Skip to content

Commit 1f04868

Browse files
lloydmetalloydmeta
authored
Switch to async Stream-based updates of invalidated JWTs (#4)
This allows: - Implementors to fully control how to load/reload invalidated JWTS without being tied to a loop-based reload, as well as tag-based loading without this middleware being aware of it. - Back pressure for free Signed-off-by: lloydmeta <lloydmeta@gmail.com>
1 parent 75670a8 commit 1f04868

File tree

6 files changed

+448
-363
lines changed

6 files changed

+448
-363
lines changed

Cargo.lock

Lines changed: 74 additions & 28 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "actix-jwt-authc"
3-
version = "0.1.1"
3+
version = "0.2.0"
44
edition = "2021"
55
authors = ["Lloyd <lloydmeta@gmail.com>"]
66
description = "Actix middleware for authenticating JWTs with support for invalidation"
@@ -19,7 +19,6 @@ session = ["dep:actix-session"]
1919
log = ["tracing/log"]
2020

2121
[dependencies]
22-
async-trait = "0.1"
2322
futures-util = "0.3"
2423
tokio = { version = "1.19", features = ["sync"], default-features = false }
2524
actix-web = "4"
@@ -37,6 +36,7 @@ dashmap = "5.3"
3736
uuid = { version = "1.1", features = ["v4", "fast-rng", "macro-diagnostics"] }
3837
ring = "0.16"
3938
tracing-subscriber = "0.3"
39+
futures = "0.3"
4040

4141
# docs.rs-specific configuration
4242
[package.metadata.docs.rs]

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,11 @@
55
[![Coverage Status](https://coveralls.io/repos/github/lloydmeta/actix-jwt-authc/badge.svg?branch=main)](https://coveralls.io/github/lloydmeta/actix-jwt-authc?branch=main)
66

77
JWT authentication middleware for Actix that supports checking for invalidated JWTs without paying the cost of a per-request
8-
IO call. It periodically pulls a set of invalidated JWTs and storing them in memory from a reader implementation that
9-
can be efficiently implemented.
8+
IO call. It sources invalidated JWTs from a Stream and stores them in memory.
109

1110
This middleware is based on the assumption that since JWTs (should) have an expiry, ultimately, an in-memory set of
1211
explicitly-invalidated-yet-unexpired JWTs that are periodically reloaded should not be overwhelmingly big enough to
13-
cause problems. Only measurements can help answer if it causes problems in your specific usecase.
12+
cause problems. Only testing can truly answer if this assumption works for a given usecase.
1413

1514
[Docs for `main`](https://beachape.com/actix-jwt-authc/actix_jwt_authc)
1615

@@ -32,6 +31,7 @@ The example included in this repo has
3231
- A simple set of routes for starting and inspecting the current session
3332
- An in-memory implementation of the invalidated JWT interface
3433
- In-memory loop for purging expired JWTs from the store
34+
- Channel-based Stream of invalidated JWT events for powering the invalidated JWT set used by the middleware
3535
- [ring](https://github.com/briansmith/ring) to generate an Ed25519 keypair for [EdDSA-signed JWTs](https://www.scottbrady91.com/jose/jwts-which-signing-algorithm-should-i-use)
3636

3737
Both session and JWT keys are generated on the fly, so JWTs are incompatible across restarts.

0 commit comments

Comments
 (0)