Conversation
modified session_key.rs to impl secrecy::Zeroize for SessionKey modified session.rs in attempts of adding secrecy::Secret<SessionKey> to InnerSession struct.
actix-session/src/session.rs
Outdated
| struct SessionInner { | ||
| state: HashMap<String, String>, | ||
| status: SessionStatus, | ||
| session_key: SessionKey, |
There was a problem hiding this comment.
This must be an Option, since the key will only exist if the user has an active session.
There was a problem hiding this comment.
It should be populated by
actix-extras/actix-session/src/middleware.rs
Line 221 in 1774b8a
actix-extras/actix-session/src/middleware.rs
Line 218 in 1774b8a
There was a problem hiding this comment.
and this logic needs to be replicated in session.rs? This is tricky for me to understand. This is populated within get_session_key fn I'm proposing?
There was a problem hiding this comment.
You can add a Session::set_session_key method which is then invoked by middleware.rs, next to the passage I highlighted.
| #[derive(Debug, PartialEq, Eq)] | ||
| pub struct SessionKey(String); | ||
| #[derive(Debug, PartialEq, Eq, Default, Clone)] | ||
| pub struct SessionKey(pub String); |
There was a problem hiding this comment.
You don't want to expose the inner field here.
We can change SessionKey to be SessionKey(secrecy::Secret<String>) and expose into_inner/inner methods to access the inner value.
There was a problem hiding this comment.
In the code we are impl a AsRef
method `as_ref` has an incompatible type for trait
expected fn pointer `fn(&storage::session_key::SessionKey) -> &str`
found fn pointer `fn(&storage::session_key::SessionKey) -> &secrecy::Secret<std::string::String>`
However it's not clear to me how to do with with secrecy data
https://docs.rs/secrecy/0.8.0/secrecy/struct.Secret.html#trait-implementations
Should I be looking for a trait AsRef here?
If I update to
impl AsRef<secrecy::Secret<String>> for SessionKey {
fn as_ref(&self) -> &secrecy::Secret<String> {
&self.0
}
}Does this mean I need to update redis_rs.rs / redis_actor.rs / cookie.rs
miketwenty1
left a comment
miketwenty1
left a comment
There was a problem hiding this comment.
follow to @LukeMathWalker on his feedback for session key exposure. Jan 3, 2023.
actix-session/src/session.rs
Outdated
| struct SessionInner { | ||
| state: HashMap<String, String>, | ||
| status: SessionStatus, | ||
| session_key: SessionKey, |
There was a problem hiding this comment.
and this logic needs to be replicated in session.rs? This is tricky for me to understand. This is populated within get_session_key fn I'm proposing?
| #[derive(Debug, PartialEq, Eq)] | ||
| pub struct SessionKey(String); | ||
| #[derive(Debug, PartialEq, Eq, Default, Clone)] | ||
| pub struct SessionKey(pub String); |
There was a problem hiding this comment.
In the code we are impl a AsRef
method `as_ref` has an incompatible type for trait
expected fn pointer `fn(&storage::session_key::SessionKey) -> &str`
found fn pointer `fn(&storage::session_key::SessionKey) -> &secrecy::Secret<std::string::String>`
However it's not clear to me how to do with with secrecy data
https://docs.rs/secrecy/0.8.0/secrecy/struct.Secret.html#trait-implementations
Should I be looking for a trait AsRef here?
If I update to
impl AsRef<secrecy::Secret<String>> for SessionKey {
fn as_ref(&self) -> &secrecy::Secret<String> {
&self.0
}
}Does this mean I need to update redis_rs.rs / redis_actor.rs / cookie.rs
|
@LukeMathWalker did you need me to do more work on this before getting next bits of feedback? I have some outstanding questions. |
3 participants
PR Type
Feature
PR Checklist
cargo +nightly fmt).Overview
The goal is add this feature to be utilized by the redis session middleware without breaking any other session middleware.
Notes from discussion:
#306
Dev Notes:
This is not a working PR, changes will come after feedback.