actix-jwt-auth-middleware

This crate implements a JSON Webtoken (JWT) middleware for the actix-web framework.

For the moment it uses Curve25519 implemented in the ed25519_dalek crate for the signing process of the token but i will be working on a generalization soon.

## Features

Automatic insertion and extraction of claims into the Extensions object on the request. For this your type has to implement the FromRequest trait or it has to be annotated with the #[derive(actix-jwt-auth-middleware::FromRequest)] macro which implements this trait for your type.

```rust #[derive(Serialize, Deserialize, Clone, FromRequest)] struct UserClaims { id: u32, role: Role, }

#[derive(Serialize, Deserialize, Clone)] enum Role { Admin, BaseUser, }

#[get("/hello")] async fn hello(userclaims: UserClaims) -> impl Responder { format!("Hello user with id: {}!", userclaims.id) } ```

Guard functions on top of JWT authentication.

Your guard function has to implement the Handler trait and return a type that is partially equatable to a boolean. Luckily the Handler trait is implemented for functions (up to an arity of 12) by actix_web.

The Application State can also be accessed with the guard function, for this use the web::Data extractor where T is the type of the state.

rust async fn verify_service_request(user_claims: UserClaims) -> bool { match user_claims.role { Role::Admin => true, Role::BaseUser => false, } }

## Example

```rust use actixjwtauthmiddleware::{AuthError, AuthService, Authority, FromRequest}; use actixweb::{ get, web::{self, Data}, App, HttpResponse, HttpServer, Responder, }; use serde::{Deserialize, Serialize};

#[derive(Serialize, Deserialize, Clone, FromRequest)] struct UserClaims { id: u32, role: Role, }

#[derive(Serialize, Deserialize, Clone)] enum Role { Admin, BaseUser, }

async fn verifyservicerequest(userclaims: UserClaims) -> bool { match userclaims.role { Role::Admin => true, Role::BaseUser => false, } }

#[actixweb::main] async fn main() -> std::io::Result<()> { // we initialize a new Authority passing the underling type the JWT token should destructure into. let authauthority = Authority::::default(); HttpServer::new(move || { App::new() .appdata(Data::new(authauthority.clone())) .service(login) .service(loginasbaseuser) // in order to wrap the entire app scope excluding the login handlers we have add a new service // with an empty scope first .service(web::scope("").service(hello).wrap(AuthService::new( authauthority.clone(), // we pass the guard function to use with this auth service verifyservicerequest, ))) }) .bind(("127.0.0.1", 42069))? .run() .await }

#[get("/hello")] async fn hello(userclaims: UserClaims) -> impl Responder { format!("Hello user with id: {}!", userclaims.id) }

// calling this route will give you access to the rest of the apps scopes #[get("/login")] async fn login(authauthority: Data>) -> Result { let cookie = authauthority.createsignedcookie(UserClaims { id: 69, role: Role::Admin, })?;

 Ok(HttpResponse::Accepted()
     .cookie(cookie)
     .body("You are now logged in"))

}

// calling this route will not give you access to the rest of the apps scopes because you are not an admin #[get("/login-as-base-user")] async fn loginasbaseuser( authauthority: Data>, ) -> Result { let cookie = authauthority.createsigned_cookie(UserClaims { id: 69, role: Role::BaseUser, })?;

 Ok(HttpResponse::Accepted()
     .cookie(cookie)
     .body("You are now logged in"))

} ```

License: MIT OR Apache-2.0