Skip to main content

UserInfo Extractor

Will10/30/24About 1 minArchitecture Concepts

UserInfo Extractor

UserInfo is the core tool for handling user identity verification in our application. It's not just a simple data structure but a powerful Axum Extractor.

Its main goal is: to completely strip the complex logic of authentication from business handlers, making our code cleaner, safer, and easier to maintain.

Core Concept

If you request UserInfo in your function signature, you can be 100% sure that the user is a legitimate, authenticated user when your function executes. No manual checks needed.

Struct Definition

use serde::{Serialize, Deserialize};

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct UserInfo {
    pub username: String,
    pub uid: i64,       // User ID
    pub did: i64,       // Device ID
    pub rid: i64,       // Role ID
    pub token_id: i64,  // Current Token's unique ID
}

Trait Derivation Explanation

  • Debug: Allows printing UserInfo instances with {:?} for debugging.
  • Clone: Allows creating a full copy of UserInfo.
  • Default: Allows creating a default, empty UserInfo instance.
  • Serialize, Deserialize: Provided by serde for JSON serialization/deserialization.

Usage

Using UserInfo in an Axum Handler is simple: just add it as a function parameter.

use crate::extractors::UserInfo;

pub async fn get_profile(user_info: UserInfo) -> Response {
    // user_info.uid, user_info.username are guaranteed to be valid
    ApiResponse::ok(user_info)
}
pub async fn get_profile(
    State(state): State<AppState>,
    headers: HeaderMap,
) -> Response {
    let token = match headers.get("Authorization") {
        Some(val) => val.to_str().unwrap_or(""),
        None => return ApiResponse::unauthorized("Missing Authorization header"),
    };
    // ...manual token parsing and validation...
    // Error-prone and verbose
}

The advantage of the UserInfo extractor is clear.

Core Advantages

  1. Clean Code: Frees handlers from tedious authentication logic.
  2. Separation of Concerns: Authentication logic is encapsulated in the extractor; business logic is in the handler.
  3. Secure by Default: Eliminates the risk of forgetting authentication checks in handlers.
  4. Easy to Maintain: Future auth changes only need modification in one place.
  5. Type-Safe: You get a complete, strongly-typed UserInfo struct.

How It Works

UserInfo implements Axum's FromRequestParts Trait. When Axum prepares to call your handler:

  1. It sees the UserInfo parameter and calls its extraction logic
  2. The logic automatically parses Authorization: Bearer <token> from request headers
  3. If token is missing or malformed, returns 401 Unauthorized
  4. If token exists, validates it and retrieves user info
  5. If token is invalid/expired, returns 401 Unauthorized
  6. Only after all validation succeeds does it construct a UserInfo instance and inject it into your handler