Comments (7)
Ok, sorry, I will create one.
from protect-endpoints.
Thank you for the amazing package!
Thanks, I appreciate it!
In general, the question more about how routes & scopes works in actix-web
. The easiest (but trivial) way is wrapping only needed scopes. For example:
App::new()
.service(
web::scope("/api/v1")
.service(
web::scope("/reservations")
.wrap(HttpAuthentication::bearer(validator))
.configure(reservations_controllers::secured_routes),
)
.service(web::scope("/auth").configure(auth_controller::routes))
)
.app_data(data.clone())
But I'm not sure if it suits you
from protect-endpoints.
Thank you for the quick response.
I'll just wrap individual handlers as you said
from protect-endpoints.
Hello @DDtKey , I run into the same issue. The trick with different scops works, but not in all situations.
Is there a way to use Role based authentication and map all requests without a authorization header to role Guest and then using #[has_any_role("Role::Guest", "Role::User", type = "Role")]
?
from protect-endpoints.
Hello @DDtKey , I run into the same issue. The trick with different scops works, but not in all situations.
Is there a way to use Role based authentication and map all requests without a authorization header to role Guest and then using
#[has_any_role("Role::Guest", "Role::User", type = "Role")]
?
Just to clarify this, do you want actix-web-grants
to consider not authorized users as Guests? Looks like another topic 🤔
It should be authorization logic in that case IMHO.
I mean you can assign the Guest during checking header(in method that you pass to middleware), like:
if auth_header.is_none() {
return Role::Guest
}
from protect-endpoints.
Just to clarify this, do you want
actix-web-grants
to consider not authorized users as Guests? Looks like another topic thinking It should be authorization logic in that case IMHO.
Not exactly, it depends what is the most easiest way. It was only one idea I had, to give all non authenticated users the role guest. But I thought that maybe actix-web-grants has a way to handle this situations.
I mean you can assign the Guest during checking header(in method that you pass to middleware), like:
But that means I have to write my one middleware? I tried to implement something like that in the validator()
function, but there the checking is to late already.
from protect-endpoints.
@jb-alvarado oh, I see your point. But it worth to create separate issue, I'm pretty sure that's not related one
from protect-endpoints.
Related Issues (20)
- Add support for ABAC-like model to procedural macro
- Let `PermissionsExtractor::extract` receive a `&mut ServiceRequest` so extractors can actually access the inner `HttpRequest` HOT 6
- Error "type `Config` is not a member of trait `FromRequest`" HOT 7
- Fails to build against actix_web 4.0.0-beta.14 HOT 4
- Support for custom access denied response in `proc-macro`
- Support for using glob expressions on permissions?
- New release with Actix Web 4 support HOT 2
- Mismatch between compiler message and function arg position in tests HOT 1
- Check user name in route HOT 4
- Validator issue HOT 3
- Allow some routes to non authenticated users? HOT 2
- use enum in attribute? HOT 2
- Question: Use multiple proc macros at the same time HOT 5
- Reorganize `*-grants` crates into single repo (workspace)
- Any plans for supporting salvo? HOT 4
- Customise token lookup location HOT 4
- Support for allowing 1 permission or the other HOT 3
- how custom fallback type HOT 3
- Why this change HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from protect-endpoints.