Crate lrau[][src]

Expand description

LrAU

LrAU is an authentication and permission management system for rust. It uses Argon2id to hash passwords to prevent against rainbow table and brute-forcing.

Note for migrators

Since version 3.0, instead of paths being strings they are now slices. This will cause issues with legacy code, preventing it to compile, and preventing serde information from being read.

Example

#[test]
fn generic() {
    // Load from a toml file.
    let permissions: lrau::Permissions =
        toml::from_str(include_str!("./generic.toml")).unwrap();
     
    // Create a password typical of someone who thinks their being clever.
    let mut user = lrau::User::new(
        String::from("john_t"),
        String::from("1234"),
        permissions,
    );
 
         
    // Valid their password
    assert!(user.validate("1234"));
    // Invalid their password
    assert!(!user.validate("12345"));
 
    // Permissions
 
    // See if we have permissions to access contacts without
    // mutable access.  
    assert!(user.get_permission(&["contacts", "name"], false));
 
    // See if we can change users passwords with mut access.
    assert!(user.get_permission(&["admin", "passwords"], true));
 
    // Nonexisting paths inherit from paths further up the tree
    assert!(user.get_permission(&["admin", "passwords", "reset"], true));
     
    // Or are nothing if they are completely irrelevant.
    assert!(!user.get_permission(&["notathing"], false));
 
    // Checks if we have logged in (we haven't)
    assert!(!user.check_login());
    assert!(!user.check_valid_login());
 
    // User Login
    user.log_in("1234", std::time::Duration::from_secs(1));
 
    // Checks for logins
    assert!(user.check_login());
    assert!(user.check_valid_login());
 
    // Timeouts
    std::thread::sleep(std::time::Duration::from_secs(1));
     
    // We are still logged in...
    assert!(user.check_login());
     
    // But not validly.
    assert!(!user.check_valid_login());
     
    // And so getting vaild permissions does not work.
    assert_eq!(
        user.get_valid_permissions(&["admin", "passwords", "reset"], true),
        Err(lrau::user::SessionExpired {}),
    );
}

Serde

Serde is supported through the serde feature. If you configure in toml, you can get something like this:

[[permissions]]
path = ["contacts"]
auth = false
 
[[permissions]]
path = ["contacts", "name"]
auth = true
 
[[permissions]]
path = ["contacts", "name", "middle"]
auth = false
 
[[permissions]]
path = ["contacts", "name", "last"]
auth = true
 
[[permissions]]
path = ["admin"]
auth = false
 
[[permissions]]
path = ["admin", "passwords"]
auth = true
mut = true

mut, be default, is assumed to be false, so you only need to write it if you are enabling it.

Features

  • Serde serde.
  • Diesel diesel-support.
  • Sqlx sqlx-support

Re-exports

pub use permission::Permission;
pub use permission::Permissions;
pub use user::User;

Modules

permission
user

Functions

salt

Generates a random salt, this is automatically done when creating a user.