mildly-basic-auth 0.2.0

Basic auth with nicer UX.
Documentation
[package]
name = "mildly-basic-auth"
version = "0.2.0"
edition = "2024"
authors = ["Quentin Richert <noreply@richert.co>"]
description = "Basic auth with nicer UX."
license = "MIT OR Apache-2.0"
repository = "https://github.com/qrichert/mildly-basic-auth.git"
readme = "README.md"
keywords = ["authentication", "password", "basic-auth", "password-wall", "reverse-proxy"]
categories = ["authentication", "web-programming"]

[profile.release]
codegen-units = 1
lto = "fat"
panic = "abort"
strip = true

[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tarpaulin_include)'] }

[dependencies]
# Web framework: routing, middleware, request/response types.
axum = "0.8.9"
# The reverse proxy itself (WebSocket-aware, streaming); `Rfc9110Layer`
# strips hop-by-hop headers.
axum-reverse-proxy = "1.3.0"
# Session-token digest with built-in constant-time equality.
blake3 = "1.8.5"
# Encoding-aware `Cookie` header parsing (`percent-encode` decodes names
# too, so `mba` can't be smuggled past stripping as `m%62a`).
cookie = { version = "0.18.1", features = ["percent-encode"] }
# Parse the `application/x-www-form-urlencoded` login body (no serde).
form_urlencoded = "1.2.2"
# Async runtime.
tokio = { version = "1.52.3", features = ["rt-multi-thread", "macros", "net"] }

[dev-dependencies]
# HTTP client for the integration tests; no TLS (loopback HTTP only).
reqwest = { version = "0.13.4", default-features = false }