Using secrecy 0.8

modified session_key.rs to impl secrecy::Zeroize for SessionKey
modified session.rs in attempts of adding secrecy::Secret<SessionKey> to InnerSession struct.

Author: miketwenty1

actix-session/Cargo.toml

@@ -30,7 +30,10 @@ redis-rs-tls-session = ["redis-rs-session", "redis/tokio-native-tls-comp"]
 [dependencies]
 actix-service = "2"
 actix-utils = "3"
-actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies"] }
+actix-web = { version = "4", default_features = false, features = [
+  "cookies",
+  "secure-cookies",
+] }
 
 anyhow = "1"
 async-trait = "0.1"
@@ -44,14 +47,27 @@ tracing = { version = "0.1.30", default-features = false, features = ["log"] }
 actix = { version = "0.13", default-features = false, optional = true }
 actix-redis = { version = "0.12", optional = true }
 futures-core = { version = "0.3.7", default-features = false, optional = true }
+secrecy = "0.8"
 
 # redis-rs-session
-redis = { version = "0.21", default-features = false, features = ["aio", "tokio-comp", "connection-manager"], optional = true }
+redis = { version = "0.21", default-features = false, features = [
+  "aio",
+  "tokio-comp",
+  "connection-manager",
+], optional = true }
 
 [dev-dependencies]
-actix-session = { path = ".", features = ["cookie-session", "redis-actor-session", "redis-rs-session"] }
+actix-session = { path = ".", features = [
+  "cookie-session",
+  "redis-actor-session",
+  "redis-rs-session",
+] }
 actix-test = "0.1.0-beta.10"
-actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies", "macros"] }
+actix-web = { version = "4", default_features = false, features = [
+  "cookies",
+  "secure-cookies",
+  "macros",
+] }
 env_logger = "0.9"
 log = "0.4"
 

actix-session/src/session.rs

@@ -17,6 +17,8 @@ use anyhow::Context;
 use derive_more::{Display, From};
 use serde::{de::DeserializeOwned, Serialize};
 
+use crate::storage::SessionKey;
+
 /// The primary interface to access and modify session state.
 ///
 /// [`Session`] is an [extractor](#impl-FromRequest)—you can specify it as an input type for your
@@ -77,6 +79,7 @@ impl Default for SessionStatus {
 struct SessionInner {
     state: HashMap<String, String>,
     status: SessionStatus,
+    session_key: SessionKey,
 }
 
 impl Session {
@@ -101,7 +104,13 @@ impl Session {
             Ok(None)
         }
     }
-
+    /// Get a the session key itself from the overall session.
+    ///
+    /// Needs to be implemented
+    pub fn get_session_key(&self) -> secrecy::Secret<SessionKey> {
+        let key = self.0.borrow().session_key.clone();
+        secrecy::Secret::new(key)
+    }
     /// Get all raw key-value data from the session.
     ///
     /// Note that values are JSON encoded.

actix-session/src/storage/session_key.rs

@@ -17,8 +17,8 @@ use derive_more::{Display, From};
 /// let session_key: Result<SessionKey, _> = key.try_into();
 /// assert!(session_key.is_err());
 /// ```
-#[derive(Debug, PartialEq, Eq)]
-pub struct SessionKey(String);
+#[derive(Debug, PartialEq, Eq, Default, Clone)]
+pub struct SessionKey(pub String);
 
 impl TryFrom<String> for SessionKey {
     type Error = InvalidSessionKeyError;
@@ -41,6 +41,12 @@ impl AsRef<str> for SessionKey {
     }
 }
 
+impl secrecy::Zeroize for SessionKey {
+    fn zeroize(&mut self) {
+        self.0.zeroize();
+    }
+}
+
 impl From<SessionKey> for String {
     fn from(key: SessionKey) -> Self {
         key.0