- Update
tower-sessionsto 0.13.0
- Update dev dependencies; placate docs.rs
- Avoid unnecessary clone #225
- Replace
ringwithsubtle#216
This makes using axum-login with targets like wasm32-unknown-unknown easier, as ring required C and assembly whereas subtle is a pure Rust constant time comparator.
- Update
tower-sessionsto 0.12.0
As of this update, signed and encrypted session cookies are supported.
- Update
tower-sessionsto 0.11.0
This updates tower-sessions to its latest release, which itself contains breaking changes.
Please review those changes for more details.
- Record user id on span when available. #160
Breaking Changes
- Update
tower-sessionsto 0.10.0
This updates tower-sessions to its latest release, which itself contains breaking changes, especially with regard to previously-bundled session stores.
Please review those changes for more details.
Breaking Changes
- Make service infallible.
This follows along with the upstream changes to tower-sessions, where
we made it such that the sessions middleware will not directly result in
an error.
Here we do the same and in doing so are able to use the layer directly
with axum. This should reduce boilerplate.
- Relax trait bounds such that e.g.
Credentialsdo not requireClone. ##157
- Ensure correct redirect uri query handling. #155
- Address request URI prefix truncation in nested routes by using
OriginalUriextractor. #153
Breaking Changes
- Update
tower-sessionsto 0.8.0; this introduces lazy sessions. #132
This is a significant update to the session API, which now requires awaiting its methods. That said, changes to this crate are fairly minimal.
- Ensure
httpis referenced apropriately in macros.
- Ensure
predicate_requiredis invoked correctly.
Breaking Changes
- Update
tower-sessionsto 0.7.0.
This includes support for axum 0.7.0.
Breaking Changes
- Update
tower-sessionsto 0.6.0; this removesreplace_if_equaland addressed a performance bottleneck.
** Other Changes**
- Make
DATA_KEYconfigurable. #109
Breaking changes
- Update
tower-sessionsto 0.5.0; this changes the default session cookie name from "tower.sid" to "id".
Note that applications using the old default, "tower.sid", may continue to do so without disruption by specifying with_name("tower.sid").
Other changes
- Ensure session error type is accessible. #120
- Fix
permission_requiredmacro. #116 and 7a6720a
- Ensure middleware-producing macros (
login_required,permission_required, andpredicate_required) use crate dependencies. - Re-organize into a workspace such that examples are self-contained crates.
We have entirely reimagined this crate's API, having now rewritten it to use tower-sessions.
The upshot of this is issues with deadlocks are a thing of the past. However, applications that rely on prior versions of the crate will have to evaluate the new API and decide if it's appropriate to migrate or not.
Please review the documentation for an overview of the new API.
BREAKING CHANGES:
- Provide
UserwithoutOption#70 - Use associated type
ErrorinUserStoreinstead of eyre for error handling #69 - Make
role_boundsoptional #67
OTHER CHANGES
- Introduce
DefaultQueryProviderforsqlxstores #72 - Update
towerto0.4.0 - Add optional redirect in
RequireAuthorizationLayer
BREAKING CHANGES:
- Parametrize the
UserIdtype (formerly hard-coded toString) inAuthUser,AuthContext, andRequireAuthorizationLayer. SqlxStore: Removewith_table_nameandwith_column_namein favor ofwith_query.
OTHER CHANGES:
- Add this changelog 🎉
- Extend .gitignore
- Bump
axum-sessionsto 0.5.0
- Expose
sqlx_store::SqlxStorePR #31 - Update README example
- Bump Axum to 0.6.0
- Introduce a
secrecyfeature
- Implement role bounds
- Implement
PartialOrdforRole - Implement a role-based
RequireAuthorizationLayer - Implement basic RBAC support
- Add an example to require a special user field value
- Remove
std::fmt::DebugfromAuthUserrequirements - Add
oauthexample
- General fixes and improvements
- Initial release 🎉