diff options
| author | Martin Fischer <martin@push-f.com> | 2022-07-27 14:29:00 +0200 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2022-07-27 14:29:00 +0200 |
| commit | 70a6127d48baa86c724d467943e64074c9e41f18 (patch) | |
| tree | 9070183319448c56811bc6cdc1cec1ab3e82eb81 /README.md | |
| parent | dadd46143e7a0fb9d512d5601a6f8fef553fd82a (diff) | |
remove security module
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 41 |
1 files changed, 0 insertions, 41 deletions
@@ -12,11 +12,6 @@ with [Serde](https://serde.rs/) you can enable the following feature flags: `into_form` method for parsing data submitted from HTML forms. - `hyper_body_json` additionaly provides an `into_json` method -With the `security` feature Sputnik furthermore provides what's necessary to -implement [signed & expiring cookies](#signed--expiring-cookies) with the -expiry date encoded into the signed cookie value, providing a more -lightweight alternative to JWT if you don't need interoperability. - Sputnik does **not** handle routing because even complex routing can be quite easily implemented with nested `match` blocks. If you want a more high-level router, you can check out the [router crates](https://crates.io/keywords/router). @@ -123,39 +118,3 @@ async fn main() { server.await; } ``` - -## Signed & expiring cookies - -After a successful authentication you can build a session id cookie for -example as follows: - -```rust -let expiry_date = SystemTime::now() + Duration::from_secs(24 * 60 * 60); -let mut cookie = Cookie::new("userid", - key.sign( - &encode_expiring_claim(&userid, expiry_date) - )); -headers.set_cookie(Cookie{ - name: "userid".into(), - value: key.sign( - &encode_expiring_claim(&userid, expiry_date) - ), - secure: Some(true), - expires: Some(expiry_date), - same_site: SameSite::Lax, -}); -``` - -This session id cookie can then be retrieved and verified as follows: - -```rust -let userid = req.cookies().find(|(name, _value)| *name == "userid") - .ok_or_else(|| "expected userid cookie".to_owned()) - .and_then(|(_name, value)| key.verify(value)) - .and_then(|value| decode_expiring_claim(value).map_err(|e| format!("failed to decode userid cookie: {}", e))); -``` - -Tip: If you want to store multiple claims in the cookie, you can -(de)serialize a struct with [serde_json](https://docs.serde.rs/serde_json/). -This approach can pose a lightweight alternative to JWT, if you don't care -about the standardization aspect. |