actix-web-grants
Authorization extension for
actix-web
to protect your endpoints.
To check user access to specific services, you can use built-in proc-macro
, AuthorityGuard
or manual.
The library can also be integrated with third-party solutions (like actix-web-httpauth
).
How to use
- Declare your own authority extractor
The easiest way is to declare a function with the following signature (trait is already implemented for such Fn):
use ;
// You can use custom type instead of String
async
- Add middleware to your application using the extractor defined in step 1
.wrap
new
Steps 1 and 2 can be replaced by custom middleware or integration with another libraries. Take a look at an jwt-httpauth example
- Protect your endpoints in any convenient way from the examples below:
Example of proc-macro
way protection
async
Here is an example using the ty
and expr
attributes. But these are independent features.
expr
allows you to include some checks in the macro based on function params, it can be combined with authorities by using all
/any
.
ty
allows you to use a custom type for th authorities (then the middleware needs to be configured).
Take a look at an enum-role example
use ;
use User;
async
async
Example of Guard
way protection
use ;
new
.wrap
.service
.service
Since Guard
is intended only for routing, if the user doesn't have authorities, it returns a 404
HTTP code. But you can override the behavior like this:
use ;
use header;
new
.wrap
.service.service
When Guard
lets you in the Scope
(meaning you have "ROLE_ADMIN_ACCESS"
), the redirect will be unreachable for you. Even if you will request /admin/some_undefined_page
.
Note: regex
is a Path
variable containing passed link.
Example of manual way protection
use ;
async
You can find more examples
in the git repository folder and documentation
.
Supported actix-web
versions
- For
actix-web-grants: 2.*
supported version ofactix-web
is3.*
- For
actix-web-grants: 3.*
&4.*
supported version ofactix-web
is4.*