Actix Permissions Continuous Integration cargo-badge license-badge

Permission and input validation extension for Actix Web. Alternative to actix guard, with access to app data injections, HttpRequest and Payload. Permissions are flexible, take a look at Examples directory for some use cases.

You could write a permission check like a function or like a struct.
This code: rust fn is_allowed( req: &HttpRequest, payload: &mut Payload, ) -> Ready<actix_web::Result<bool, actix_web::Error>> { todo!(); } is same as writing: ```rust struct IsAllowed;

impl Permission for IsAllowed { fn call(&self, req: &HttpRequest, _payload: &mut Payload) -> Ready> { todo!(); } } ```

Example

Dependencies:
toml [dependencies] actix-permissions = "0.1.0" Code: ```rust use actixpermissions::{check, with}; use actixweb::dev::; use actix_web::web::Data; use actix_web::; use serde::Serialize; use std::future::{ready, Ready};

fn dummypermissioncheck( req: &HttpRequest, payload: &mut Payload, ) -> Ready> { let checkerservice: Option<&Data> = req.appdata::>(); ready(Ok(checkerservice.unwrap().check(req.query_string()))) }

fn anotherdummypermissioncheck( req: &HttpRequest, _payload: &mut Payload, ) -> Ready> { // Unecessary complicating permission check to show what it can do. // You have access to request, payload, and all injected dependencies through appdata. let checkerservice: Option<&Data> = req.appdata::>(); ready(Ok(checkerservice.unwrap().check(req.querystring()))) }

struct DummyService;

impl DummyService { pub fn check(&self, value: &str) -> bool { value.contains('q') } }

async fn index() -> Result { Ok("Hi there!".to_string()) }

[actix_web::main]

async fn main() -> std::io::Result<()> { HttpServer::new(|| { App::new() .appdata(Data::new(DummyService)) .service(web::scope("").route( "/", check( web::get(), with(dummypermissioncheck).and(anotherdummypermissioncheck), index, ), )) }) .bind("127.0.0.1:8888")? .run() .await } ```

Use Cases

Take a look at Examples directory. You could use actix-permissions for role based authorization check, like in role-based-authorization example.
hello-world example is just proof of concept, showing how you can compose a list of permissions, access service request, payload and injected services.

Contributing

This project welcomes all kinds of contributions. No contribution is too small!

If you want to contribute to this project but don't know how to begin or if you need help with something related to this project, feel free to send me an email https://www.eisberg-labs.com/ (contact form at the bottom).

Some pointers on contribution are in Contributing.md

Code of Conduct

This project follows the Rust Code of Conduct.

License

Distributed under the terms of MIT license and Apache license.