protect-salvo

Authorization extension for salvo to protect your endpoints.

To check user access to specific services, you can use built-in proc-macro or manual.

The library can also be integrated with third-party solutions (e.g. jwt-middlewares).

How to use

1. Add tower-compat feature to salvo dependency in your Cargo.toml

2. Declare your own authority extractor

The easiest way is to declare a function with the following signature (trait is already implemented for such Fn):

use salvo::prelude::*;

// You can use custom type instead of String
// It requires to use hyper's `Request` & `Response` types, because integration is based on `tower`
pub async fn extract(req: &mut salvo::hyper::Request<ReqBody>) -> Result<HashSet<String>, salvo::hyper::Response<ResBody>>

3. Add middleware to your application using the extractor defined in step 1

Router::with_path("/")
    .hoop(GrantsLayer::with_extractor(extract).compat())
    .push(Router::with_path("/endpoint").get(your_handler))

Steps 2 and 3 can be replaced by custom middleware or integration with another libraries.

4. Protect your endpoints in any convenient way from the examples below:

Example of proc-macro way protection

#[protect_salvo::protect("ROLE_ADMIN")]
#[handler]
async fn macro_secured() -> &'static str {
    return "Hello, World!";
}

use enums::Role::{self, ADMIN};
use dto::User;

#[post("/info/{user_id}")]
#[protect_salvo::protect(any("ADMIN", expr = "user.is_super_user()"), ty = "Role")]
async fn admin_or_super_user(user: User) -> &'static str {
    "some secured response"
}

Example of manual way protection

use protect_salvo::authorities::{AuthDetails, AuthoritiesCheck};

async fn manual_secure(details: AuthDetails) -> &'static str {
    if details.has_authority(ROLE_ADMIN) {
        return "ADMIN_RESPONSE";
    }
    "OTHER_RESPONSE"
}

You can find more examples in the git repository folder and documentation.