High-level http auth extractors for axum

Overview

Axum Auth

High-level http auth extractors for axum

Usage

Bearer Authentication:

use axum_auth::AuthBearer;
 
/// Handler for a typical axum route, takes a `token` and returns it
async fn handler(AuthBearer(token): AuthBearer) -> String {
    format!("Found a bearer token: {}", token)
}

Basic Authentication:

use axum_auth::AuthBasic;
 
/// Takes basic auth details and shows a message
async fn handler(AuthBasic((id, password)): AuthBasic) -> String {
    if let Some(password) = password {
        format!("User '{}' with password '{}'", id, password)
    } else {
        format!("User '{}' without password", id)
    }
}

Check out the crate documentation for more in-depth information into how both of these methods work!

Installation

Simply place the following inside of your Cargo.toml file:

[dependencies]
axum-auth = "0.1"

Security

Some essential security considerations to take into account are the following:

  • This crate has not been audited by any security professionals. If you are willing to do or have already done an audit on this crate, please create an issue as it would help out enormously! 😊
  • This crate purposefully does not limit the maximum length of headers arriving so please ensure your webserver configurations are set properly.

Licensing

This project is dual-licensed under both the MIT and Apache, so feel free to use either at your discretion.

Comments
  • Release 4.0

    Release 4.0

    Support for axum 0.6 was implemented in #9, there are some final featured I'd like to add before publishing 4.0:

    • [x] Integration testing
    • [x] Split out decoding & traits
    • [x] Possibly #8 here
    • [x] Better documentation for errors
    release 
    opened by Owez 3
  • Doesn't compile on Axum 0.6.0-rc2

    Doesn't compile on Axum 0.6.0-rc2

    error:

    the trait Handler<_, _, _> is not implemented for fn(Extension<NotifyApplication>, HeaderMap, AuthBasic, axum::Json<Notification>) -> impl Future<Output = impl IntoResponse> {push}

    bug enhancement 
    opened by bigknife 3
  • ability to adjust rejection

    ability to adjust rejection

    Currently it just fails with a Bad Request.

    It would be useful if one could change it to set the header WWW-Authorization with Basic and status UNAUTHORIZED to trigger the client to specify the missing Authorization header.

    enhancement good first issue 
    opened by Zerowalker 2
  • More example code?

    More example code?

    I'm trying to use axum-auth in an Axum handler like this:

    async fn root_handler(
        ww: Extension<WorkstateWrapper>,
        AuthBasic((user_id, password)): AuthBasic
    ) -> Result<Html<String>, StatusCode> {
    ...
    

    But as there is no authentication header yet, I simply end up with a

    400 Bad Request: "`Authorization` header is missing
    

    I'm looking for some way to test if the authorization header exists, and if not, send an 401 response along with a WWW-Authenticate header. Should the test somehow happen before the handler is called by the Router? - If so: How?

    Can some more example code be added which shows how to use axum-auth in a slightly more real-world scenario?

    opened by troelsarvin 2
  • Example susceptible to timing attacks

    Example susceptible to timing attacks

    I’m not a security expert or anything, bit your example looks susceptible to timing attacks: if let Some(password) = password {. This comparison should better run in constant time.

    In the real world there may be used hashing anyway, but there is still a chance that someone just copies this and so this should be improved in my opinion.

    opened by gralpli 1
Owner
Owez
I'm Owen Griffiths, a developer and student currently residing in Liverpool, UK.
Owez
An auth system/library for Rust applications

Rust : Forbidden (WIP) An experimental auth library for Rust applications. Goals This crate is to define a common set of traits and idioms to provide

Mario Montoya 9 Nov 8, 2022
Command line login for SRun Auth Gateway

SRun Login for Rust Command line login for SRun Auth Gateway. Usage ./srun_login AUTH_GW_ENDPOINT AC_ID LOCAL_IP USERNAME PASSWORD eg: ./srun_login "h

lookas 1 Oct 20, 2021
Small crate to extend `reqwest` to be able to send with digest auth flow.

