nonce-auth 0.5.0

A secure nonce-based authentication library with pluggable storage backends
Documentation

Nonce Auth

Nonce Auth Banner

CI Crates.io Documentation License

A lightweight, secure nonce-based authentication library for Rust, designed to prevent replay attacks in APIs and other services.

Core Features

  • Replay Protection: Employs nonces, timestamps, and HMAC-SHA256 signatures to ensure each request is unique and authentic.
  • Safe & Ergonomic API: Uses a builder pattern (credential_builder) to guide developers towards safe usage, preventing common security pitfalls.
  • Async & Pluggable Storage: Fully asynchronous design with a trait-based storage system, allowing for easy integration with backends like in-memory, SQLite, or Redis.

Quick Start

use nonce_auth::{NonceClient, NonceServer};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Shared secret between client and server
    let secret = b"my-super-secret-key";
    let payload = b"important_api_request_data";

    // Create server (defaults to in-memory storage)
    let server = NonceServer::builder()
        .build_and_init()
        .await?;

    // Create client and generate a credential
    let client = NonceClient::new(secret);
    let credential = client.credential_builder().sign(payload)?;

    // Server verifies the credential with the secret
    let result = server
        .credential_verifier(&credential)
        .with_secret(secret)
        .verify(payload)
        .await;
    
    assert!(result.is_ok());
    println!("✅ First verification successful!");

    // Replay attack is automatically rejected
    let replay_result = server
        .credential_verifier(&credential)
        .with_secret(secret)
        .verify(payload)
        .await;
    
    assert!(replay_result.is_err());
    println!("✅ Replay attack correctly rejected!");

    Ok(())
}

Configuration & Examples

  • For detailed configuration of TTL, time windows, storage backends, and client customization, see CONFIGURATION.md.
  • For more advanced usage, including a full web server implementation, see the examples directory.

License

Licensed under either of

at your option.