actix-web-grants

A crate for validate user authorities in actix-web.

To check user access to specific services, you can use built-in proc-macro, AuthorityGuard or manual.

The library can also be integrated with third-party solutions (like actix-web-httpauth).

Example of protection via actix_web_grants::proc-macro

#[get("/admin")]
#[has_authorities("ROLE_ADMIN")]
async fn macro_secured() -> HttpResponse {
    HttpResponse::Ok().body(ADMIN_RESPONSE)
}

Example of protection via trait Guard

App::new()
    .wrap(GrantsMiddleware::fn_extractor(extract))
    .service(web::resource("/admin")
            .to(|| async { HttpResponse::Ok().finish() })
            .guard(AuthorityGuard::new("ROLE_ADMIN".to_string())))

You can find more examples in the git repository folder and documentation.