Quick demo of a REST frontend with a Redis session store.

Overview

axum-rest-starter-example

Important Tasks

  • Ensure session UUID is unique
  • Protect /api/ with JWT
  • Add CSRF
  • CORS?

Dev Setup

(1) Run docker compose up to fire up a local Redis server on port 6400.

(2) Create conf/development/config.yml with the following defaults

---
jwt_secret: "resetme"
redis_host_name: "127.0.0.1"
redis_password: replaceme
redis_session_db: 0
redis_port: 6400

(3) Run rustup update and rustup override set stable within the root of the project. You can also run cargo build.

(4) Run DOMAIN=localhost cargo run to run the Axum frontend and visit http://localhost:3000

The domain value set above is used for the session cookie.

API

Any API requests made locally need a valid cookie persisted in Redis. You can simply visit http://localhost:3000 and fetch the cookie value from STDOUT or from a browser debugging console

Frontend

POST /api/v1/drops/drop_id/registrations

curl --location --request POST 'localhost:3000/api/v1/drops/2/registrations' \
--header 'Content-Type: application/json' \
--header 'Cookie: axum-session=AQ+nalsDoBvb3shGpgZA9PVl6aiHivAdB6p3mxMkn3mGn6VZGGzQuIUDlyjdfp2/Qjf96HsHkeLNy/vHVTEMdA==' \
--data-raw '{
  "raffle": {
    "agree_to_join": true,
    "accept_privacy_policy": true
  },
  "registration_form": {
    "firstname": "",
    "lastname": "",
    "address_line1": "",
    "address_line2": "",
    "address_number": "",
    "postcode": "",
    "city": "",
    "state": "",
    "phone_number": "",
    "email": "",
  }
}'

API JWT

/api is protected

For this test, /api/protected is just a testing path. If the client has no valid cookie, the REST middleware layer will return a new cookie. JWT auth sits in top of this, hence the basic session cookie still needs to be provided.

curl --location --request GET 'localhost:3000/api/protected/' \                                                                                        13:45:27
                          --header 'Cookie: axum-session=AQ+nalsDoBvb3shGpgZA9PVl6aiHivAdB6p3mxMkn3mGn6VZGGzQuIUDlyjdfp2/Qjf96HsHkeLNy/vHVTEMdA==' \
                          --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjEwMDAwMDAwMDAwfQ.M3LAZmrzUkXDC1q
5mSzFAs_kJrwuKz3jOoDmjJ0G4gM'
{"error":"Invalid token!"}

/authorize

Notice the JSON data required to obtain an auth token. The client_id and client_secret are set as application configuration secrets (optionally, these can be stored in the DB if we wish).

curl --location --request POST 'localhost:3000/authorize' \                                                                                            13:45:57
                          --header 'Cookie: axum-session=AQ+nalsDoBvb3shGpgZA9PVl6aiHivAdB6p3mxMkn3mGn6VZGGzQuIUDlyjdfp2/Qjf96HsHkeLNy/vHVTEMdA==' \
                          --header 'Content-Type: application/json' \
                          --data-raw '{
                          "client_id": "foo",
                          "client_secret": "bar"
                      }'
{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjEwMDAwMH0.riR9JGJyrgPWbfIsgs1rQyQulAjSezF72ex0hLtp7P4","token_type":"Bearer"}

Any /api path with a valid token

Ensure the JWT token expiration is set correctly, by default we are setting it as 1 hour.

curl --location --request GET 'localhost:3000/api/protected/' \                                                                                        14:33:26
                          --header 'Cookie: axum-session=AQ+nalsDoBvb3shGpgZA9PVl6aiHivAdB6p3mxMkn3mGn6VZGGzQuIUDlyjdfp2/Qjf96HsHkeLNy/vHVTEMdA==' \
                          --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJiQGIuY29tIiwiY29tcGFueSI6IkFDTUUiLCJleHAiOjE2NDI1ODY2MDZ9._uA7XhkcblejqGAGJ
a0ZjLNJ3IxLER_jlPVL3HInCCc'
Welcome to the protected area :)

MSRV

This project is tested agains the most recent stable rust version.

You might also like...
Print Apple WeatherKit REST API weather conditions and hourly/daily foreacast to the console.
Print Apple WeatherKit REST API weather conditions and hourly/daily foreacast to the console.

weatherkit-rust A Rust CLI program to print current conditions and daily/hourly forecast to the console. Please read authorization.md as you need an A

Rust Rocket MongoDB token-authorization REST API boilerplate

Rust Rocket MongoDB token-auth REST API boilerplate In this repository, you can find backend Rust rocket mongodb rest-api boilerplate with token autho

Demo of Rust and axum web framework

Demo of Rust and axum web framework Demonstration of: Rust: programming language that focuses on reliability and stability. axum: web framework that f

Redis backed session store for async-session using fred.rs.

async-fred-session Redis backed session store for async-session using fred.rs. This work is mostly based on async-redis-session. use async_fred_sessio

A Redis module that provides rate limiting in Redis as a single command.

redis-cell A Redis module that provides rate limiting in Redis as a single command. Implements the fairly sophisticated generic cell rate algorithm (G

A frontend to Assets purchased on Epic Games Store
A frontend to Assets purchased on Epic Games Store

Epic-Asset-Manager A frontend to Assets purchased on Epic Games Store Current Screenshot Install Arch Linux Use the AUR package Build flatpak meson _b

RedisLess is a fast, lightweight, embedded and scalable in-memory Key/Value store library compatible with the Redis API.

RedisLess is a fast, lightweight, embedded and scalable in-memory Key/Value store library compatible with the Redis API.

A rust Key-Value store based on Redis.

