Awesome full-stack template using Yew and Rust

Overview

Docker + Actix + Yew Full Stack Template

IMAGE ALT TEXT

πŸ‘¨β€πŸ’» YouTube videos

  1. Full Stack Rust App Template using Yew + Actix! https://youtu.be/oCiGjrpGk4A
  2. Add Docker to your full stack Rust app Actix + Yew App https://youtu.be/YzjFk694bFM
  3. SERVER SIDE OAUTH with Actix Web, Yew and Rust (analyzing GRAMMARLY) https://youtu.be/Wl8oj3KYqxM
  4. I added a Database To Our YEW ACTIX Template To Store Users And OAuth Tokens. https://youtu.be/ENgMHIQk7T8

πŸ‘‰ Join our Discord Community

You can join our Discord Community, here is the invite link.

πŸ‘¨β€πŸ’» Project Structure

Contains 3 sub-projects

  1. actix-api: actix web server
  2. yew-ui: Yew frontend
  3. types: json serializable structures used to communicate the frontend and backend.

Dockerized workflow

  1. Install docker
  2. Run one of the supported make commands
make test
make up
make down
make build

OAuth2

This template supports OAuth2 via yew-auth, to configure client_id and other secrets, read the docker-compose => https://github.com/security-union/yew-actix-template/blob/main/docker/docker-compose.yaml

Copy docker/.env-sample to docker/.env and fill in the variables. Assuming that you want to use Google as your OAuth provider, you will need to generate OAuth 2.0 credentials using a Google Cloud developer account.

Once you have a Google Cloud developer account, you can generate the values for the OAUTH_CLIENT_ID and OAUTH_SECRET variables using the following steps: Setting up OAuth 2.0. As part of registering your web app with Google Cloud to associate with the OAuth credentials, you will need to configure your app to request the following scopes: email, profile, and openid.

Comments
  • unknown shorthand flag: 'f' in -f

    unknown shorthand flag: 'f' in -f

    I get the error in the title when running make up. Ubuntu 22.04 LTS.

    sudo apt install docker
    ...
    ~/repos/yew-actix-template$ make up
    docker compose -f docker/docker-compose.yaml up
    unknown shorthand flag: 'f' in -f
    See 'docker --help'.
    
    opened by slater1 3
  • No git tags

    No git tags

    Hi, and great content btw.

    I've noticed that you don't use tags at all that allow people to see just the content that has changed for specific videos. For example, after watching the first video, I would like to see the code that you used and showed in that video. Unfortunately, after going to the github link here, I can only see the whole codebase created from ALL the videos. This makes it difficult to understand what is related to just starting up actix and yew (as seen in video 1) and what is for all the other content in later videos.

    Using git tags would allow me to grab a specific version matching the video I am watching. It would also allow me to diff between versions to see what changed too.

    Would it be possible to add tags that synchronise with the released videos on youtube? Thanks.

    opened by rocket-matt 3
  • Allow setting UI and API ports via env var

    Allow setting UI and API ports via env var

    Make sure the UI and API respect any values set for ACTIX_PORT and TRUNK_SERVE_PORT. Have these values default to ACTIX_PORT=8080 and TRUNK_SERVE_PORT=80 in the absence of any .env file.

    opened by resnickmicah 3
  • RUSTSEC-2023-0044: `openssl` `X509VerifyParamRef::set_host` buffer over-read

    RUSTSEC-2023-0044: `openssl` `X509VerifyParamRef::set_host` buffer over-read

    openssl X509VerifyParamRef::set_host buffer over-read

    | Details | | | ------------------- | ---------------------------------------------- | | Package | openssl | | Version | 0.10.45 | | URL | https://github.com/sfackler/rust-openssl/issues/1965 | | Date | 2023-06-20 | | Patched versions | >=0.10.55 |

    When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • RUSTSEC-2023-0034: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

    RUSTSEC-2023-0034: Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

    Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

    | Details | | | ------------------- | ---------------------------------------------- | | Package | h2 | | Version | 0.3.15 | | URL | https://github.com/hyperium/hyper/issues/2877 | | Date | 2023-04-14 | | Patched versions | >=0.3.17 |

    If an attacker is able to flood the network with pairs of HEADERS/RST_STREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use, and eventually trigger Out Of Memory.

    This flaw is corrected in hyperium/h2#668, which restricts remote reset stream count by default.

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

    RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

    openssl X509Extension::new and X509Extension::new_nid null pointer dereference

    | Details | | | ------------------- | ---------------------------------------------- | | Package | openssl | | Version | 0.10.45 | | URL | https://github.com/sfackler/rust-openssl/pull/1854 | | Date | 2023-03-24 | | Patched versions | >=0.10.48 |

    These functions would crash when the context argument was None with certain extension types.

    Thanks to David Benjamin (Google) for reporting this issue.

