A Rust Boilerplate server with GraphQL API, Diesel, PostgreSQL, session authentication and JWT

Related tags

Web programming graphql juniper jwt-token micro-service actix actix-web boilerplate-rust
Overview

MIT license Status Status

Canduma rust Graphql

A Rust authentication server with GraphQL API, Diesel, PostgreSQL session authentication and JWT

This repository contains a GraphQL server with JWT up and running quickly.

It uses actix-web, Juniper, Diesel and jsonwebtoken

Your own pull requests are welcome!

Benchmarks with insert into PostgreSQL

▶ ./bombardier -c 125 -n 10000000 http://localhost:3000/graphql -k -f body --method=POST -H "Content-Type: application/json" -s
Bombarding http://localhost:3000/graphql with 10000000 request(s) using 125 connection(s)

10000000 / 10000000 [===========================================================================] 100.00% 28777/s 5m47s
Done!
Statistics        Avg      Stdev        Max
  Reqs/sec     28788.66    2183.47   34605.95
  Latency        4.32ms   543.07us   110.95ms
  HTTP codes:
    1xx - 0, 2xx - 10000000, 3xx - 0, 4xx - 0, 5xx - 0
    others - 0
  Throughput:    20.75MB/s

Collection of major crates used in Canduma

Required

  • Rustup
  • Stable Toolchain: rustup default stable
  • Diesel cli with postgres cargo install diesel_cli --no-default-features --features "postgres"
  • PostgreSQL database server or use our docker-compose.yml (require docker)

Getting Started

git clone https://github.com/clifinger/canduma.git
cd canduma
docker-compose up
cp .env.example .env
diesel setup --database-url='postgres://postgres:canduma@localhost/canduma'
diesel migration run
cargo run

Test the GraphQL API with Insomnia

Register

Register with Insomnia

Login

Login with Insomnia

Get my account

Login with Insomnia

Get JWT Token

Get JWT by GraphQL with Insomnia

Set Bearer JWT Token

Set JWT Token with Insomnia

Get decoded JWT by the server (for tests purpose)

Get JWT decoded Token by GraphQL with Insomnia

Test authentication with session in GraphQL by getting all users (for tests purpose)

Get all users by GraphQL with Insomnia

Logout

Logout with Insomnia

Raw code for Insomnia

############ GraphQL Queries ############
query usersQuery {
  users {
    name
    userUuid
    email
    createdAt
  }
}

query tokenQuery {
  token {
    bearer
  }
}

query decodeTokenQuery {
  decode {
    email
    iss
    iat
    exp
    sub
  }
}

Test the GraphQL API with VScode REST Client

VScode plugin

See / open TEST.http file in vscode.

Build release

cargo build --release
cd target/release
./canduma

Security

Important security considerations

We use session cookies for authentication.

Why not JWT authentication?

Stop Using JWT for sessions and why your solution doesn't work

The use of JWT remains secure only if you use adequate storage. This boilerplate is built for use in a micro-services architecture.

JWT can be use for representing claims to be transferred between two parties.

The private key should only be on this micro-service. public key can be used on all other parties to decode the token.

This boilerplate provides a complete example, so we included JWT also.

Generate RSA keys for JWT

In development mode you can keep the one in /keys folder.

// private key
$ openssl genrsa -out rs256-4096-private.rsa 4096

// public key
$ openssl rsa -in rs256-4096-private.rsa -pubout > rs256-4096-public.pem

Logging

Logging controlled by middleware::Logger actix.rs

To enable debug logging set RUST_LOG=debug in .env

Testing

Initialization

First run yarn or npm install to get all required packages

npm run test

To run you can use npm run test or yarn test.

The testing system designed to automatically build canduma offline and start in tests/jest.beforeall.js We starting canduma in order to capture output from both rust and js code using testci target

npm run testci

$ npm run testci

> canduma@ testci /home/olexiyb/b100pro/canduma
> cross-env RUST_LOG=debug DEBUG=canduma:* NODE_ENV=test jest

Determining test suites to run...
$ killall canduma
canduma: no process found

$ cargo build
    Finished dev [unoptimized + debuginfo] target(s) in 0.07s
  canduma:jest.beforeall.js build = { status: 0, signal: null, output: [ null, null, null ], pid: 2447, stdout: null, stderr: null } +0ms

