davidpdrsn / axum-flash Goto Github PK

Hi,
I'm encountering odd behaviour when flashing messages for different routes in my Axum server and I'm not quite sure what the issue is.

For example, I have these routes for registering new users (under /register):

pub async fn get_register(flash: IncomingFlashes, Extension(tera): Extension<Tera>) -> Html<String> {
   let mut context = tera::Context::new();
   if flash.len() == 1{
       context.insert("message", flash.iter().nth(0).unwrap().1);
   }

   Html(tera.render("register.html.tera", &context).unwrap())
}

pub async fn post_register(
    form: Form<Register>,
    mut flash: Flash,
    DatabaseConnection(conn): DatabaseConnection,
) -> Redirect {
// Try to register the user
// [......]
   Ok(_) => Redirect::to("/login"),

   Err(e) => {
      flash.error("Unable to register user");
      Redirect::to("/register")
   }
}

The flashing functionality works as expected for these routes (i.e. if there's an error during registration, the user is redirected and the flash message is shown. Upon refreshing the page, the flash message is cleared.

I then have some other routes (under /types/create) which are very similar to the above, but the flash message persists even after refreshing the page (and I can see the 'axum-flash' cookie stored in my browser after refreshing).

pub async fn get_create_type(flash: IncomingFlashes, Extension(tera): Extension<Tera>) -> Html<String>{
    let mut context = tera::Context::new();
    if flash.len() == 1{
        context.insert("message", flash.iter().nth(0).unwrap().1);
    }

    Html(tera.render("new_type.html.tera", &context).unwrap())
}

pub async fn post_create_type(
    form: Form<PostNewType>,
    mut flash: Flash,
    DatabaseConnection(conn): DatabaseConnection,
) -> Redirect {
   // Logic to create a new type
   // If a type with that name exists already, do:
   flash.error("Type already exists");
   Redirect::to("/types/create")
}

In these other routes, I've tried adding extra code to forcibly remove the 'axum-flash' cookie (I also tried using the other 2 types of CookieJar as well), but it still persists:

pub async fn get_create_type(flash: IncomingFlashes, jar: CookieJar, Extension(tera): Extension<Tera>) -> impl IntoResponse{
    let mut context = tera::Context::new();
    if flash.len() == 1{
        context.insert("message", flash.iter().nth(0).unwrap().1);
    }

    // Attempt to remove the 'axum-flash' cookie
    let updated_jar: CookieJar = jar.remove(Cookie::named("axum-flash"));

    (updated_jar, Html(tera.render("new_type.html.tera", &context).unwrap()))
}

From this page (/types/create) with the persistent cookie, if I then navigate back to the /register route and refresh the page, the cookie is cleared.

Can you think of any reason why in some instances the flash cookie is cleared, but in other cases it's not?
Let me know if you need more details on anything

Hi,

i'm writing a axum server where i implemented Authorization with sessions. Until now i did this in every handler.
Therefore i moved the check that user has as an active session into a middleware using from_fn.
Everything works fine. The only problem i have is that i'm not able anymore to access Flash to send an info back to the browser in case the user is not authorized.
In the handlers i was using an extractor, but in the middleware from_fn function this is not working anymore.
I assume this is because Flash is implementing FromRequestParts and not FromRequest.
I'm not sure if it is possible. But if it is, do you have a hint on how to implement it?
Thanks and best regards, Thomas

Requires imbolc/tower-cookies#5 to be merged and published.

After upgrading Axum to 0.7, axum-flash gives the following error:

the trait `FromRequestParts<()>` is not implemented for `IncomingFlashes`

I'm facing a very strange issue.
When a flash message's length is less than 1515 characters, it goes through fine.
However, when it is more than 1514 characters, it won't go through.

Example below

Sending flash message:

pub async fn send_flash_message(
    flash: Flash,
) -> Result<(Flash, Redirect), ResponseError> {
    Ok((
        flash.info("more than 1514 characters here"),
        Redirect::to("new-page"),
    ))
}

Receiving flash message:

pub async fn receive_flash_message(
    flashes: IncomingFlashes,
) -> Result<(IncomingFlashes, Html<String>), ResponseError> {
    // Do something with the flash message here
}

The function for sending a flash message is triggered when a user submits a form, and the user will be redirected to new-page.
When the flash message contains less than 1515 characters, user gets redirected to new-page with the flash message.
However, when the flash message contains more than 1514 characters, user gets redirected to new-page without the flash message.

I've tried setting use_secure_cookies to false, but it didn't do anything.
I've tested and observed the issue on both Firefox and Chrome.
My environment: rust 1.73.0, axum 0.6, axum-flash 0.7.