actix-jwt 0.1.0

Full-featured JWT authentication middleware for actix-web: login, logout, refresh, token rotation, cookie management, RSA/HMAC, RBAC authorizer, pluggable token store
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

// Run: cargo run --example redis_simple --features redis-store
//
// Requires a running Redis instance on localhost:6379.
// Falls back to in-memory store if Redis is unavailable.
//
// curl -s -X POST http://localhost:8000/login -H 'Content-Type: application/json' -d '{"username":"admin","password":"admin"}'
// curl -s http://localhost:8000/auth/hello -H 'Authorization: Bearer <token>'

#[cfg(feature = "redis-store")]
mod app {
    use std::collections::HashMap;
    use std::sync::Arc;
    use std::time::Duration;

    use actix_jwt::store::redis::{RedisConfig, RedisRefreshTokenStore};
    use actix_jwt::{ActixJwtMiddleware, JwtError, TokenStore, extract_claims, get_identity};
    use actix_web::{App, HttpRequest, HttpResponse, HttpServer, web};
    use serde_json::{Value, json};

    const IDENTITY_KEY: &str = "id";

    pub async fn run() -> std::io::Result<()> {
        let bind_addr = "0.0.0.0:8000";

        // Try to connect to Redis, fall back to in-memory
        let store: Arc<dyn TokenStore> = match RedisRefreshTokenStore::new(&RedisConfig {
            addr: "redis://127.0.0.1:6379/".to_string(),
            key_prefix: "actix-jwt:".to_string(),
            ..Default::default()
        })
        .await
        {
            Ok(s) => {
                println!("Connected to Redis");
                Arc::new(s)
            }
            Err(e) => {
                println!("Redis unavailable ({}), using in-memory store", e);
                Arc::new(actix_jwt::store::InMemoryRefreshTokenStore::new())
            }
        };

        let mut jwt = ActixJwtMiddleware::new();
        jwt.realm = "test zone".to_string();
        jwt.key = b"secret key".to_vec();
        jwt.timeout = Duration::from_secs(3600);
        jwt.max_refresh = Duration::from_secs(3600);
        jwt.identity_key = IDENTITY_KEY.to_string();
        jwt.refresh_token_store = store;
        jwt.token_lookup = "header:Authorization, query:token, cookie:jwt".to_string();

        jwt.authenticator = Some(Arc::new(|_req: &HttpRequest, body: &[u8]| {
            #[derive(serde::Deserialize)]
            struct Login {
                username: String,
                password: String,
            }
            let login: Login =
                serde_json::from_slice(body).map_err(|_| JwtError::MissingLoginValues)?;
            if (login.username == "admin" && login.password == "admin")
                || (login.username == "test" && login.password == "test")
            {
                Ok(json!({"user_name": login.username}))
            } else {
                Err(JwtError::FailedAuthentication)
            }
        }));

        jwt.payload_func = Some(Arc::new(|data: &Value| {
            let mut claims = HashMap::new();
            if let Some(v) = data.get("user_name") {
                claims.insert(IDENTITY_KEY.to_string(), v.clone());
            }
            claims
        }));

        jwt.identity_handler = Arc::new(|req: &HttpRequest| {
            let claims = extract_claims(req);
            claims.get(IDENTITY_KEY).cloned()
        });

        jwt.authorizer =
            Arc::new(|_req: &HttpRequest, data: &Value| data.as_str() == Some("admin"));

        jwt.init().expect("JWT middleware init failed");
        let jwt_arc = Arc::new(jwt);

        println!("Listening on {}", bind_addr);

        HttpServer::new(move || {
            let jwt_data = web::Data::new(jwt_arc.clone());

            App::new()
                .app_data(jwt_data.clone())
                .route("/login", web::post().to(login))
                .route("/refresh", web::post().to(refresh))
                .service(
                    web::scope("/auth")
                        .wrap(jwt_arc.middleware())
                        .route("/hello", web::get().to(hello)),
                )
        })
        .bind(bind_addr)?
        .run()
        .await
    }

    async fn login(
        jwt: web::Data<Arc<ActixJwtMiddleware>>,
        req: HttpRequest,
        body: web::Bytes,
    ) -> HttpResponse {
        jwt.login_handler(&req, &body).await
    }

    async fn refresh(
        jwt: web::Data<Arc<ActixJwtMiddleware>>,
        req: HttpRequest,
        body: web::Bytes,
    ) -> HttpResponse {
        jwt.refresh_handler(&req, &body).await
    }

    async fn hello(req: HttpRequest) -> HttpResponse {
        let claims = extract_claims(&req);
        let identity = get_identity(&req);
        HttpResponse::Ok().json(json!({
            "userID": claims.get(IDENTITY_KEY),
            "userName": identity,
            "text": "Hello World.",
        }))
    }
}

#[cfg(feature = "redis-store")]
#[actix_web::main]
async fn main() -> std::io::Result<()> {
    app::run().await
}

#[cfg(not(feature = "redis-store"))]
fn main() {
    eprintln!("This example requires the 'redis-store' feature:");
    eprintln!("  cargo run --example redis_simple --features redis-store");
    std::process::exit(1);
}