Rust Rocket MongoDB token-authorization REST API boilerplate

Overview

Stand With Ukraine

Rust Rocket MongoDB token-auth REST API boilerplate

In this repository, you can find backend Rust rocket mongodb rest-api boilerplate with token authorization.

#[get("/public/hello")]
pub async fn hello_world() -> Json<&'static str> {
  Json("Hello world")
}

Visiting localhost:8000/api/v1/public/hello, for example, will trigger the hello route resulting in the string Hello world being sent to the browser. In this example there is no authorization.

How to start

  1. First you need to download this repository to your computer
  • Write this in your terminal:
git clone https://github.com/martyr00/Rust-rocket-mongoDB-token-auth-REST-API-boilerplate.git
  • After open the project in your IDE
  1. You need to make your private.rs file as in the private.sample.rs:
pub const JWT_SECRET: &[u8] = b"<YOUR_JWT_SECRET_KEY>";
pub const REFRESH_JWT_SECRET: &'static str = b"<YOUR_REFRESH_JWT_SECRET_KEY>";
pub(crate) const URL_DB: &str = "mongodb+srv://<YOUR_LOGIN>:<YOUR_PASSWORD>@cluster0.d5yn0.mongodb.net/<YOUR_DB_NAME>";
  • JWT_SECRET and REFRESH_JWT_SECRET you need to come up with your own secret word to encrypt the tokens
  • For URL_DB you need registration your mongoDB acc here https://cloud.mongodb.com/
  1. To run write this in your terminal:
cargo check && cargo run

Routes

  • /api/v1/registration (POST)
  • /api/v1/login (POST)
  • /api/v1/refresh (POST)
  • /api/v1/public/hello (GET)
  • /api/v1/hello (GET)
  • /api/v1/public/user (DELETE, PATCH)

Registration acc

Registration request:

  • login (must be unique && len login must be from 3 to 200 letter)
  • password (len password must be from 8 to 200 letter and password is hashed before being saved to the database.)
  • mail (must be unique and mail)
  • first_name (len must be from 2 to 150 letter and this field is optional)
  • last_name (len must be from 2 to 200 letter and this field is optional)
pub struct RegistrationRequest {
    pub login: String,
    pub password: String,

    pub mail: String,

    pub first_name: String,
    pub last_name: String,
}

Example registration request:

{
    "login": "test",
    "password": "12345678",
    "mail": "[email protected]",
    "first_name": "Test",
    "last_name": ""
}

Registration response

In response, the server will send 2 JWT tokens. The token is valid for 1 hour. Refresh token is valid for 7 days. token is needed to verify user authorization. With each private request, the token will be sent fronted to the headers in the authorization field.

More about jwt authentication https://blog.logrocket.com/jwt-authentication-in-rust/

If everything is correct:

pub struct Token {
    pub token: String,
    pub refresh_token: String,
}

Example:

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJiNGRhOTk4ZjgyMzc2YTk1MzM1MWIxIiwiZXhwIjoxNjU2MDIzMjA5fQ.aJFDZVyMBuNYh5EAArYYfzYCTnHHCQ7IHuZpKNCXHs0",
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJiNGRhOTk4ZjgyMzc2YTk1MzM1MWIxIiwiZXhwIjoxNjU4NjExNjA5fQ.2_DjxtQxtsLsprvhBfYU8rKAoDfWMdshoPKDUqq6QZQ"
}

Possible error:

  • bad login -> Status 400 and string "Bad login" in json
  • already registered login -> Status 400 and string "Already registered by login" in json
  • bad password -> Status 400 and string "Bad password" in json
  • already registered password -> Status 400 and string "Already registered by password" in json
  • bad mail -> Status 400 and string "Bad mail" in json
  • already registered mail -> Status 400 and string "Already registered by mail" in json

Example error:

Status 400 Bad Request

{
    "cause": "Already registered by login"
}

Login acc

Login request:

  • login(The server checks 2 logins from the database and the request)
  • password(The server checks the encrypted password in the database with the password from the request)
pub struct LoginRequest {
  pub login: String,
  pub password: String,
}

