#[Actix Web] working with role based authentication

I am building a web app with a login and a profile page. As you may know there are various ways to achieve auth, and the most familiar I am with is JWT. My plan was to create a JWT for each user and have them send it as in a HTTP header Authorization Bearer. For this I hoped to use the crate jsonwebtoken which enabled me to create and decode jwts, and I could inspect them on the server side, but I don't know how to proceed. Is there a concept of "filter" for certain protected routes in actix?

The other thing I saw in relation to login Session from actix_session and actix_identity. Although I've not researched them thoroughly, I am cautious if I want to commit to them or continue using JWT for authentication and authorization. What is the common wisdom when it comes to protected routes in actix web?

Here's how I handle authentication for Rust Explorer:

Create a middleware that parses the token, renew it if it expires, and attach it to the request

req.extensions_mut().insert::<SessionToken>(parsed_token);

Create an extractor that take the SessionToken

let extensions = req.extensions();
let token = extensions.get::<SessionToken>();

If SessionToken is missing return 401 error.

Can you point me to a file that does this? I want to see more code

There's a blog post about it, but I can't find it.

Here's my middleware:

the extractor: