All in one creating session and session validation library for actix.

It's designed to extract session using middleware and validate endpoint simply by using actix-web extractors. Currently you can extract tokens from Header or Cookie. It's possible to implement Path, Query or Body using [ServiceRequest::extract] but you must have struct to which values will be extracted so it's easy to do if you have your own fields.

Example:

```rust use serde::Deserialize;

[derive(Deserialize)]

struct MyJsonBody { jwt: Option, refresh: Option, } ```

To start with this library you need to create your own AppClaims structure and implement actix_jwt_session::Claims trait for it.

```rust use serde::{Serialize, Deserialize};

[derive(Debug, Serialize, Deserialize, Clone, Eq, PartialEq, Hash)]

[serde(renameall = "snakecase")]

pub enum Audience { Web, }

[derive(Debug, Serialize, Deserialize, Clone, Eq, PartialEq, Hash)]

[serde(renameall = "snakecase")]

pub struct Claims { #[serde(rename = "exp")] pub expirationtime: u64, #[serde(rename = "iat")] pub issuesat: usize, /// Account login #[serde(rename = "sub")] pub subject: String, #[serde(rename = "aud")] pub audience: Audience, #[serde(rename = "jti")] pub jwtid: uuid::Uuid, #[serde(rename = "aci")] pub accountid: i32, #[serde(rename = "nbf")] pub not_before: u64, }

impl actixjwtsession::Claims for Claims { fn jti(&self) -> uuid::Uuid { self.jwt_id }

fn subject(&self) -> &str {
    &self.subject
}

}

impl Claims { pub fn accountid(&self) -> i32 { self.accountid } } ```

Then you must create middleware factory with session storage. Currently there's adapter only for redis so we will goes with it in this example.

• First create connection pool to redis using redis_async_pool.
• Next generate or load create jwt signing keys. They are required for creating JWT from claims.
• Finally pass keys and algorithm to builder, pass pool and add some extractors

```rust use std::sync::Arc; use actixjwtsession::*;

async fn create() { // create redis connection let redis = { use redisasyncpool::{RedisConnectionManager, RedisPool}; RedisPool::new( RedisConnectionManager::new( redis::Client::open("redis://localhost:6379").expect("Fail to connect to redis"), true, None, ), 5, ) };

// load or create new keys in `./config`
let keys = JwtSigningKeys::load_or_create();

// create new [SessionStorage] and [SessionMiddlewareFactory]
let (storage, factory) = SessionMiddlewareFactory::<AppClaims>::build(
    Arc::new(keys.encoding_key),
    Arc::new(keys.decoding_key),
    Algorithm::EdDSA
)
// pass redis connection
.with_redis_pool(redis.clone())
// Check if header "Authorization" exists and contains Bearer with encoded JWT
.with_jwt_header("Authorization")
// Check if cookie "jwt" exists and contains encoded JWT
.with_jwt_cookie("acx-a")
.with_refresh_header("ACX-Refresh")
// Check if cookie "jwt" exists and contains encoded JWT
.with_refresh_cookie("acx-r")
.finish();

} ```

As you can see we have there [SessionMiddlewareBuilder::withrefreshcookie] and [SessionMiddlewareBuilder::withrefreshheader]. Library uses internal structure [RefreshToken] which is created and managed internally without any additional user work.

This will be used to extend JWT lifetime. This lifetime comes from 2 structures which describe time to live. [JwtTtl] describes how long access token should be valid, [RefreshToken] describes how long refresh token is valid. [SessionStorage] allows to extend livetime of both with single call of [SessionStorage::refresh] and it will change time of creating tokens to current time.

```rust use actixjwtsession::{JwtTtl, RefreshTtl, Duration};

fn examplettl() { let jwtttl = JwtTtl(Duration::days(14)); let refresh_ttl = RefreshTtl(Duration::days(3 * 31)); } ```

Now you just need to add those structures to [actix_web::App] using .app_data and .wrap and you are ready to go. Bellow you have full example of usage.