$  target/debug/canduma
[2020-04-02T18:17:19Z INFO  actix_server::builder] Starting 24 workers
[2020-04-02T18:17:19Z INFO  actix_server::builder] Starting server on 0.0.0.0:4000
Listening on 0.0.0.0:4000
started API 

  canduma:user.test.js /user/me body='Unauthorized' text="Unauthorized" +0ms

...
[2020-04-02T18:17:22Z DEBUG canduma::user::handler] user_string={"user_uuid":"f7cfa71e-096e-44d0-ae4f-7d16dd9e4baf","email":"[email protected]","role":"bad_role"}
  canduma:user.test.js /graphql body={ data: null, errors: [ { message: 'Unauthorized', locations: [Array], path: [Array], extensions: [Object] } ] } +292ms
 PASS  tests/user.test.js
 
...

In example above you see output from jest tests as well as from rust code debug!("user_string={}", user_string);

CLion

I also highly recommend to use CLion as a dev tool. I allows to run all tests or individual with single click and analyze logs

alt text

Comments
  • Better HTTP Response

    Better HTTP Response

    Currently response are not all json. For example if we register using same information twice following is the raw data instead of helpful json message like Wrong username or password.

    BadRequest: Key (email)=([email protected]) already exists.
    opened by shirshak55 3
  • :arrow_up: Upgrade some depends, also fix for them

    :arrow_up: Upgrade some depends, also fix for them

    I changed some dependency versions due to old, and wrote a fix for upgrading dependencies.

    Changelog:

    • Upgraded diesel to 1.4.7 (As may you know this should be greater version if available)
    • Upgraded jsonwebtoken to 7 (This was specifying alpha, so it should be more stable)
    • Fixed uuid to =0.7 (This was causing a problem due to greater version is available)
    • Updated some jwt encode/decode code
    • Updated .env.example for more great experiences for local testing
    • Updated .gitignore for secure secret (Not much important)
    opened by rikusen0335 2
  • Connection pooling via r2d2 crate

    Connection pooling via r2d2 crate

    The project could get a boost in performance by utilizing connection pools with r2d2 and Postgres. This is already flagged as a feature within the cargo.toml for diesel.

    This is something most likely I could support with a PR, but wanted to have a discussion for desire before implementing.

    opened by espnicholas 2
  • Suggested way to add new model

    Suggested way to add new model

    How would you suggest adding a new table (struct) to the app? for instance if I wanted each user to have "messages" how would I add that (to be inline with the overall app and API)

    Thanks

    opened by drbh 2
  • [ Feature Request ] support cursor-based pagination

    [ Feature Request ] support cursor-based pagination

    Hi.

    Would you like to support cursor-based pagination. So the query will contains nodes, edges, pageInfo, and totalCount.

    Such:

    {
  hero {
    name
    friends(first:2) {
      totalCount
      edges {
        node {
          name
        }
        cursor
      }
      pageInfo {
        endCursor
        hasNextPage
      }
    }
  }
}

    Or something like:

    image

    Contexts:

    • https://graphql.org/learn/pagination/#pagination-and-edges
    • https://www.howtographql.com/graphql-python/9-relay/
    • https://github.com/vectordotdev/vector/blob/master/src/api/schema/relay.rs#L105 and https://vector.dev/blog/graphql-api/#take-it-for-a-spin-in-the-vector-playground
    • https://docs.github.com/en/graphql/overview/explorer
    opened by azzamsa 1
  • Cannot query field

    Cannot query field "token" on type "QueryRoot"

    I've registered and logged in and have the cookie with auth set, but running this query:

    https://github.com/clifinger/canduma/blob/master/docs/images/new-insomnia-grahql-get-jwt.png

    I'm getting this result:

    {
	"errors": [
		{
			"message": "Unknown field \"token\" on type \"QueryRoot\"",
			"locations": [
				{
					"line": 11,
					"column": 5
				}
			]
		},
		{
			"message": "Unknown field \"decode\" on type \"QueryRoot\"",
			"locations": [
				{
					"line": 17,
					"column": 5
				}
			]
		}
	]
}

    Was the schema changed since the getting started steps were made?

    opened by archonic 1
  • Bump tar from 4.4.13 to 4.4.15

    Bump tar from 4.4.13 to 4.4.15

    Bumps tar from 4.4.13 to 4.4.15.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump hosted-git-info from 2.8.8 to 2.8.9

    Bump hosted-git-info from 2.8.8 to 2.8.9

    Bumps hosted-git-info from 2.8.8 to 2.8.9.

