🦅 Aquila
Your personal flying courier
A modular asset server with support for OAuth and multiple file backends, meant for serving game assets but could probably be used for other things too.
[!CAUTION] This package is in early development!
What is this for?
During game development a way to serve assets remotely is often desired. This can be either to fetch at build-time in a build environment or to serve them to your users at runtime, leading to complex setups involving git LFS or Perforce and build servers or worse - manual swapping of files.
This crate aims at simplifying this process by providing a simple server, a client and a cli that can be used to serve versioned assets. At the moment, it supports:
- Serve assets to your game clients (through presigned URLs or a CDN if you want to)
- Publish assets and manifests to a server
- Minting (read-only public) tokens
- Authenticate users (custom or OAuth, see
aquila_auth_mockandaquila_auth_github)
Security Notice
This crate is in early development and should not be used in production yet. You are responsible for making sure your assets are safe and secure. If you ship public read-only tokens to users, make sure you are aware of what that entails, e.g., how to invalidate and ship new ones in the case of abuse.
[!IMPORTANT] Make sure you vet any auth providers and OAuth applications and its permissions that you intend to use thoroughly before using them in production.
Ecosystem
The workspace is composed of modular crates, allowing you to pick and choose the components you need.
Core & Integration
| Crate | Description |
|---|---|
aquila_core |
Shared types (AssetManifest) and traits (StorageBackend, AuthProvider) used across the ecosystem. |
aquila_server |
The Axum-based server implementation. Can be used as a library to build custom servers. |
bevy_aquila |
The Bevy plugin. Registers the aquila:// asset source and handles streaming. |
aquila_client |
Async HTTP client library. Used by the CLI and generic tools to interact with the server. |
aquila_cli |
Command-line interface for uploading assets, publishing versions, and managing tokens. |
Storage Backends
| Crate | Description |
|---|---|
aquila_fs |
Local filesystem storage. Stores assets safely using atomic writes. |
aquila_s3 |
AWS S3 storage backend using the official AWS SDK. |
aquila_opendal |
Backend for Apache OpenDAL, supporting AWS S3, GCS, Azure and more. |
Authentication
| Crate | Description |
|---|---|
aquila_auth_github |
OAuth2 provider for GitHub. Supports organization membership checks. |
aquila_auth_mock |
Dev Only. A mock provider that allows any token to pass with admin privileges. |
Feature Flags
| Feature | Description |
|---|---|
server |
Includes the Axum-based server implementation (aquila_server). |
client |
Includes the HTTP client (aquila_client) for tooling. |
fs |
Storage backend for the local filesystem (aquila_fs). |
s3 |
Storage backend for AWS S3 (aquila_s3). |
opendal |
Storage backend for OpenDAL (aquila_opendal). |
github_auth |
GitHub OAuth2 provider (aquila_auth_github). |
mock_auth |
Development authentication provider (aquila_auth_mock). |
Examples
Simple server
Simple client
Simple client (will publish v1.0 manifest and test.png)
Bevy
Bevy example (uses v1.0 manifest and test.png)
cargo run --example bevy
Custom Server
[]
= { = "0.1", = ["server", "fs", "mock_auth"] }
use *;
async
The rest of the examples use the CLI
[!TIP] While not required, it's recommended to install the CLI to make usage easier.
Install cli
crates.io:
From source:
AWS S3
You need to set the AWS_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars and/or use the AWS cli (aws configure).
Set the bucket name
set S3_BUCKET=...
Run the server
cargo run --example s3_server --features "server s3 mock_auth"
Publish v1.0 manifest and test.png
aquila publish --dir ./assets --version "v1.0"
Bevy example (uses v1.0 manifest and test.png)
cargo run --example bevy
GitHub auth and JWT Minting (for read-only tokens)
Generate & set JWT secret:
You can use the CLI to generate a secret or provide your own:
Create a GitHub OAuth app
The routes are configurable, you're going to have to make sure the callback route matches (in this case /auth/callback).
Set the client id and secret env vars
SET GITHUB_CLIENT_ID=...
SET GITHUB_CLIENT_SECRET=...
Run the server
You should now be able to log in using a second terminal:
aquila login
Now set the token that you get after you've been redirected back to the callback route:
set AQUILA_TOKEN=...
You should have full access now! To mint a read-only public token:
To publish all assets and a manifest:
aquila publish --dir ./assets --version "v1.0"
Bevy example (uses v1.0 manifest and test.png)
cargo run --example bevy
CLI commands
single file test
publish manifest and assets
Bevy
As shown above in the other examples, after publishing a manifest version, you can use the assets in bevy:
Server curl tests
test manually
upload
fetch
Notes
Using generics to be able to use native async traits and avoiding dyn + async_trait or Box etc.
I'd be willing to revisit this though if there's a better alternative.
TODO
- add some tests
- add some convenience features like
latestetc. - docker images, nix flakes (a simple server example should be enough)
- meta file support and other bevy asset reader functionality (folders)
- readmes in crate folders
- multiple scopes, not just read/write/admin
- streaming large files (chunked encoding)
- I experimented with a VCSProvider trait to verify the version of the manifest against the VCS, but decided against it for now, but it definitely could be useful.
License
Dual-licensed:
- MIT License (LICENSE-MIT or http://opensource.org/licenses/MIT)
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
License: MIT OR Apache-2.0