Examples usage:

```rust use std::sync::Arc; use actixjwtsession::; use actix_web::{get, post}; use actix_web::web::{Data, Json}; use actix_web::{HttpResponse, App, HttpServer}; use jsonwebtoken::; use serde::{Serialize, Deserialize};

[tokio::main]

async fn main() { let redis = { use redisasyncpool::{RedisConnectionManager, RedisPool}; RedisPool::new( RedisConnectionManager::new( redis::Client::open("redis://localhost:6379").expect("Fail to connect to redis"), true, None, ), 5, ) };

let keys = JwtSigningKeys::load_or_create();
let (storage, factory) = SessionMiddlewareFactory::<AppClaims>::build(
    Arc::new(keys.encoding_key),
    Arc::new(keys.decoding_key),
    Algorithm::EdDSA
)
.with_redis_pool(redis.clone())
// Check if header "Authorization" exists and contains Bearer with encoded JWT
.with_jwt_header(JWT_HEADER_NAME)
// Check if cookie JWT exists and contains encoded JWT
.with_jwt_cookie(JWT_COOKIE_NAME)
.with_refresh_header(REFRESH_HEADER_NAME)
// Check if cookie JWT exists and contains encoded JWT
.with_refresh_cookie(REFRESH_COOKIE_NAME)
.finish();
let jwt_ttl = JwtTtl(Duration::days(14));
let refresh_ttl = RefreshTtl(Duration::days(3 * 31));

HttpServer::new(move || {
    App::new()
        .app_data(Data::new(storage.clone()))
        .app_data(Data::new( jwt_ttl ))
        .app_data(Data::new( refresh_ttl ))
        .wrap(factory.clone())
        .app_data(Data::new(redis.clone()))
        .service(must_be_signed_in)
        .service(may_be_signed_in)
        .service(register)
        .service(sign_in)
        .service(sign_out)
        .service(refresh_session)
        .service(session_info)
        .service(root)
})
.bind(("0.0.0.0", 8080)).unwrap()
.run()
.await.unwrap();

}

[derive(Clone, PartialEq, Serialize, Deserialize)]

pub struct SessionData { id: uuid::Uuid, subject: String, }

[get("/authorized")]

async fn mustbesignedin(session: Authenticated) -> HttpResponse { use crate::actixjwt_session::Claims; let jit = session.jti(); HttpResponse::Ok().finish() }

[get("/maybe-authorized")]

async fn maybesignedin(session: MaybeAuthenticated) -> HttpResponse { if let Some(session) = session.intooption() { } HttpResponse::Ok().finish() }

[derive(Deserialize)]

struct SignUpPayload { login: String, password: String, password_confirmation: String, }

[post("/session/sign-up")]

async fn register(payload: Json) -> Result { let payload = payload.into_inner();

// Validate payload

// Save model and return HttpResponse
let model = AccountModel {
    id: -1,
    login: payload.login,
    // Encrypt password before saving to database
    pass_hash: Hashing::encrypt(&payload.password).unwrap(),
};
// Save model

todo!()

}

[derive(Deserialize)]

struct SignInPayload { login: String, password: String, }

[post("/session/sign-in")]

async fn signin( store: Data, payload: Json, jwtttl: Data, refreshttl: Data, ) -> Result { let payload = payload.intoinner(); let store = store.intoinner(); let account: AccountModel = { /* load account using login */ todo!() }; if let Err(e) = Hashing::verify(account.passhash.asstr(), payload.password.asstr()) { return Ok(HttpResponse::Unauthorized().finish()); } let claims = AppClaims { issuesat: OffsetDateTime::nowutc().unixtimestamp() as usize, subject: account.login.clone(), expirationtime: jwtttl.0.assecondsf64() as u64, audience: Audience::Web, jwtid: uuid::Uuid::newv4(), accountid: account.id, notbefore: 0, }; let pair = store .clone() .store(claims, *jwtttl.intoinner(), *refreshttl.intoinner()) .await .unwrap(); Ok(HttpResponse::Ok() .appendheader((JWTHEADERNAME, pair.jwt.encode().unwrap())) .appendheader((REFRESHHEADER_NAME, pair.refresh.encode().unwrap())) .finish()) }

[post("/session/sign-out")]

async fn signout(store: Data, auth: Authenticated) -> HttpResponse { let store = store.intoinner(); store.erase::(auth.jwtid).await.unwrap(); HttpResponse::Ok() .appendheader((JWTHEADERNAME, "")) .appendheader((REFRESHHEADERNAME, "")) .cookie( actixweb::cookie::Cookie::build(JWTCOOKIENAME, "") .expires(OffsetDateTime::nowutc()) .finish(), ) .cookie( actixweb::cookie::Cookie::build(REFRESHCOOKIENAME, "") .expires(OffsetDateTime::now_utc()) .finish(), ) .finish() }

[get("/session/info")]

async fn session_info(auth: Authenticated) -> HttpResponse { HttpResponse::Ok().json(&*auth) }

[get("/session/refresh")]

async fn refreshsession( auth: Authenticated, storage: Data, ) -> HttpResponse { let storage = storage.intoinner(); storage.refresh(auth.refresh_jti).await.unwrap(); HttpResponse::Ok().json(&*auth) }

[get("/")]

async fn root() -> HttpResponse { HttpResponse::Ok().finish() }

[derive(Debug, Serialize, Deserialize, Clone, Eq, PartialEq, Hash)]

[serde(renameall = "snakecase")]

pub enum Audience { Web, }

[derive(Debug, Serialize, Deserialize, Clone, Eq, PartialEq, Hash)]

[serde(renameall = "snakecase")]

pub struct AppClaims { #[serde(rename = "exp")] pub expirationtime: u64, #[serde(rename = "iat")] pub issuesat: usize, /// Account login #[serde(rename = "sub")] pub subject: String, #[serde(rename = "aud")] pub audience: Audience, #[serde(rename = "jti")] pub jwtid: uuid::Uuid, #[serde(rename = "aci")] pub accountid: i32, #[serde(rename = "nbf")] pub not_before: u64, }

impl actixjwtsession::Claims for AppClaims { fn jti(&self) -> uuid::Uuid { self.jwt_id }

fn subject(&self) -> &str {
    &self.subject
}

}

impl AppClaims { pub fn accountid(&self) -> i32 { self.accountid } }

struct AccountModel { id: i32, login: String, pass_hash: String, } ```

Changelog:

1.0.0

• Factory is created using builder pattern
• JSON Web Token has automatically created Refresh Token
• Higher abstraction layers for Middleware, MiddlewareFactory and SessionStorage
• Build-in hashing functions
• Build-in TTL structures
• Documentation