Crate actix_web_flash

source ·
Expand description

Actix web flash is an unofficial crate to provide flash messages in servers using Actix web.

Flash messages are typically used to display errors on websites that are rendered server side.

A user might post a login form with a password. The server notices the password is incorrect. It has to respond with an error. A common approach is to redirect the client to the same form. The error is displayed by being rendered into the html markup on the server side.

The data is relayed to the next request via a cookie. This means its not suitable for large data! Currently actix-web-flash does not implement any cryptographic checks of the cookie’s validity. Treat it as untrusted input!

You can find example code below and in the repository.

Trivial Example

use actix_web::{http, server, App, HttpRequest, HttpResponse, Responder};
use actix_web_flash::{FlashMessage, FlashResponse, FlashMiddleware};

fn show_flash(flash: FlashMessage<String>) -> impl Responder {
    flash.into_inner()
}

fn set_flash(_req: &HttpRequest) -> FlashResponse<HttpResponse, String> {
    FlashResponse::new(
        Some("This is the message".to_owned()),
        HttpResponse::SeeOther()
            .header(http::header::LOCATION, "/show_flash")
            .finish(),
    )
}

fn main() {
    server::new(|| {
        App::new()
            .middleware(FlashMiddleware::default())
            .route("/show_flash", http::Method::GET, show_flash)
            .resource("/set_flash", |r| r.f(set_flash))
    }).bind("127.0.0.1:8080")
        .unwrap()
        .run();
}

The example above will redirect the user from /set_flash to /show_flash and pass along a string, rendering it right away.

Arbitrary Types

Arbitrary types can be used as flash messages.

use actix_web::Responder;
use actix_web_flash::FlashMessage;
use serde_derive::{Serialize, Deserialize};

#[derive(Deserialize, Serialize, Debug)]
struct MyData {
    msg: String,
    color: (u8, u8, u8),
}

fn show_flash(flash: FlashMessage<MyData>) -> impl Responder {
    format!("Message {:?}", flash.into_inner())
}

Optional Messages

It is possible to take an Option<FlashMessage<T>> thereby allowing for your route to also be called without a flash message having been returned in the previous request.

use actix_web::Responder;
use actix_web_flash::FlashMessage;
use serde_derive::Deserialize;


fn show_flash(flash: Option<FlashMessage<String>>) -> impl Responder {
    match flash {
        Some(msg) => format!("There was some error: {}", msg.into_inner()),
        None => "All is good!".to_owned()
    }
}

Limitations and Pitfalls

Only a single message is supported. It can however be of any type (that implements Deserialize), meaning a Vec<YourType> is possible.

The cookie will not be cleared unless the middleware is registered. Meaning an error message will persist unless replaced with a newer one.

Structs

FlashMessage
Represents a flash message and implements actix::FromRequest
FlashMiddleware
Takes care of deleting the flash cookies after their use.
FlashResponse
Actix response type that sets a flash message