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • RUSTSEC-2023-0023: `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

    RUSTSEC-2023-0023: `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

    openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

    | Details | | | ------------------- | ---------------------------------------------- | | Package | openssl | | Version | 0.10.45 | | URL | https://github.com/sfackler/rust-openssl/pull/1854 | | Date | 2023-03-24 | | Patched versions | >=0.10.48 |

    SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3_EXT_nconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads.

    Thanks to David Benjamin (Google) for reporting this issue.

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • RUSTSEC-2023-0022: `openssl` `X509NameBuilder::build` returned object is not thread safe

    RUSTSEC-2023-0022: `openssl` `X509NameBuilder::build` returned object is not thread safe

    openssl X509NameBuilder::build returned object is not thread safe

    | Details | | | ------------------- | ---------------------------------------------- | | Package | openssl | | Version | 0.10.45 | | URL | https://github.com/sfackler/rust-openssl/pull/1854 | | Date | 2023-03-24 | | Patched versions | >=0.10.48 |

    OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

    Thanks to David Benjamin (Google) for reporting this issue.

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • RUSTSEC-2023-0018: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

    RUSTSEC-2023-0018: Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

    Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

    | Details | | | ------------------- | ---------------------------------------------- | | Package | remove_dir_all | | Version | 0.5.3 | | URL | https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead | | Date | 2023-02-24 | | Patched versions | >=0.8.0 |

    The remove_dir_all crate is a Rust library that offers additional features over the Rust standard library fs::remove_dir_all function.

    It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems.

    For instance, consider deleting a tree called 'etc' in a parent directory called 'p'. Between calling remove_dir_all("a") and remove_dir_all("a") actually starting its work, the attacker can move 'p' to 'p-prime', and replace 'p' with a symlink to '/'. Then the privileged process deletes 'p/etc' which is actually /etc, and now your system is broken. There are some mitigations for this exact scenario, such as CWD relative file lookup, but they are not guaranteed - any code using absolute paths will not have that protection in place.

    The same attack could be performed at any point in the directory tree being deleted: if 'a' contains a child directory called 'etc', attacking the deletion by replacing 'a' with a link is possible.

    The new code in this release mitigates the attack within the directory tree being deleted by using file-handle relative operations: to open 'a/etc', the path 'etc' relative to 'a' is opened, where 'a' is represented by a file descriptor (Unix) or handle (Windows). With the exception of the entry points into the directory deletion logic, this is robust against manipulation of the directory hierarchy, and remove_dir_all will only delete files and directories contained in the tree it is deleting.

    The entry path however is a challenge - as described above, there are some potential mitigations, but since using them must be done by the calling code, it is hard to be confident about the security properties of the path based interface.

    The new extension trait RemoveDir provides an interface where it is much harder to get it wrong.

    somedir.remove_dir_contents("name-of-child").

    Callers can then make their own security evaluation about how to securely get a directory handle. That is still not particularly obvious, and we're going to follow up with a helper of some sort (probably in the fs_at crate). Once that is available, the path based entry points will get deprecated.

    In the interim, processes that might run with elevated privileges should figure out how to securely identify the directory they are going to delete, to avoid the initial race. Pragmatically, other processes should be fine with the path based entry points : this is the same interface std::fs::remove_dir_all offers, and an unprivileged process running in an attacker controlled directory can't do anything that the attacker can't already do.

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • RUSTSEC-2023-0001: reject_remote_clients Configuration corruption

    RUSTSEC-2023-0001: reject_remote_clients Configuration corruption

    reject_remote_clients Configuration corruption

    | Details | | | ------------------- | ---------------------------------------------- | | Package | tokio | | Version | 1.19.2 | | URL | https://github.com/tokio-rs/tokio/security/advisories/GHSA-7rrj-xr53-82p7 | | Date | 2023-01-04 | | Patched versions | >=1.18.4, <1.19.0,>=1.20.3, <1.21.0,>=1.23.1 | | Unaffected versions | <1.7.0 |

    On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

    This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

    The default setting of reject_remote_clients is normally true meaning the default is also overriden as false.

    Workarounds

    Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

    let mut opts = ServerOptions::new();
    opts.pipe_mode(PipeMode::Message);
    opts.reject_remote_clients(true);
    

    See advisory page for additional details.

    opened by github-actions[bot] 0
  • Docker improvement: create volume for caching ui and actix binaries.

    Docker improvement: create volume for caching ui and actix binaries.

    Right now we bind EVERYTHING under ../ to /app this is expensive, especially on mac os, which leads to longer compile times.

    This fixes that by creating volumes for both the UI and actix-web to keep its cached compiled binaries.

    opened by darioalessandro 0
Owner
Security Union
Security Union
Stack buffer provides alternatives to Buf{Reader,Writer} allocated on the stack instead of the heap.

