Skip to main content

SessionManager

modo_session::manager

Struct SessionManager 

Source 
pub struct SessionManager { /* private fields */ }
Expand description

Request-scoped session manager, available as an axum extractor.

Inject SessionManager as a handler parameter to read or modify the session for the current request. The session middleware must be installed via crate::layer for the extractor to work; if the middleware is missing the extractor returns an internal error.

Each request receives its own SessionManager instance backed by its own per-request state. There is no cross-request sharing; operations on one request’s SessionManager cannot affect another request’s session state.

Changes made through SessionManager (authentication, logout, token rotation, data writes) are applied to the HTTP response cookie automatically by the middleware after the handler returns.

Implementations§

Source§

impl SessionManager

Source

pub async fn authenticate(&self, user_id: &str) -> Result<(), Error>

Create a new session for user_id.

Any existing session is destroyed before the new one is created to prevent session-fixation attacks. The session cookie is set on the response automatically.

Source

pub async fn authenticate_with( &self, user_id: &str, data: Value, ) -> Result<(), Error>

Create a new session for user_id with custom JSON data attached.

Any existing session is destroyed before the new one is created to prevent session-fixation attacks. The session cookie is set on the response automatically.

Source

pub async fn logout(&self) -> Result<(), Error>

Destroy the current session.

The session cookie is cleared on the response automatically. If there is no active session this is a no-op.

Source

pub async fn logout_all(&self) -> Result<(), Error>

Destroy ALL sessions for the currently authenticated user.

The session cookie is cleared on the response automatically. If there is no active session this is a no-op.

Source

pub async fn logout_other(&self) -> Result<(), Error>

Destroy all sessions for the current user except the current one.

Returns Unauthorized if the request is not authenticated.

Source

pub async fn revoke(&self, id: &SessionId) -> Result<(), Error>

Destroy a specific session by ID.

Only sessions owned by the currently authenticated user can be revoked. Returns Unauthorized if the request is not authenticated, or NotFound if the target session does not exist or belongs to a different user.

Source

pub async fn rotate(&self) -> Result<(), Error>

Regenerate the session token without changing the session ID or data.

The new token is set on the response cookie automatically. Returns Unauthorized if the request is not authenticated.

Source

pub async fn current(&self) -> Option<SessionData>

Return the full session record for the current request, or None if the request is not authenticated.

Source

pub async fn user_id(&self) -> Option<String>

Return the authenticated user ID, or None if the request is not authenticated.

Source

pub async fn is_authenticated(&self) -> bool

Return true if the current request has an active, authenticated session.

Source

pub async fn list_my_sessions(&self) -> Result<Vec<SessionData>, Error>

Return all active (non-expired) sessions for the authenticated user, ordered by most-recently-active first.

Returns Unauthorized if the request is not authenticated.

Source

pub async fn get<T: DeserializeOwned>( &self, key: &str, ) -> Result<Option<T>, Error>

Read a typed value from the session’s JSON data by key.

Returns Ok(None) if the key is absent or if the request is not authenticated. Returns Ok(None) (with a tracing warning) if the stored value cannot be deserialised into T.

Source

pub async fn set<T: Serialize>(&self, key: &str, value: &T) -> Result<(), Error>

Set a key in the session’s JSON data and persist the change immediately.

Returns Unauthorized if the request is not authenticated.

Source

pub async fn remove_key(&self, key: &str) -> Result<(), Error>

Remove a key from the session’s JSON data and persist the change immediately.

Returns Unauthorized if the request is not authenticated.

Trait Implementations§

Source§

impl<S: Send + Sync> FromRequestParts<S> for SessionManager

Source§

type Rejection = Error

If the extractor fails it’ll use this “rejection” type. A rejection is a kind of error that can be converted into a response.
Source§

async fn from_request_parts( parts: &mut Parts, _state: &S, ) -> Result<Self, Self::Rejection>

Perform the extraction.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> DefaultHooks for T

Source§

fn before_save(&mut self) -> Result<(), Error>

Called before the entity is inserted or updated.
Source§

fn after_save(&self) -> Result<(), Error>

Called after the entity has been successfully inserted or updated.
Source§

fn before_delete(&self) -> Result<(), Error>

Called before the entity is deleted.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<S, T> FromRequest<S, ViaParts> for T
where S: Send + Sync, T: FromRequestParts<S>,

Source§

type Rejection = <T as FromRequestParts<S>>::Rejection

If the extractor fails it’ll use this “rejection” type. A rejection is a kind of error that can be converted into a response.
Source§

fn from_request( req: Request<Body>, state: &S, ) -> impl Future<Output = Result<T, <T as FromRequest<S, ViaParts>>::Rejection>>

Perform the extraction.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,