The latest articles on DEV Community by Roque (@roque). https://dev.to/roque https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F925588%2F1fdd0118-1810-4469-8c96-d2e4d3cdd93d.jpeg https://dev.to/roque en Roque Sat, 15 Apr 2023 00:35:00 +0000 https://dev.to/roque/making-a-custom-guard-in-actix-web-924 https://dev.to/roque/making-a-custom-guard-in-actix-web-924 <p>The premisse here is simple, I want to make a guard to wrap my scope/route/service, and in that guard I can put things like JWT token validation! So thats what this article is all about, organizing and guarding your routes.</p> <h2> First step: Setup </h2> <p>=====</p> <p>We start our project with the good old <em>cargo new _good_project_name_here</em>, then we go to our main.rs and paste the <a href="https://actix.rs/docs/getting-started">basic example</a> of the docs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="nd">#[actix_web::main]</span> <span class="k">async</span> <span class="k">fn</span> <span class="nf">main</span><span class="p">()</span> <span class="k">-&gt;</span> <span class="nn">std</span><span class="p">::</span><span class="nn">io</span><span class="p">::</span><span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="nn">HttpServer</span><span class="p">::</span><span class="nf">new</span><span class="p">(||</span> <span class="p">{</span> <span class="nn">App</span><span class="p">::</span><span class="nf">new</span><span class="p">()</span> <span class="nf">.service</span><span class="p">(</span><span class="n">hello</span><span class="p">)</span> <span class="nf">.service</span><span class="p">(</span><span class="n">echo</span><span class="p">)</span> <span class="nf">.route</span><span class="p">(</span><span class="s">"/hey"</span><span class="p">,</span> <span class="nn">web</span><span class="p">::</span><span class="nf">get</span><span class="p">()</span><span class="nf">.to</span><span class="p">(||</span> <span class="k">async</span> <span class="p">{</span> <span class="nn">HttpResponse</span><span class="p">::</span><span class="nf">Ok</span><span class="p">()</span><span class="nf">.body</span><span class="p">(</span><span class="s">"Hello"</span><span class="p">)</span> <span class="p">})))</span> <span class="p">})</span> <span class="nf">.bind</span><span class="p">((</span><span class="s">"127.0.0.1"</span><span class="p">,</span> <span class="mi">8080</span><span class="p">))</span><span class="o">?</span> <span class="nf">.run</span><span class="p">()</span> <span class="k">.await</span> <span class="p">}</span> </code></pre> </div> <p>We'll start by laying the groundwork for our next steps, our folder structure looks like this at the start, though most of it is empty:</p> <p>.<br> |── Cargo.lock<br> |── Cargo.toml<br> |── src<br> |── handlers<br> | ├── mod.rs<br> | ├── unauthorized_handler.rs<br> | └── user_handler.rs<br> |── main.rs<br> |── utils<br> |── custom_guards.rs<br> |── mod.rs</p> <ul> <li><p>I like to divide my handlers by the feature that they represent (like users or books) this results in more files but I think its worth the hassle in the long run.</p></li> <li><p>At this point, is a fair warning that I'm have followed the Getting Started in Acticx Web documentation, and know what a "mod.rs" file does, if you don't I STRONGLY recommend that you go check the Docs by clicking <a href="https://actix.rs/">Here</a>, its really good.</p></li> </ul> <h2> User Handler </h2> <p>Here we're gonna do two things, first, create a simple get request that gives us a cute json response, the second, is create a function that lets us create a service, with the scope "/user" who will contain all requests related to a user.</p> <p>First things first, that our get request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// user_handler.rs</span> <span class="nd">#[get(</span><span class="s">"/"</span><span class="nd">)]</span> <span class="k">async</span> <span class="k">fn</span> <span class="nf">get_all_users</span><span class="p">()</span> <span class="k">-&gt;</span> <span class="n">HttpResponse</span> <span class="p">{</span> <span class="nn">HttpResponse</span><span class="p">::</span><span class="nf">Ok</span><span class="p">()</span><span class="nf">.json</span><span class="p">(</span><span class="nd">json!