Actix-web content and request encryption?

I recently migrated to actix-web from express (Node.js). I'm using actix-web server as an API server.

In express, I used to create my own encryption middleware. The data from client is already encrypted. So I just need to take any request body as a raw data, and convert it into json format if the key is valid. the json / data will be then pass to next middleware

Does actix-web support that kind of middleware or How is it usually done?

Does this page from the docs help?

1 Like

Kinda helps. that page doesn't explain nor give an example on how to manipulate or completely change the request's body.

Have a look here. It contains docs and links to existing middleware that could be used as an example.

Out of sheer curiousity, what threat model does this scheme address, and how does HTTPS fall short of addressing it?

Actix middlewares receive ownership of the ServiceRequest, and are able to do as they like with it. They are expected to pass a ServiceRequest onwards to the next middleware or onwards to the final application, but nothing says it has to be the same one they received. If you want to transform the body, you can do that - it's in the Payload part of the service request.

The from_parts and into_parts methods can help you pull apart the service request into something you can manipulate and compose the result into a new request.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.