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    Commits
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Consider Heroku compatibility

    Consider Heroku compatibility

    I like this project as it's a really easy to use boilerplate for Rust projects. I use Heroku sometimes and also Dokku/Docker so it would be nice to easily use canduma with Heroku instead of building it myself.

    Edit: So I was able to use the buildpack at https://github.com/emk/heroku-buildpack-rust to build canduma on Dokku on a DigitalOcean droplet. Since it uses Heroku buildpacks, this should be compatible with Heroku as well. Looks like there may be some bugs with the buildpack on Heroku's buildpack library, so use the full https://github.com/emk/heroku-buildpack-rust url instead when adding the buildpack.

    Heroku: heroku buildpacks:set https://github.com/emk/heroku-buildpack-rust.git Dokku: dokku buildpacks:add https://github.com/emk/heroku-buildpack-rust.git

    If you don't set the buildpack as being Rust based, Heroku/Dokku assume it's a NodeJS app due to the package.json in the directory, and the build will fail. Actually, why is there a package.json in the project anyway? Looks like it's used for linting and testing, but I'm not sure what parts are JS based exactly.

    opened by satvikpendem 1
  • Switch to graphql playground that has many features

    Switch to graphql playground that has many features

    • Switch to graphql playground that has many features see https://github.com/prisma-labs/graphql-playground
    • Fixed "No schema found issue", playground (and graphiql) should be home page to work correctly.
    • Properly use opt.domain parameter to avoid CORS issues
    • Fixed Cargo.lock file as I have missed committing for #23
    opened by olexiyb 1
  • Use shared pool across actix-web workers with app_data() approach

    Use shared pool across actix-web workers with app_data() approach

    When you run this boilerplate on Ryzen 3900 with 12 cores(24 threads) you will get the number of connection reached the limit error The situation is that HttServer will start by default some predefined by the operating system

    https://docs.rs/actix-web/2.0.0/actix_web/struct.HttpServer.html#method.workers

    in my case, I've got 15 At the same time, the default pool size is 10

    https://docs.rs/r2d2/0.8.8/r2d2/struct.Builder.html#method.max_size

    So on my system, I needed 150 connections, but the default limit in docker-compose.yml is 100. But based on https://wiki.postgresql.org/wiki/Number_Of_Database_Connections

    A formula that has held up pretty well across a lot of benchmarks for years is that for optimal throughput the number of active connections should be somewhere near ((core_count * 2) + effective_spindle_count). Core count should not include HT threads, even if hyperthreading is enabled

    so it just did not make sense to increase the number of connections and I did not want to manipulate the number of workers and max_size(). So I tried to use app_data() to pass pool as shared across workers and the number of connections defaulted to 10. I have also tested using bombardier with 10000 login requests and did not see any degradations of performance.

    PS I have used select count(*) from pg_stat_activity; the command to get the number of active connections

    opened by olexiyb 1
  • Bump json5 from 2.1.2 to 2.2.3

    Bump json5 from 2.1.2 to 2.2.3

    Bumps json5 from 2.1.2 to 2.2.3.

    Release notes

    Sourced from json5's releases.

    v2.2.3

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)
    Changelog

    Sourced from json5's changelog.

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1 [code, diff]

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0 [code, diff]

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)
    Commits
    • c3a7524 2.2.3
    • 94fd06d docs: update CHANGELOG for v2.2.3
    • 3b8cebf docs(security): use GitHub security advisories
    • f0fd9e1 docs: publish a security policy
    • 6a91a05 docs(template): bug -> bug report
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump qs from 6.5.2 to 6.5.3

    Bump qs from 6.5.2 to 6.5.3

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Diesel 2.0 released with errors when updating

    Diesel 2.0 released with errors when updating

    Diesel updated with version 2.0

    Updated Cargo.toml

    diesel = { version = "2.0.0", features = ["postgres", "uuid", "chrono", "r2d2"] }

