Merge pull request #11 from wenewzhang/master

add Cors support

Author: SakaDream

Cargo.toml

@@ -8,6 +8,7 @@ edition = "2018"
 actix-web = "2.0.0"
 actix-rt = "1.0.0"
 actix-service = "1.0.1"
+actix-cors = "0.2.0"
 log = "0.4.8"
 env_logger = "0.7.1"
 diesel_migrations = "1.4.0"

README.md

@@ -17,7 +17,7 @@ Or using [Docker](https://www.docker.com/)
 - Create a database in postgres cli or [pgAdmin](https://www.pgadmin.org/) tool
 - Rename `.env.sample` to `.env` and update the database connection string in `DATABASE_URL` key.
 - Build with release profile: `cargo build --release`
-- Run release binary in command line/terminal. 
+- Run release binary in command line/terminal.
   - Windows: `target/release/actix-web-rest-api-with-jwt.exe`
   - Linux/UNIX: `target/release/actix-web-rest-api-with-jwt`
 - Enjoy! 😄
@@ -32,14 +32,23 @@ Or using [Docker](https://www.docker.com/)
 ### Address: **`localhost:8000`**
 
 ### `GET /api/ping`: Ping
-
+```bash
+curl -X GET -i 'http://127.0.0.1:8000/api/ping'
+```
 - Response:
     - 200 OK
     ```
     pong!
     ```
 
 ### `POST /api/auth/signup`: Signup
+```bash
+curl -X POST -i 'http://127.0.0.1:8000/api/auth/signup' \
+-H "Content-Type: application/json" --data '{"username": "c",
+   "email": "c",
+   "password": "c" }'
+```
+
   - Request body:
   ```
   {
@@ -65,6 +74,10 @@ Or using [Docker](https://www.docker.com/)
     ```
 
 ### `POST /api/auth/login`: Login
+```bash
+curl -X POST -H 'Content-Type: application/json' -i 'http://127.0.0.1:8000/api/auth/login'  \
+ --data '{"username_or_email":"c",  "password":"c"}'
+```
   - Request body:
   ```
   {
@@ -90,7 +103,16 @@ Or using [Docker](https://www.docker.com/)
     }
     ```
 
+### `POST /api/auth/login`: Logout
+    ```bash
+    curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzcyNTc4NzksImV4cCI6MTU3Nzg2MjY3OSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiYzUxNWE3NTg3NGYzNGVjNGFmNDJmNWE2M2QxMDVjMGYifQ.B9w6FxFdypb5GCRMKXZ9CZWFxQLFjvmPSusMCtcE-Ac' -i 'http://127.0.0.1:8000/api/auth/logout'
+    ```
+
 ### `GET /api/address-book`: Get all people information
+```
+curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' -i 'http://127.0.0.1:8000/api/address-book'
+'
+```
   - Header:
     - Authorization: bearer \<token\>
   - Response
@@ -113,6 +135,9 @@ Or using [Docker](https://www.docker.com/)
     ```
 
 ### `GET /api/address-book/{id}`: Get person information by id
+```
+curl -X GET -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' -i 'http://127.0.0.1:8000/api/address-book/2'
+```
   - Param path:
     - id: int32
   - Header:
@@ -166,6 +191,17 @@ Or using [Docker](https://www.docker.com/)
     ```
 
 ### `POST /api/address-book`: Add person information
+```
+curl -X POST -H 'Content-Type: application/json' -H 'Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU4NzM4MjksImV4cCI6MTU3NjQ3ODYyOSwidXNlciI6ImMiLCJsb2dpbl9zZXNzaW9uIjoiZjU5N2M3MTIxZTExNDBhMGE0ZjE0YmQ4N2NjM2Q4MWUifQ.6qppDfRgOw45eExJ7MUEwpcu3AUXXe9_ifj_mp7k22k' -i 'http://127.0.0.1:8000/api/address-book' --data '{
+  "name": "a",
+  "gender": true,
+  "age": 32,
+  "address": "addr",
+  "phone": "133",
+  "email": "e@q.com"
+}
+'
+```
   - Header:
     - Authorization: bearer \<token\>
   - Request body:
@@ -258,3 +294,15 @@ Or using [Docker](https://www.docker.com/)
       "data": ""
     }
     ```
+### brower OPTIONS curl request example
+```
+curl -X OPTIONS -i 'http://127.0.0.1:8000/api/login' -H "Origin: http://example.com" -H "Access-Control-Request-Method: POST"
+```
+  - Response  
+  HTTP/1.1 200 OK
+  content-length: 0
+  access-control-max-age: 3600
+  access-control-allow-methods: POST,DELETE,GET,PUT
+  access-control-allow-origin: *
+  access-control-allow-headers: authorization,content-type,accept
+  date: Tue, 07 Jan 2020 15:17:48 GMT

migrations/2019-02-20-054109_create_login_history_table/up.sql

@@ -4,4 +4,4 @@ CREATE TABLE login_history
     id SERIAL PRIMARY KEY NOT NULL,
     user_id BIGINT NOT NULL REFERENCES users(id),
     login_timestamp TIMESTAMP WITH TIME ZONE NOT NULL
-);
+);

src/main.rs

@@ -13,6 +13,7 @@ extern crate serde_derive;
 #[macro_use]
 extern crate serde_json;
 extern crate actix_rt;
+extern crate actix_cors;
 extern crate env_logger;
 extern crate serde;
 extern crate dotenv;
@@ -34,16 +35,17 @@ mod schema;
 mod services;
 mod utils;
 
-use actix_web::{HttpServer, App};
+use actix_web::{http, HttpServer, App};
 use actix_service::Service;
 use futures::FutureExt;
 use std::{io, env};
+use std::default::Default;
+use actix_cors::Cors;
 
 #[actix_rt::main]
 async fn main() -> io::Result<()> {
     dotenv::dotenv().expect("Failed to read .env file");
     env::set_var("RUST_LOG", "actix_web=debug");
-
     env_logger::init();
 
     let app_host = env::var("APP_HOST").expect("APP_HOST not found.");
@@ -55,6 +57,14 @@ async fn main() -> io::Result<()> {
 
     HttpServer::new(move || {
         App::new()
+            .wrap(Cors::new() // allowed_origin return access-control-allow-origin: * by default
+                // .allowed_origin("http://127.0.0.1:8080")
+                .send_wildcard()
+                .allowed_methods(vec!["GET", "POST", "PUT", "DELETE"])
+                .allowed_headers(vec![http::header::AUTHORIZATION, http::header::ACCEPT])
+                .allowed_header(http::header::CONTENT_TYPE)
+                .max_age(3600)
+                .finish())
             .data(pool.clone())
             .wrap(actix_web::middleware::Logger::default())
             .wrap(crate::middleware::authen_middleware::Authentication)

src/middleware/authen_middleware.rs

@@ -1,6 +1,7 @@
 use crate::{config::db::Pool, constants, models::response::ResponseBody, utils::token_utils};
 use actix_service::{Service, Transform};
 use actix_web::{
+    http::{Method},
     dev::{ServiceRequest, ServiceResponse},
     Error, HttpResponse,
 };
@@ -12,6 +13,7 @@ use std::{
     pin::Pin,
     task::{Context, Poll},
 };
+use actix_web::http::header::{HeaderName, HeaderValue};
 
 pub struct Authentication;
 
@@ -55,35 +57,42 @@ where
         let mut authenticate_pass: bool = false;
 
         // Bypass some account routes
-        for ignore_route in constants::IGNORE_ROUTES.iter() {
-            if req.path().starts_with(ignore_route) {
-                authenticate_pass = true;
+        debug!("{:?}",req.head_mut().headers());
+        let headers = req.headers_mut();
+        headers.append(HeaderName::from_static("content-length"),HeaderValue::from_static("true"));
+        if Method::OPTIONS == *req.method() {
+            authenticate_pass = true;
+        } else {
+            for ignore_route in constants::IGNORE_ROUTES.iter() {
+                debug!("route:{}",ignore_route);
+                if req.path().starts_with(ignore_route) {
+                    authenticate_pass = true;
+                }
             }
-        }
-
-        if let Some(pool) = req.app_data::<Pool>() {
-            info!("Connecting to database...");
-            if let Some(authen_header) = req.headers_mut().get(constants::AUTHORIZATION) {
-                info!("Parsing authorization header...");
-                if let Ok(authen_str) = authen_header.to_str() {
-                    if authen_str.starts_with("bearer") || authen_str.starts_with("Bearer") {
-                        info!("Parsing token...");
-                        let token = authen_str[6..authen_str.len()].trim();
-                        if let Ok(token_data) = token_utils::decode_token(token.to_string()) {
-                            info!("Decoding token...");
-                            if token_utils::verify_token(&token_data, &pool).is_ok() {
-                                info!("Valid token");
-                                authenticate_pass = true;
-                            } else {
-                                error!("Invalid token");
+            if !authenticate_pass {
+                if let Some(pool) = req.app_data::<Pool>() {
+                    info!("Connecting to database...");
+                    if let Some(authen_header) = req.headers_mut().get(constants::AUTHORIZATION) {
+                        info!("Parsing authorization header...");
+                        if let Ok(authen_str) = authen_header.to_str() {
+                            if authen_str.starts_with("bearer") || authen_str.starts_with("Bearer") {
+                                info!("Parsing token...");
+                                let token = authen_str[6..authen_str.len()].trim();
+                                if let Ok(token_data) = token_utils::decode_token(token.to_string()) {
+                                    info!("Decoding token...");
+                                    if token_utils::verify_token(&token_data, &pool).is_ok() {
+                                        info!("Valid token");
+                                        authenticate_pass = true;
+                                    } else {
+                                        error!("Invalid token");
+                                    }
+                                }
                             }
                         }
                     }
                 }
             }
         }
-
-        error!("{}", constants::MESSAGE_PROCESS_TOKEN_ERROR);
         if authenticate_pass {
             let fut = self.service.call(req);
             Box::pin(async move {

src/schema.rs

@@ -34,4 +34,4 @@ allow_tables_to_appear_in_same_query!(
     login_history,
     people,
     users,
-);
+);