-
|
Hello everyone! I have a few questions about using the actix-web framework in my small project. I am currently setting up different routes and need to distinguish between public and private routes. Routes like /login, /register, and /forgot-password should be public since they can be accessed without user authentication. On the other hand, routes such as /, /dashboard, /profile, and /friends/{id} should be private as they require the user to be logged in. Below is my implementation for the authentication middleware that I am working on: pub struct Authentication;
impl<S, B> Transform<S, ServiceRequest> for Authentication
where
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: 'static,
{
type Response = ServiceResponse<EitherBody<B>>;
type Error = Error;
type Transform = AuthenticationMiddleware<S>;
type InitError = ();
type Future = Ready<Result<Self::Transform, Self::InitError>>;
fn new_transform(&self, service: S) -> Self::Future {
ready(Ok(AuthenticationMiddleware { service }))
}
}
pub struct AuthenticationMiddleware<S> {
service: S,
}
impl<S, B> Service<ServiceRequest> for AuthenticationMiddleware<S>
where
S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
S::Future: 'static,
B: 'static,
{
type Response = ServiceResponse<EitherBody<B>>;
type Error = Error;
type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
forward_ready!(service);
fn call(&self, req: ServiceRequest) -> Self::Future {
println!("You requested: {}", req.path());
let path = req.path();
if path == "/login" || path == "/register" || path == "/logout" {
let fut = self.service.call(req);
return Box::pin(async move {
let res = fut.await?;
Ok(res.map_into_left_body())
});
}
// let auth_header = req.headers().get("Authorization");
//
// if let Some(auth_header) = auth_header {
// if let Ok(auth_str) = auth_header.to_str() {
// if auth_str.starts_with("Bearer ") {
// let token = &auth_str[7..];
// if validate_token(token) {
// let fut = self.service.call(req);
// return Box::pin(async move {
// let res = fut.await?;
// Ok(res.map_into_left_body())
// });
// }
// }
// }
// }
let session = req.get_session();
if let Some(token) = session.get::<String>("user_token").unwrap_or(None) {
if validate_token(&token) {
let fut = self.service.call(req);
return Box::pin(async move {
let res = fut.await?;
Ok(res.map_into_left_body())
});
}
}
let http_res = HttpResponse::Unauthorized().finish().map_into_right_body();
let (http_req, _) = req.into_parts();
let res = ServiceResponse::new(http_req, http_res);
Box::pin(async { Ok(res) })
}
}that path checking if condition works every each requests from frontend (vitejs) I don't want this. any other good ideas I need. Please help me :) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Middleware isn't designed to know about routing, so honestly the best approach to "exclusions" is the |
Beta Was this translation helpful? Give feedback.
Middleware isn't designed to know about routing, so honestly the best approach to "exclusions" is the
ifcheck as you've shown.