    See these errors:

    warning: #[table_name] attribute form is deprecated
  = help: use `#[diesel(table_name = users)]` instead

error[E0308]: mismatched types
    --> src/user/service/list.rs:18:23
     |
18   |         .load::<User>(conn)?)
     |          ------------ ^^^^ types differ in mutability
     |          |
     |          arguments to this function are incorrect
     |
     = note: expected mutable reference `&mut _`
                        found reference `&diesel::r2d2::PooledConnection<diesel::r2d2::ConnectionManager<diesel::PgConnection>>`
note: associated function defined here
    --> /home//.cargo/registry/src/github.com-1ecc6299db9ec823/diesel-2.0.0/src/query_dsl/mod.rs:1497:8
     |
1497 |     fn load<'query, U>(self, conn: &mut Conn) -> QueryResult<Vec<U>>
     |        ^^^^

error[E0308]: mismatched types
    --> src/user/service/login.rs:18:24
     |
18   |         .first::<User>(conn)
     |          ------------- ^^^^ types differ in mutability
     |          |
     |          arguments to this function are incorrect
     |
     = note: expected mutable reference `&mut _`
                        found reference `&diesel::r2d2::PooledConnection<diesel::r2d2::ConnectionManager<diesel::PgConnection>>`
note: associated function defined here
    --> /home//.cargo/registry/src/github.com-1ecc6299db9ec823/diesel-2.0.0/src/query_dsl/mod.rs:1733:8
     |
1733 |     fn first<'query, U>(self, conn: &mut Conn) -> QueryResult<U>
     |        ^^^^^

error[E0308]: mismatched types
    --> src/user/service/register.rs:16:83
     |
16   |     let inserted_user: User = diesel::insert_into(users).values(&user).get_result(conn)?;
     |                                                                        ---------- ^^^^ types differ in mutability
     |                                                                        |
     |                                                                        arguments to this function are incorrect
     |
     = note: expected mutable reference `&mut _`
                        found reference `&diesel::PgConnection`
note: associated function defined here
    --> /home//.cargo/registry/src/github.com-1ecc6299db9ec823/diesel-2.0.0/src/query_dsl/mod.rs:1677:8
     |
1677 |     fn get_result<'query, U>(self, conn: &mut Conn) -> QueryResult<U>
     |        ^^^^^^^^^^

For more information about this error, try `rustc --explain E0308`.
error: could not compile `canduma` due to 3 previous errors
    opened by tyler-harpool 0
  • discussion: async-graphql vs jupiter and diesel vs tokio-postgres vs sqlx

    discussion: async-graphql vs jupiter and diesel vs tokio-postgres vs sqlx

    @clifinger did you know about async-graphql At this moment this solution has more features and I feel better then use of jupiter. I personally followed the implementation of twentyfive-stars and liked the interface more than Jupiter. Jupiter supports async, but not released yet and Jupiter lack of good documentation when async-graphql has excellent book

    During the investigation, I came across sqlx and found this native rust driver feature to verify SQL during the build is awesome and helps to find bugs before the actual run.

    There are actually 3 choices:

    I have tried all 3 and finally stopped on sqlx, diesel is crazy complex and not native driver, tokio-postgres is too basic and sqlx is a very good balanced generic solution and I feel performance would be better as it does not have a dependency on libpq (C driver)

    I think, that for Bollerplate we need to pick the best solutions on the market and diesel and Jupiter are not the best

    opened by olexiyb 1
Owner
Julien Lenne
Julien Lenne
GitHub
JWT Authentication in Rust using Axum Framework

Are you interested in building a secure authentication system for your Rust web application? Look no further than the Axum framework and JSON Web Tokens (JWTs)! Axum is a fast and scalable Rust web framework that provides a reliable and efficient platform for developing microservices and APIs.

CODEVO 16 Jun 11, 2023
Axum + JWT authentication Middleware that allows you to start building your application fast

axum_jwt_ware Integration Guide Simple Axum + JWT authentication middleware with implemented Login and refresh token. Goal I aim to simplify the proce

Eze Sunday 3 Dec 2, 2023
A Rust GraphQL system with full support for subscriptions and authentication that works out of the box.

Diana is a GraphQL system for Rust that's designed to work as simply as possible out of the box, without sacrificing configuration ability.

arctic_hen7 36 Dec 19, 2022
A simple authentication flow using Rust and Actix-web, with a PostgreSQL database and a sveltekit frontend.