Example:

{
    "login": "test",
    "password": "12345678"
}

Login response:

If everything is correct:

pub struct Token {
    pub token: String,
    pub refresh_token: String,
}

Example:

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJhM2I3Zjg4MTE1OWVkYWJmNTcwZjYwIiwiZXhwIjoxNjU2MDI0MDM1fQ.5Nu0lbN5X656JhuY8PrK1IJhWFVjHxKbh8CssKqHQqk",
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJhM2I3Zjg4MTE1OWVkYWJmNTcwZjYwIiwiZXhwIjoxNjU4NjEyNDM1fQ.5OUiED1no-uizfYmq1xk6Z6XpX9TsbezDx8QxPSbyV0"
}

Possible error:

  • Bad request(In any case)

Example:

Status 400

{
    "cause": "Wrong request"
}

Refresh token

In this route, the frontend asks the server to refresh the token with a refresh token in json

Refresh token request

  • refresh token(specific user)
pub struct RefreshToken {
    pub(crate) refresh_token: String,
}

Example refresh token request:

{
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJhM2I3Zjg4MTE1OWVkYWJmNTcwZjYwIiwiZXhwIjoxNjU3NDg5NDcyfQ.BcTanbs5lyT-Yv2ekf5-xl_NzEqpKsh5S59AEuZrmVQ"
}

Refresh token response

If everything is correct:

pub struct Token {
    pub token: String,
    pub refresh_token: String,
}

Example:

{
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJhM2I3Zjg4MTE1OWVkYWJmNTcwZjYwIiwiZXhwIjoxNjU2MDI0MDM1fQ.5Nu0lbN5X656JhuY8PrK1IJhWFVjHxKbh8CssKqHQqk",
    "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiNjJhM2I3Zjg4MTE1OWVkYWJmNTcwZjYwIiwiZXhwIjoxNjU4NjEyNDM1fQ.5OUiED1no-uizfYmq1xk6Z6XpX9TsbezDx8QxPSbyV0"
}

Possible error:

  • Unauthorized

Example:

Status 400

{
    "cause": "Unauthorized"
}

Public hello

This is the only route without authorization. Therefore there is no request in this route.

Rust code:

#[get("/public/hello")]
pub async fn hello_world() -> Json<&'static str> {
  Json("Hello world")
}

Response in json:

{
  "Hello world"
}

Private hello

In this route, the server checks in the headers token if the token is valid then the server executes the program.

Private hello request:

From headers:

authorization Bearer (TOKEN)

Example:

authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGci....

Private hello response

the response will be a greeting with the user. If the database contains his first name and surname, then the program will greet you by the first name and surname; if not, the program will greet you by login

If everything is correct:

pub struct HelloNameResponse {
    pub(crate) greetings: String,
}

Example:

{
    "greetings": "Hello test"
}

Possible error:

  • Unauthorized

Example:

Status 401

{
"cause": "Unauthorized"
}
You might also like...
Quick demo of a REST frontend with a Redis session store.

axum-rest-starter-example Important Tasks Ensure session UUID is unique Protect /api/ with JWT Add CSRF CORS? Dev Setup (1) Run docker compose up to f

A crate built on top of `axum-sessions`, implementing the CSRF Synchronizer Token Pattern

Axum Synchronizer Token Pattern CSRF prevention This crate provides a Cross-Site Request Forgery protection layer and middleware for use with the axum

A secure and efficient gateway for interacting with OpenAI's API, featuring load balancing, user request handling without individual API keys, and global access control.