diqwest This crate extends reqwest to be able to send requests with digest auth flow. It is currently implemented for async usage only. When you send

Mathias Oertel 14 Aug 29, 2022
A HTTP Filter checking for OIDC Authentication, made for Envoy Plugins, written in Rust

WASM OIDC Plugin A plugin for Envoy written in Rust. It is a HTTP Filter, that implements the OIDC Authorization Code Flow. Requests sent to the filte

Anton Engelhardt 5 Jul 7, 2023
axum-serde is a library that provides multiple serde-based extractors and responders for the Axum web framework.

axum-serde ?? Overview axum-serde is a library that provides multiple serde-based extractors / responses for the Axum web framework. It also offers a

GengTeng 3 Dec 12, 2023
Layers, extractors and template engine wrappers for axum based Web MVC applications

axum-template Layers, extractors and template engine wrappers for axum based Web MVC applications Getting started Cargo.toml [dependencies] axum-templ

Altair Bueno 11 Dec 15, 2022
Htmx extractors and request guards for axum.

axum-htmx axum-htmx is a small extension library providing extractors and request guards for the various htmx headers within axum. Additionally, the l

Rob 5 Aug 14, 2023
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
Simple example of axum, sqlx with sqlite and utoipa (swagger) - without auth

axum_crud_api Simple example to learn creating CRUD rest apis in Rust with axum, sqlx with sqlite and utoipa (swagger) - without auth Also shows how t

null 2 Nov 12, 2022
An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC.

?? H123 An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC. Warning This is an experimental project and not inte

Naoki Ikeguchi 7 Dec 15, 2022
Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes.

Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and a

Scott Lamb 3 Jun 10, 2022
In-progress extractors and middleware for Actix Web

actix-web-lab Experimental extractors, middleware, and other extras for possible inclusion in Actix Web. Things To Know About This Crate It will never

Rob Ede 51 Dec 20, 2022
axum-server is a hyper server implementation designed to be used with axum framework.

axum-server axum-server is a hyper server implementation designed to be used with axum framework. Features Conveniently bind to any number of addresse

null 79 Jan 4, 2023
A more modern http framework benchmarker supporting HTTP/1 and HTTP/2 benchmarks.

rewrk A more modern http framework benchmark utility.

Harrison Burt 273 Dec 27, 2022
An auth system/library for Rust applications

Rust : Forbidden (WIP) An experimental auth library for Rust applications. Goals This crate is to define a common set of traits and idioms to provide

Mario Montoya 9 Nov 8, 2022
Postgres proxy which allows tools that don't natively supports IAM auth to connect to AWS RDS instances.

rds-iamauth-proxy rds-proxy lets you make use of IAM-based authentication to AWS RDS instances from tools that don't natively support that method of a

Gold Fig Labs Inc. 10 Nov 7, 2022
Command line login for SRun Auth Gateway

SRun Login for Rust Command line login for SRun Auth Gateway. Usage ./srun_login AUTH_GW_ENDPOINT AC_ID LOCAL_IP USERNAME PASSWORD eg: ./srun_login "h

lookas 1 Oct 20, 2021
Small crate to extend `reqwest` to be able to send with digest auth flow.

diqwest This crate extends reqwest to be able to send requests with digest auth flow. It is currently implemented for async usage only. When you send

Mathias Oertel 14 Aug 29, 2022
Very experimental Python bindings for the Rust biscuit-auth library

Overview This is a very experimental take on Python bindings for the biscuit_auth Rust library. It is very much a work in progress (limited testing, m

Josh Wright 5 Sep 14, 2022
Simple RESTful API in rust created with actix-web. (Routing, models, JWT auth).

rust-simple-api Simple RESTful API created with rust, actix-web, Diesel, JWT. Running application Manual Firstly generate a secret.key which will be u

null 2 Jul 30, 2022