For the session_auth_axum example, move the passhash into a separate non-serializable struct. #2446
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
non-serializable struct. This prevents it from being returned in the get_user() API, and prevents it from being unintentionally returned on any new API the end-user may create on top of this example code.
|
LGTM, thanks for your contribution! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current example for
session_auth_axumhas a serializableUserstruct which contains the user's hashed password:https://github.com/leptos-rs/leptos/blob/fda4dba2370fdb4f5f81961bdeb7ca139d2e612d/examples/session_auth_axum/src/auth.rs#L5C1-L11C2
This change separates the password hash into a new, non-serializable struct to prevent it from being returned to the client. Existing auth logic is modified to use new versions of
User::getandUser::get_from_usernamewhich return(User, UserPasshash)tuples.