Welcome to protect-endpoints Discussions!

[DDtKey]

👋 Welcome!

We’re using Discussions as a place to connect with other members of our community. We hope that you:

• Ask questions you’re wondering about.
• Share ideas.
• Engage with other community members.
• Welcome others and are open-minded. Remember that this is a community we
  build together 💪.

To get started, comment below with an introduction of yourself and tell us about what you do with this community.

[maku]

I would like to add additional information that is in a bearer token to the request (e.g "attach" a user information to the request similiar to attaching the permissions ). So that I would be able to identify the current user in a handler function. What would be the best way to do this when I am already using "actix-web-grants"?

I did something like this, which seems to work, is this ok?

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct UserInfo {
    pub id: Uuid,
    pub email: String,
    pub name: String,
}

impl FromRequest for UserInfo {
    type Error = actix_web::error::Error;
    type Future = Pin<Box<dyn Future<Output = Result<Self, actix_web::error::Error>>>>;

    fn from_request(req: &HttpRequest, payload: &mut Payload) -> Self::Future {
        let req = req.clone();

        Box::pin(async move {
            req.extensions()
                .get::<UserInfo>()
                .map(UserInfo::clone)
                .ok_or_else(|| actix_web::error:: ErrorUnauthorized("User unauthorized!"))

        })
    }


}

pub trait AttachUserInfo {
    fn attach_userinfo(&self, user_info: UserInfo);
}

impl AttachUserInfo for ServiceRequest {
    fn attach_userinfo(&self, user_info: UserInfo) {
        self.extensions_mut().insert(user_info);
    }
}

// then attach it

async fn validator(req: ServiceRequest, credentials: BearerAuth) -> Result<ServiceRequest, WebError> {
    // We just get permissions from JWT
    let claims = decode_jwt(credentials.token())?;
    req.attach(claims.permissions);
    req.attach_userinfo(UserInfo{name: claims.name, id: claims.userid, email: claims.username});

    Ok(req)
}

[DDtKey]

Yes, it seems that you have done exactly what you wanted, generally it's more about actix-web abilities.
Of course, you can change something in the code, for example - you don't have to use encapsulation via your own trait (but I personally like your way), or maybe you can avoid cloning of structure), however it looks really good 🙂

Moreover I'm considering possibilities to allow users use their own permissions structures, but it's might be useless 🤔