#axum #tower #sq-lx #session #authentication

axum_sessions_auth

Library to Provide a User Authentication and privilege Token Checks. It requires the Axum_Database_Sessions library.

13 releases (8 stable)

Uses new Rust 2021

2.0.0 Jun 22, 2022
1.5.0 Jun 14, 2022
1.4.0 May 18, 2022
1.1.0 Apr 20, 2022
0.1.2 Feb 24, 2022

#74 in Authentication

Download history 2/week @ 2022-03-08 46/week @ 2022-03-15 27/week @ 2022-03-22 28/week @ 2022-03-29 42/week @ 2022-04-05 1/week @ 2022-04-12 26/week @ 2022-04-19 32/week @ 2022-04-26 58/week @ 2022-05-03 157/week @ 2022-05-10 81/week @ 2022-05-17 53/week @ 2022-05-24 93/week @ 2022-05-31 41/week @ 2022-06-07 32/week @ 2022-06-14 30/week @ 2022-06-21

200 downloads per month

MIT license

24KB
334 lines

axum_sessions_auth

Library to Provide a User Authentication and privilege Token Checks. It requires the Axum_Database_Sessions library. This library will help by making it so User ID or authorizations are not stored on the Client side but rather on the Server side. The Authorization is linked by the Clients Serverside Session ID which is stored on the Client side.

You must choose only one of ['postgres', 'mysql', 'sqlite'] features to use this library.

https://crates.io/crates/axum_sessions_auth Docs

Install

Axum Sessions Authentication uses tokio runtime along with ['sqlx'] and ['axum_database_sessions']; it supports native-tls and rustls TLS backends. When adding the dependency, you must chose a database feature that is DatabaseType and a tls backend. You can only choose one database type and one TLS Backend.

# Cargo.toml
[dependencies]
# Postgres + rustls
axum_sessions_auth = { version = "2.0.0", features = [ "postgres", "rustls" ] }

Cargo Feature Flags

sqlite: Sqlx support for the self-contained SQLite database engine. postgres: Sqlx support for the Postgres database server. mysql: Sqlx support for the MySQL/MariaDB database server. native-tls: Use the tokio runtime and native-tls TLS backend. rustls: Use the tokio runtime and rustls TLS backend.

Example

use sqlx::{ConnectOptions, postgres::{PgPoolOptions, PgConnectOptions}};
use std::net::SocketAddr;
use axum_database_sessions::{AxumSession, AxumSessionConfig, AxumSessionLayer, AxumDatabasePool};
use axum_sessions_auth::{AuthSession, AuthSessionLayer, Authentication};
use axum::{
    Router,
    routing::get,
};

#[tokio::main]
async fn main() {
    # async {
    let poll = connect_to_database().await.unwrap();

    let session_config = AxumSessionConfig::default()
        .with_database("test")
        .with_table_name("test_table");

    let session_store = AxumSessionStore::new(Some(poll.clone().into()), session_config);

    // build our application with some routes
    let app = Router::new()
        .route("/greet/:name", get(greet))
        .layer(AxumSessionLayer::new(session_store))
        .layer(AuthSessionLayer::<User>::new(Some(poll.clone().into()), Some(1)));

    // run it
    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
    tracing::debug!("listening on {}", addr);
    axum::Server::bind(&addr)
        .serve(app.into_make_service())
        .await
        .unwrap();
    # };
}

//we can get the Method to compare with what Methods we allow. Useful if thius supports multiple methods.
//When called auth is loaded in the background for you.
async fn greet(method: Method, session: AxumSession, auth: AuthSession<User>) -> &'static str {
    let mut count: usize = session.get("count").unwrap_or(0);
    count += 1;
    session.set("count", count);

    if let Some(cur_user) = current_user {
        if !Auth::<User>::build([Method::Get], false)
            .requires(Rights::none([
                Rights::permission("Token::UseAdmin"),
                Rights::permission("Token::ModifyPerms"),
            ]))
            .validate(&cur_user, &method, None)
            .await
        {
            return format!("No Permissions! for {}", cur_user.username)[];
        }

        let username = if !auth.is_authenticated() {
            //Set the user ID of the User to the Session so it can be Auto Loaded the next load or redirect
            auth.login_user(2);
            "".to_string()
        } else {
            //if the user is loaded and is Authenticated then we can use it.
            if let Some(user) = auth.current_user {
                user.username.clone()
            } else {
                "".to_string()
            }
        };

        format!("{}-{}", username, count)[..]
    } else {
        if !auth.is_authenticated() {
            //Set the user ID of the User to the Session so it can be Auto Loaded the next load or redirect
            auth.login_user(2);
            //Set the session to be long term. Good for Remember me type instances.
            auth.remember_user(true);
            //redirect here after login if we did indeed login.
        }

        "No Permissions!"
    }
}

#[derive(Clone, Debug)]
pub struct User {
    pub id: i32,
    pub anonymous: bool,
    pub username: String,
}

//This is only used if you want to use Token based Authentication checks
#[async_trait]
impl HasPermission for User {
    async fn has(&self, perm: &String, pool: &Option<&AxumDatabasePool>) -> bool {
        match &perm[..] {
            "Token::UseAdmin" => true,
            "Token::ModifyUser" => true,
            _ => false,
        }
    }
}

#[async_trait]
impl Authentication<User> for User {
    async fn load_user(userid: i64, _pool: Option<&AxumDatabasePool>) -> Result<User> {
        Ok(User {
            id: userid,
            anonymous: true,
            username: "Guest".to_string(),
        })
    }

    fn is_authenticated(&self) -> bool {
        !self.anonymous
    }

    fn is_active(&self) -> bool {
        !self.anonymous
    }

    fn is_anonymous(&self) -> bool {
        self.anonymous
    }
}

async fn connect_to_database() -> anyhow::Result<sqlx::Pool<sqlx::Postgres>> {
    // ...
    # unimplemented!()
}

Help

If you need help with this library or have suggestions please go to our Discord Group

Dependencies

~13–26MB
~509K SLoC