::Result<()> {
26//!     let mut jwt = ActixJwtMiddleware::new();
27//!     jwt.key = b"my-secret-key".to_vec();
28//!     jwt.authenticator = Some(Arc::new(|_req, body| {
29//!         #[derive(serde::Deserialize)]
30//!         struct Login { username: String, password: String }
31//!         let creds: Login = serde_json::from_slice(body)
32//!             .map_err(|_| actix_jwt::JwtError::MissingLoginValues)?;
33//!         if creds.username == "admin" && creds.password == "admin" {
34//!             Ok(serde_json::json!({"username": creds.username}))
35//!         } else {
36//!             Err(actix_jwt::JwtError::FailedAuthentication)
37//!         }
38//!     }));
39//!     jwt.init().expect("JWT middleware init");
40//!
41//!     let jwt = Arc::new(jwt);
42//!     let jwt_data = web::Data::new(jwt.clone());
43//!
44//!     HttpServer::new(move || {
45//!         App::new()
46//!             .app_data(jwt_data.clone())
47//!             .route("/login", web::post().to({
48//!                 let j = jwt.clone();
49//!                 move |req: HttpRequest, body: web::Bytes| {
50//!                     let j = j.clone();
51//!                     async move { j.login_handler(&req, &body).await }
52//!                 }
53//!             }))
54//!             .service(
55//!                 web::scope("/api")
56//!                     .wrap(jwt.middleware())
57//!                     .route("/hello", web::get().to(|req: HttpRequest| async move {
58//!                         let claims = extract_claims(&req);
59//!                         HttpResponse::Ok().json(claims)
60//!                     })),
61//!             )
62//!     })
63//!     .bind("127.0.0.1:8080")?
64//!     .run()
65//!     .await
66//! }
67//! ```
68
69pub mod core;
70pub mod errors;
71pub mod middleware;
72pub mod store;
73
74pub use core::{RefreshTokenData, Token, TokenStore};
75pub use errors::JwtError;
76pub use middleware::{
77    ActixJwtMiddleware, CookieConfig, JwtAuth, JwtIdentity, JwtPayload, JwtTokenString,
78    extract_claims, get_identity, get_token,
79};
80pub use store::{InMemoryRefreshTokenStore, default_store, new_memory_store};