Rust-auth-example This repository aims to represent a simple authentication flow using Rust and Actix-web, with a PostgreSQL database and a sveltekit

Kival Mahadew 4 Feb 19, 2023
An API project using Rust, Actix Web and JWT. *WIP*

Actix-web REST API with JWT (WIP) A simple CRUD backend app using Actix-web, Diesel and JWT Require Rust Stable Postgres Or using Docker How to run Ma

Akhil Sharma 4 Sep 21, 2023
Rust server with Axum, GraphQL and SurrealDb

??️ Article on my web Axum server, Async-GraphQl, SurrealDB template Run without any prior setup, DB is in memory: cargo run To use routes other than

null 15 Jun 26, 2023
Rust GraphQL server using simple type-only schema

SimpleGQL This library allows a simplified GraphQL schema to be given and will run a server with a backend store (currently only SQLite) and a set of

Daniel Cocks 5 May 10, 2023
Scratch-Containerised Rust GraphQL-API using Dataloaders

Dockerize Graphql Rust More current version at https://github.com/jayy-lmao/rust-cult-graphql-server This project is currently for demonstrating the u

James H. 89 Dec 3, 2022
Quick demo of a REST frontend with a Redis session store.

axum-rest-starter-example Important Tasks Ensure session UUID is unique Protect /api/ with JWT Add CSRF CORS? Dev Setup (1) Run docker compose up to f

Michael de Silva 23 Dec 31, 2022
Rust HTTP API Template using PostgreSQL, Redis, RabbitMQ, and Hexagonal Architecture

Rust Template HTTP API Rust API Template using PostgreSQL, Redis, RabbitMQ, and Hexagonal Architecture The following template provides a basic structu

Paulo Bressan 7 Jun 9, 2023
Rust Rocket MongoDB token-authorization REST API boilerplate

Rust Rocket MongoDB token-auth REST API boilerplate In this repository, you can find backend Rust rocket mongodb rest-api boilerplate with token autho

null 6 Dec 7, 2022
Web Application with using Rust(Actix, Diesel and etc)

Santa Service App Used technology stack Web Server with using Rust (Actix, Actix-web, Diesel) Data base (Postgres) Console Application (Tokio) Tasks o

null 3 Jan 8, 2023
The goal of this repository is to have a real world template of a Rust backend using Axum, Diesel, etc.

Axum Diesel Real-World Example A modular Rust backend template based on the Domain-Driven Design (DDD) architecture, utilizing the Axum and Diesel fra

Quentin Piot 11 Sep 22, 2023
Proof of concept writing a monolith BBS using Rust, GraphQL, WASM, and SQL. WILL BE ARCHIVED ONCE PROVEN

GraphQL Forum Important DO NOT even think about using this in production, lest your sanity be destroyed and credentials lost! Loosely following the aw

Rongcui Dong 25 Apr 25, 2023
Diana is a GraphQL system for Rust that's designed to work as simply as possible out of the box

Diana is a GraphQL system for Rust that's designed to work as simply as possible out of the box, without sacrificing configuration ability. Unlike other GraphQL systems, Diana fully supports serverless functions and automatically integrates them with a serverful subscriptions system as needed, and over an authenticated channel. GraphQL subscriptions are stateful, and so have to be run in a serverful way. Diana makes this process as simple as possible.

null 0 Aug 3, 2021
A fast GraphQL engine.

bluejay-rb Warning This project is still very early in its development and should be considered highly unstable and experimental. It is incomplete and

Adam Petro 4 Feb 20, 2023
REST API server that abstracts the need to write CRUD methods by exposing a standardized API to interact with a Postgres database

Basiliq Exposing a Postgres database via a REST API that follows the JSON:API specs. All in all, a tasty API. What is Basiliq Quickstart Ready to use

Basiliq 54 Apr 21, 2022
A Rust crate for managing authentication and authorization with support for multi-tenant / B2B products, powered by PropelAuth

PropelAuth Add authentication and authorization to your application. This library is meant to be used with a PropelAuth account. You can sign up and g

PropelAuth 3 Dec 10, 2022
A secure and efficient gateway for interacting with OpenAI's API, featuring load balancing, user request handling without individual API keys, and global access control.

OpenAI Hub OpenAI Hub is a comprehensive and robust tool designed to streamline and enhance your interaction with OpenAI's API. It features an innovat

Akase Cho 30 Jun 16, 2023