OpenAI Hub OpenAI Hub is a comprehensive and robust tool designed to streamline and enhance your interaction with OpenAI's API. It features an innovat

Rust implementation of the `URLPattern` web API

urlpattern This crate implements the URLPattern web API in Rust. We aim to follow the specification as closely as possible. Contributing We appreciate

A pure Rust implementation of the Web Local Storage API, for use in non-browser contexts

Rust Web Local Storage API A Rust implementation of the Web LocalStorage API, for use in non-browser contexts About the Web Local Storage API MDN docs

Scratch-Containerised Rust GraphQL-API using Dataloaders

Dockerize Graphql Rust More current version at https://github.com/jayy-lmao/rust-cult-graphql-server This project is currently for demonstrating the u

Implementation of the RealWorld backend API spec in Actix, Rust's powerful actor system and most fun web framework.
Implementation of the RealWorld backend API spec in Actix, Rust's powerful actor system and most fun web framework.

Actix codebase containing real world examples (CRUD, auth, advanced patterns, etc) that adheres to the RealWorld spec and API. ❗ (2021/05/13) This cod

Fastest autocomplete API written in rust 🦀

rust-autocomplete-api fastest* autocomplete API written in rust 🦀 *probably Run it locally cargo build --release ./target/release/autocomplete-api-po

An API to track various stats written in Rust. Tracking Github, Wakatime, Spotify, and Duolingo
An API to track various stats written in Rust. Tracking Github, Wakatime, Spotify, and Duolingo

Null API API For collecting data Explore the docs » View Demo · Report Bug · Request Feature Table of Contents About The Project Built With Getting St

Owner
null
REST API server that abstracts the need to write CRUD methods by exposing a standardized API to interact with a Postgres database

Basiliq Exposing a Postgres database via a REST API that follows the JSON:API specs. All in all, a tasty API. What is Basiliq Quickstart Ready to use

Basiliq 54 Apr 21, 2022
A Rust crate for managing authentication and authorization with support for multi-tenant / B2B products, powered by PropelAuth

PropelAuth Add authentication and authorization to your application. This library is meant to be used with a PropelAuth account. You can sign up and g

PropelAuth 3 Dec 10, 2022
Oso is an open source policy engine for authorization that’s embedded in your application

Oso What is Oso? Oso is an open source policy engine for authorization that’s embedded in your application. It provides a declarative policy language

oso 2.8k Jan 4, 2023
A Rust Boilerplate server with GraphQL API, Diesel, PostgreSQL, session authentication and JWT

Canduma rust Graphql A Rust authentication server with GraphQL API, Diesel, PostgreSQL session authentication and JWT This repository contains a Graph

Julien Lenne 738 Dec 28, 2022
Rust Rest API Stack with User Management

A secure-by-default rest api stack implemented with hyper, tokio, bb8 and postgres. This project is focused on providing end-to-end encryption by default for 12-factor applications. Includes a working user management and authentication backend written in postgresql with async S3 uploading for POST-ed data files.

Jay 10 Dec 25, 2022
Inertia.js implementations for Rust. Currently supports Rocket.

Inertia.rs Inertia.js implementations for Rust. Currently supports Rocket. Why Inertia? From inertiajs.com Inertia is a new approach to building class

Stuart Hinson 15 Dec 2, 2022
Grape is a REST-like API framework for Ruby

Grape is a REST-like API framework for Ruby. It's designed to run on Rack or complement existing web application frameworks such as Rails and Sinatra by providing a simple DSL to easily develop RESTful APIs. It has built-in support for common conventions, including multiple formats, subdomain/prefix restriction, content negotiation, versioning and much more.

Ruby Grape 9.7k Jan 2, 2023
A customizable, simple and easy to use json REST API consumer

JACK is a generic JSON API client. It is useful to interact with APIs from multiple services such as Google and Twitter

Mente Binária 6 May 22, 2022
Print Apple WeatherKit REST API weather conditions and hourly/daily foreacast to the console.

weatherkit-rust A Rust CLI program to print current conditions and daily/hourly forecast to the console. Please read authorization.md as you need an A

boB Rudis 11 Dec 23, 2022
Bare-metal software for the sounding rocket payload.

CanSat Software for the sounding rocket payload. Prerequisites cargo-make cargo-embed - Requires libusb, see cargo-embed's README.md for instructions.

COSMO PK Group 2 Dec 19, 2022