Key-Value Store A Key-Value store that uses Redis to store data. Built using an async web framework in Rust with a full Command-Line interface and log

High performance and distributed KV store w/ REST API. 🦀
High performance and distributed KV store w/ REST API. 🦀

About Lucid KV High performance and distributed KV store w/ REST API. 🦀 Introduction Lucid is an high performance, secure and distributed key-value s

In-memory, non stateful and session based code sharing application.

interviewer In-memory, non stateful and session based code sharing application. Test it here: interviewer.taras.lol Note: it's deployed to render auto

Session-lived containers for advanced browser-based applications.
Session-lived containers for advanced browser-based applications.

Spawner is a bridge between a web application and Kuberenetes. It allows a web application to create session-lived containers that serve WebSocket or HTTP connections.

A Rust Boilerplate server with GraphQL API, Diesel, PostgreSQL, session authentication and JWT
A Rust Boilerplate server with GraphQL API, Diesel, PostgreSQL, session authentication and JWT

Canduma rust Graphql A Rust authentication server with GraphQL API, Diesel, PostgreSQL session authentication and JWT This repository contains a Graph

 Serenade: Low-Latency Session-Based Recommendations
Serenade: Low-Latency Session-Based Recommendations

Serenade: Low-Latency Session-Based Recommendations This repository contains the official code for session-based recommender system Serenade, which em

🪪 Session-based user authentication for Axum.

axum-login 🪪 Session-based user authentication for Axum. 🎨 Overview axum-login is a Tower middleware providing session-based user authentication for

Authorize an ssh session using your keys on GitHub.

GitHub AuthorizedKeysCommand (hubakc) Heavily inspired by https://github.com/sequencer/gitakc . It allows someone login to the server using their ssh

QML (Qt Quick) bindings for Rust language

QML-rust - bindings for Qt Quick Bindings are based on DOtherSide C bindings for QML Library is mostly feature-compliant with other bindings based on

Build smaller, faster, and more secure desktop applications with a web frontend.
Build smaller, faster, and more secure desktop applications with a web frontend.

TAURI Tauri Apps footprint: minuscule performance: ludicrous flexibility: gymnastic security: hardened Current Releases Component Descrip

Example application using a Vue frontend with Rust backend that has authentication + authorization.

This project contains a Rust server that serves a single page application and has authentication + JWT-based authorization.

rust-analyzer is a modular compiler frontend for the Rust language
rust-analyzer is a modular compiler frontend for the Rust language

rust-analyzer is a modular compiler frontend for the Rust language. It is a part of a larger rls-2.0 effort to create excellent IDE support for Rust.

Comments
  • Use `async-redis-session`

    Use `async-redis-session`

    It should be noted that async-redis-session is no longer being maintained (properly) and relies on an older version of the redis crate.

    Therefore I've attempted to vendor this, but it's internal code remains untested, until this PR is ready.

    enhancement 
    opened by bsodmike 0
Owner
Michael de Silva
I am a seasoned software engineer with professional experience since 2010 working as a consultant / Senior engineer. More info at desilva.io
Michael de Silva
🪪 Session-based user authentication for Axum.

axum-login ?? Session-based user authentication for Axum. ?? Overview axum-login is a Tower middleware providing session-based user authentication for

Max Countryman 99 Jan 5, 2023
Perseus is a blazingly fast frontend web development framework built in Rust with support for major rendering strategies

Perseus is a blazingly fast frontend web development framework built in Rust with support for major rendering strategies, reactivity without a virtual DOM, and extreme customizability

arctic_hen7 1.2k Jan 8, 2023
example of a full stack web app (backend and frontend) wrtiten in Rust

rust-fullstack-example An example of creating a full stack web application (backend and frontend) using Rust. Backend Go to ./backend and start the se

mario 41 Dec 16, 2022
A GUI frontend in Rust based on web-view

neutrino I am not working anymore on this project. If you want to become a maintainer of neutrino, please answer to this issue. Preamble Docs | Repo |

null 287 Nov 25, 2022
A simple authentication flow using Rust and Actix-web, with a PostgreSQL database and a sveltekit frontend.

Rust-auth-example This repository aims to represent a simple authentication flow using Rust and Actix-web, with a PostgreSQL database and a sveltekit

Kival Mahadew 4 Feb 19, 2023
Rust HTTP API Template using PostgreSQL, Redis, RabbitMQ, and Hexagonal Architecture

Rust Template HTTP API Rust API Template using PostgreSQL, Redis, RabbitMQ, and Hexagonal Architecture The following template provides a basic structu

Paulo Bressan 7 Jun 9, 2023
REST API server that abstracts the need to write CRUD methods by exposing a standardized API to interact with a Postgres database

Basiliq Exposing a Postgres database via a REST API that follows the JSON:API specs. All in all, a tasty API. What is Basiliq Quickstart Ready to use

Basiliq 54 Apr 21, 2022
Grape is a REST-like API framework for Ruby

Grape is a REST-like API framework for Ruby. It's designed to run on Rack or complement existing web application frameworks such as Rails and Sinatra by providing a simple DSL to easily develop RESTful APIs. It has built-in support for common conventions, including multiple formats, subdomain/prefix restriction, content negotiation, versioning and much more.

Ruby Grape 9.7k Jan 2, 2023
Rust Rest API Stack with User Management

A secure-by-default rest api stack implemented with hyper, tokio, bb8 and postgres. This project is focused on providing end-to-end encryption by default for 12-factor applications. Includes a working user management and authentication backend written in postgresql with async S3 uploading for POST-ed data files.

Jay 10 Dec 25, 2022
A customizable, simple and easy to use json REST API consumer

JACK is a generic JSON API client. It is useful to interact with APIs from multiple services such as Google and Twitter

Mente Binária 6 May 22, 2022