StackBuf{Reader,Writer} Stack buffer provides alternatives to BufReader and BufWriter allocated on the stack instead of the heap. Its implementation i

Alex Saveau 14 Nov 20, 2022
A digital audio workstation for all platforms that is libre, gratis, and awesome

?? Dawsome [WIP] A DAW build on React + Rust + WASM Available Scripts In the project directory, you can run: pnpm dev Tauri will open a new window wit

Noah Bennett 9 Dec 14, 2022
SimpleX Chat GUI built with Rust, Tauri and Yew

simplex-desktop A desktop application for simplex-chat. WIP, contributions are welcome. Architecture For the back end we rust with tauri and frontend

Simon Shine 5 Feb 28, 2023
A fork of yew-router

Yew Router (fork) This is fork of version 0.15 of the yew-router. Motivation The main motivation behind the fork is the lack of nested router support

Jens Reimann 2 Jan 4, 2022
This is a small demo to accompany the Tauri + Yew tutorial

Tauri + Yew Demo This is a small demo to accompany the Tauri + Yew tutorial

Steve Pryde 94 Jan 2, 2023
A lightning fast state management module for Yew.

yewv A lightning fast state management module for Yew built with performance and simplicity as a first priority. Who is this for? If you wish to use a

null 7 Dec 8, 2022
A framework experience for Yew.

stackable A framework experience for Yew. Stackable provides a development stack with: Tooling around Server-side Rendering Support. An easy-to-use, S

Kaede Hoshikawa 8 Dec 30, 2022
Styling framework for Yew βœ‚

??‍♂️ + ?? -> Hallings - components for Yew ❓ Purpose What if there existed a couple of pre-built components for yew like password strength checker or

David StyrbjΓΆrn 3 Jan 6, 2023
Scaffold that provides a basic setup for a Yew app with DaisyUI for styling.

Yew and Tailwind CSS Scaffold This scaffold provides a basic setup for a Yew app with Tailwind CSS for styling. It also includes DaisyUI, a Tailwind C

Alessio Marchi 6 Mar 3, 2023
Error context library with support for type-erased sources and backtraces, targeting full support of all features on stable Rust

Error context library with support for type-erased sources and backtraces, targeting full support of all features on stable Rust, and with an eye towards serializing runtime errors using serde.

Findora Foundation 1 Feb 12, 2022
Full tutorial on coding AI function calling in Rust programming by [Jeremy Chone](https://youtube.com/jeremychone)

Full tutorial on coding AI function calling in Rust programming by Jeremy Chone. We will be using the OpenAI API, but similar approaches can be applie

null 14 May 26, 2024
A VtubeStudio plugin that allows iFacialMocap to stream data to the app, enabling full apple ARkit facial tracking to be used for 2D Vtuber models.

facelink_rs A VtubeStudio plugin that allows iFacialMocap to stream data to the app, enabling full apple ARkit facial tracking to be used for 2D Vtube

Slashscreen 2 May 6, 2022
A box full of utilities, a unworthy replacement for coreutils / busybox / toybox.

Gearbox A box full of utilities, a unworthy replacement for coreutils / busybox / toybox. List of content How to setup Systems Ubuntu Arch How to buil

Gemlock 5 Jul 21, 2022
Stack unwinding library in Rust

Unwinding library in Rust and for Rust This library serves two purposes: Provide a pure Rust alternative to libgcc_eh or libunwind. Provide easier unw

Gary Guo 51 Nov 4, 2022
A Bancho implementation made in Rust for the *cursed* stack.

cu.rs A Bancho implementation made in Rust for the cursed stack. THIS PROJECT IS REALLY UNFINISHED AND IN ITS EARLY STAGES A drag and drop replacement

RealistikOsu! 5 Feb 1, 2022
Rust macro to make recursive function run on the heap (i.e. no stack overflow).

Decurse Example #[decurse::decurse] // ?? Slap this on your recursive function and stop worrying about stack overflow! fn factorial(x: u32) -> u32 {

Wisha W. 18 Dec 28, 2022
A stack for rust trait objects that minimizes allocations

dynstack A stack for trait objects that minimizes allocations COMPATIBILITY NOTE: dynstack relies on an underspecified fat pointer representation. Tho

Gui Andrade 114 Nov 28, 2022
A stack-allocated box that stores trait objects.

This crate allows saving DST objects in the provided buffer. It allows users to create global dynamic objects on a no_std environment without a global allocator.

Aleksey Sidorov 19 Dec 13, 2022
A memory efficient immutable string type that can store up to 24* bytes on the stack

compact_str A memory efficient immutable string type that can store up to 24* bytes on the stack. * 12 bytes for 32-bit architectures About A CompactS

Parker Timmerman 342 Jan 2, 2023