axum_security/lib.rs
1//! Security middleware and extractors for [axum](https://docs.rs/axum).
2//!
3//! `axum-security` is a modular toolkit — enable only the features you need.
4//! Every feature adds a module with Tower middleware and/or axum extractors.
5//!
6//! # Features
7//!
8//! | Feature | Module | Description |
9//! |---------|--------|-------------|
10//! | `cookie` | [`cookie`] | Server-side session management with pluggable stores |
11//! | `jwt` | [`jwt`] | JWT authentication (header or cookie) |
12//! | `basic-auth` | [`basic_auth`] | HTTP Basic Authentication |
13//! | `oauth2` | [`oauth2`] | OAuth 2.0 authorization code flow |
14//! | `oidc` | [`oidc`] | OpenID Connect (auto-discovery, ID token verification) |
15//! | `rbac` | [`rbac`] | Role-based access control |
16//! | `pbac` | [`pbac`] | Policy-based access control |
17//! | `headers` | [`headers`] | Security response headers (CSP, HSTS, etc.) |
18//!
19//! Additional features: `macros`, `tracing`.
20//!
21//! # Session types
22//!
23//! The `cookie`, `jwt`, and `basic-auth` features each insert a session type
24//! into request extensions. The [`session::Session`] enum unifies all three,
25//! allowing downstream middleware (RBAC, PBAC, rate limiting) to work with
26//! any authentication method.
27
28#[cfg(any(feature = "oauth2", feature = "oidc"))]
29pub(crate) mod after_login;
30
31#[cfg(any(feature = "oauth2", feature = "oidc"))]
32pub(crate) mod signed_cookie;
33
34#[cfg(feature = "oauth2")]
35pub mod oauth2;
36
37#[cfg(feature = "oidc")]
38pub mod oidc;
39
40#[cfg(feature = "cookie")]
41pub mod cookie;
42
43#[cfg(feature = "jwt")]
44pub mod jwt;
45
46#[cfg(feature = "basic-auth")]
47pub mod basic_auth;
48
49#[cfg(any(feature = "jwt", feature = "cookie", feature = "basic-auth"))]
50pub mod session;
51
52#[cfg(all(
53 feature = "rbac",
54 any(feature = "jwt", feature = "cookie", feature = "basic-auth")
55))]
56pub mod rbac;
57
58#[cfg(all(
59 feature = "pbac",
60 any(feature = "jwt", feature = "cookie", feature = "basic-auth")
61))]
62pub mod pbac;
63
64#[cfg(feature = "cookie")]
65pub(crate) mod cookie_options;
66
67pub(crate) mod utils;
68#[allow(unused)]
69pub(crate) use utils::{debug, error};
70
71#[cfg(feature = "headers")]
72pub mod headers;