This is a simple example of how to use Actix Web with decoupled business logic and user authentication. This project is very similar to the one described in this blog post, but with some key differences.
This project is split into two crates, core, and http_transport.
corecontains all the business logic, and is what interacts with the database. This is done to be protocol agnostic.http_transportis a thin layer between http requests and the core.
/authPOST- Attempts to login using the credentials provided. Returns 200 with a session cookie if logging in was successful, will otherwise return 401.GET- Returns 200 if the user is logged in, will otherwise return 401.DELETE- Logs the user out. Returns 200 if the user is logged in, will otherwise return 401./signup/POST- Creates an account with the provided credentials.
Passwords are slated and hashed by argonautica. Can be seen here.
Sessions are managed by the server, and are identified by a 32 character string containing a-z, A-Z and 0-9, generated here. Session ids are hashed, using Sha256, to be saved in the database.