</span><span class="p">({</span><span class="s">"test"</span><span class="p">:</span> <span class="s">"test"</span><span class="p">}))</span> <span class="p">}</span> </code></pre> </div> <p>Then, remember that we're not in <em>main.rs</em>, so we need to get this route there some way, and we also want it to work inside a scope and be protected by a guard, to do that, we need the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// user_handler.rs</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">user_scoped_config</span><span class="p">(</span><span class="n">cfg</span><span class="p">:</span> <span class="o">&amp;</span><span class="k">mut</span> <span class="nn">web</span><span class="p">::</span><span class="n">ServiceConfig</span><span class="p">)</span> <span class="p">{</span> <span class="n">cfg</span><span class="nf">.service</span><span class="p">(</span><span class="nn">web</span><span class="p">::</span><span class="nf">scope</span><span class="p">(</span><span class="s">"/user"</span><span class="p">)</span> <span class="nf">.guard</span><span class="p">(</span><span class="nn">guard</span><span class="p">::</span><span class="nf">fn_guard</span><span class="p">(|</span><span class="n">ctx</span><span class="p">|</span> <span class="k">true</span><span class="p">))</span> <span class="c1">// Will change this soon</span> <span class="nf">.service</span><span class="p">(</span><span class="n">get_all_users</span><span class="p">),</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The line <em>.guard(guard::fn_guard(|ctx| true))</em> is where our custon guard will rest, its a fn_guard() as you can see, and it can take a function that get our context as parameter.</p> <h2> Custom Guard </h2> <p>Now we'll create the function that will be our mighty guard! OUr objective here is to create a a funciton that recieves our context and returns a boolean, inside this function we can access our request data and decide if it can have access to our routes.<br> Here I'll call it <em>verify_token</em> just as a reminder that it can be used for that, this function will only verify if the Authorization header exists, if not, access will be denied,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">//custom_guards.rs</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">verify_token</span><span class="p">(</span><span class="n">ctx</span><span class="p">:</span> <span class="o">&amp;</span><span class="n">GuardContext</span><span class="p">)</span> <span class="k">-&gt;</span> <span class="nb">bool</span> <span class="p">{</span> <span class="k">let</span> <span class="n">auth_header</span> <span class="o">=</span> <span class="n">ctx</span><span class="nf">.head</span><span class="p">()</span><span class="nf">.headers</span><span class="p">()</span><span class="nf">.get</span><span class="p">(</span><span class="s">"authorization"</span><span class="p">);</span> <span class="k">if</span> <span class="n">auth_header</span><span class="nf">.is_none</span><span class="p">()</span> <span class="p">{</span> <span class="nn">HttpResponse</span><span class="p">::</span><span class="nf">Unauthorized</span><span class="p">()</span><span class="nf">.json</span><span class="p">(</span><span class="nd">json!</span><span class="p">({</span><span class="s">"error"</span> <span class="p">:</span> <span class="s">"Acesso negado"</span><span class="p">}));</span> <span class="k">return</span> <span class="k">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="k">true</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now, we need to change our <em>fn_guard</em> inside <em>user_handler.rs</em>, to look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="c1">// user_handler.rs</span> <span class="k">pub</span> <span class="k">fn</span> <span class="nf">user_scoped_config</span><span class="p">(</span><span class="n">cfg</span><span class="p">:</span> <span class="o">&amp;</span><span class="k">mut</span> <span class="nn">web</span><span class="p">::</span><span class="n">ServiceConfig</span><span class="p">)</span> <span class="p">{</span> <span class="n">cfg</span><span class="nf">.service</span><span class="p">(</span><span class="nn">web</span><span class="p">::</span><span class="nf">scope</span><span class="p">(</span><span class="s">"/user"</span><span class="p">)</span> <span class="nf">.guard</span><span class="p">(</span><span class="nn">guard</span><span class="p">::</span><span class="nf">fn_guard</span><span class="p">(</span><span class="n">verify_token</span><span class="p">)</span> <span class="nf">.service</span><span class="p">(</span><span class="n">get_all_users</span><span class="p">),</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>And done! Our routes are protected from requests without the Authorization Header!