Description
This crate will help you set up authorization and validate user permissions in actix-web.
The library can also be integrated with third-party solutions (like actix-web-httpauth).
actix-web-grants alternatives and similar packages
Based on the "Web programming" category.
Alternatively, view protect-endpoints alternatives based on common mentions on social networks and blogs.
Do you think we are missing an alternative of actix-web-grants or a related project?
Popular Comparisons
README
actix-web-grants
Extension for
actix-web
to validate user permissions.
To check user access to specific services, you can use built-in proc-macro
, PermissionGuard
or manual.
The library can also be integrated with third-party solutions (like actix-web-httpauth
).
Example of proc-macro
way protection
use actix_web_grants::proc_macro::{has_permissions};
#[get("/secure")]
#[has_permissions("OP_READ_SECURED_INFO")]
async fn macro_secured() -> HttpResponse {
HttpResponse::Ok().body("ADMIN_RESPONSE")
}
Example of Guard
way protection
use actix_web_grants::{PermissionGuard, GrantsMiddleware};
App::new()
.wrap(GrantsMiddleware::with_extractor(extract))
.service(web::resource("/admin")
.to(|| async { HttpResponse::Ok().finish() })
.guard(PermissionGuard::new("ROLE_ADMIN".to_string())))
.service(web::resource("/admin") // fallback endpoint if you want to return a 403 HTTP code
.to(|| async { HttpResponse::Forbidden().finish() }))
Example of custom fallback endpoint for Scope
with Guard
Since Guard
is intended only for routing, if the user doesn't have permissions, it returns a 404
HTTP code. But you can override the behavior like this:
use actix_web_grants::{PermissionGuard, GrantsMiddleware};
use actix_web::http::header;
App::new()
.wrap(GrantsMiddleware::with_extractor(extract))
.service(web::scope("/admin")
.guard(PermissionGuard::new("ROLE_ADMIN_ACCESS".to_string()))
.service(web::resource("/users")
.to(|| async { HttpResponse::Ok().finish() }))
).service(
web::resource("/admin{regex:$|/.*?}").to(|| async {
HttpResponse::TemporaryRedirect().append_header((header::LOCATION, "/login")).finish()
}))
When Guard
lets you in the Scope
(meaning you have "ROLE_ADMIN_ACCESS"
), the redirect will be unreachable for you. Even if you will request /admin/some_undefined_page
.
Note: regex
is a Path
variable containing passed link.
Example of manual way protection
use actix_web_grants::permissions::{AuthDetails, PermissionsCheck};
async fn manual_secure(details: AuthDetails) -> HttpResponse {
if details.has_permission(ROLE_ADMIN) {
return HttpResponse::Ok().body("ADMIN_RESPONSE");
}
HttpResponse::Ok().body("OTHER_RESPONSE")
}
You can find more examples
in the git repository folder and documentation
.
Supported actix-web
versions
- For
actix-web-grants: 2.*
supported version ofactix-web
is3.*
- For
actix-web-grants: 3.*
supported version ofactix-web
is4.*
*Note that all licence references and agreements mentioned in the actix-web-grants README section above
are relevant to that project's source code only.