Skip to content

Commit

Permalink
Merge c51865c into 75670a8
Browse files Browse the repository at this point in the history
  • Loading branch information
@lloydmeta
lloydmeta committed Jul 6, 2022
2 parents 75670a8 + c51865c commit 76503d7
Show file tree
Hide file tree
Showing 6 changed files with 448 additions and 363 deletions.
102 changes: 74 additions & 28 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "actix-jwt-authc"
version = "0.1.1"
version = "0.2.0"
edition = "2021"
authors = ["Lloyd <lloydmeta@gmail.com>"]
description = "Actix middleware for authenticating JWTs with support for invalidation"
Expand All @@ -19,7 +19,6 @@ session = ["dep:actix-session"]
log = ["tracing/log"]

[dependencies]
async-trait = "0.1"
futures-util = "0.3"
tokio = { version = "1.19", features = ["sync"], default-features = false }
actix-web = "4"
Expand All @@ -37,6 +36,7 @@ dashmap = "5.3"
uuid = { version = "1.1", features = ["v4", "fast-rng", "macro-diagnostics"] }
ring = "0.16"
tracing-subscriber = "0.3"
futures = "0.3"

# docs.rs-specific configuration
[package.metadata.docs.rs]
Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,11 @@
[![Coverage Status](https://coveralls.io/repos/github/lloydmeta/actix-jwt-authc/badge.svg?branch=main)](https://coveralls.io/github/lloydmeta/actix-jwt-authc?branch=main)

JWT authentication middleware for Actix that supports checking for invalidated JWTs without paying the cost of a per-request
IO call. It periodically pulls a set of invalidated JWTs and storing them in memory from a reader implementation that
can be efficiently implemented.
IO call. It sources invalidated JWTs from a Stream and stores them in memory.

This middleware is based on the assumption that since JWTs (should) have an expiry, ultimately, an in-memory set of
explicitly-invalidated-yet-unexpired JWTs that are periodically reloaded should not be overwhelmingly big enough to
cause problems. Only measurements can help answer if it causes problems in your specific usecase.
cause problems. Only testing can truly answer if this assumption works for a given usecase.

[Docs for `main`](https://beachape.com/actix-jwt-authc/actix_jwt_authc)

Expand All @@ -32,6 +31,7 @@ The example included in this repo has
- A simple set of routes for starting and inspecting the current session
- An in-memory implementation of the invalidated JWT interface
- In-memory loop for purging expired JWTs from the store
- Channel-based Stream of invalidated JWT events for powering the invalidated JWT set used by the middleware
- [ring](https://github.com/briansmith/ring) to generate an Ed25519 keypair for [EdDSA-signed JWTs](https://www.scottbrady91.com/jose/jwts-which-signing-algorithm-should-i-use)

Both session and JWT keys are generated on the fly, so JWTs are incompatible across restarts.
Expand Down

0 comments on commit 76503d7

Please sign in to comment.