</p> <h2> Bonus: Handle unauthorized requests </h2> <p>Well, now that we blocked the access, we migth want to send a pretty response explaining why said request was blocked, for that we can use a <em>default_service</em>! Is quite simple, if a request fails a guard of a scope, it will try to match with other route in its father (in this case, our root app) so we can create a handler that will take care of that!</p> <p>Inside <em>unauthorized_handler.rs</em> insert the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">pub</span> <span class="k">async</span> <span class="k">fn</span> <span class="nf">handle_unauthorized</span><span class="p">()</span> <span class="k">-&gt;</span> <span class="n">HttpResponse</span> <span class="p">{</span> <span class="nn">HttpResponse</span><span class="p">::</span><span class="nf">Unauthorized</span><span class="p">()</span><span class="nf">.json</span><span class="p">(</span><span class="nd">json!</span><span class="p">({</span><span class="s">"error"</span><span class="p">:</span> <span class="s">"Unauthorized"</span><span class="p">}))</span> <span class="p">}</span> </code></pre> </div> <h2> Grand finale </h2> <p>Now we just need to use those beautiful thins inside our main function!<br> If you hook it all up in the right way you main should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">mod</span> <span class="n">handlers</span><span class="p">;</span> <span class="k">mod</span> <span class="n">utils</span><span class="p">;</span> <span class="k">use</span> <span class="nn">actix_web</span><span class="p">::{</span> <span class="n">web</span><span class="p">,</span> <span class="n">App</span><span class="p">,</span> <span class="n">HttpServer</span><span class="p">,</span> <span class="p">};</span> <span class="k">use</span> <span class="nn">handlers</span><span class="p">::{</span> <span class="nn">unauthorized_handler</span><span class="p">::</span><span class="n">handle_unauthorized</span><span class="p">,</span> <span class="nn">user_handler</span><span class="p">::</span><span class="n">user_scoped_config</span><span class="p">,</span> <span class="p">};</span> <span class="k">struct</span> <span class="n">ApiGlobalState</span> <span class="p">{}</span> <span class="nd">#[actix_web::main]</span> <span class="k">async</span> <span class="k">fn</span> <span class="nf">main</span><span class="p">()</span> <span class="k">-&gt;</span> <span class="nn">std</span><span class="p">::</span><span class="nn">io</span><span class="p">::</span><span class="nb">Result</span><span class="o">&lt;</span><span class="p">()</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">let</span> <span class="n">app_data</span> <span class="o">=</span> <span class="nn">web</span><span class="p">::</span><span class="nn">Data</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="n">ApiGlobalState</span> <span class="p">{});</span> <span class="nn">HttpServer</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="k">move</span> <span class="p">||</span> <span class="p">{</span> <span class="nn">App</span><span class="p">::</span><span class="nf">new</span><span class="p">()</span> <span class="nf">.app_data</span><span class="p">(</span><span class="n">app_data</span><span class="nf">.clone</span><span class="p">())</span> <span class="nf">.configure</span><span class="p">(</span><span class="n">user_scoped_config</span><span class="p">)</span> <span class="nf">.default_service</span><span class="p">(</span><span class="nn">web</span><span class="p">::</span><span class="nf">route</span><span class="p">()</span><span class="nf">.to</span><span class="p">(</span><span class="n">handle_unauthorized</span><span class="p">))</span> <span class="p">})</span> <span class="nf">.bind</span><span class="p">((</span><span class="s">"127.0.0.1"</span><span class="p">,</span> <span class="mi">8080</span><span class="p">))</span><span class="o">?</span> <span class="nf">.run</span><span class="p">()</span> <span class="k">.await</span> <span class="p">}</span> </code></pre> </div> <p>And it's done! Hope that this was a good reading for you, and if you think I made some mistake, please reach out to me, I would love to get better with your help!<br> Thanks and have a nice time :) </p>