r-token 0.1.3

A simple and efficient token generation library for Rust, ideal for API authentication and session management.
Documentation

r-token

r-token is a small, in-memory token authentication helper for Rust + actix-web.

It follows a “parameter-as-authentication” style: add RUser to your handler parameters, and the request is authenticated automatically via Actix extractors.

Features

  • Zero boilerplate: no custom middleware required for basic header auth.
  • Extractor-first: declaring RUser protects the route.
  • Thread-safe, shared state: RTokenManager is Clone and shares an in-memory store.
  • TTL support: tokens expire based on a per-login TTL (seconds).

Installation

Add r-token to your Cargo.toml:

[dependencies]
r-token = "0.1"

Quick Start

1. Add endpoints

No manual header parsing is needed. Inject RUser into protected handlers.

use actix_web::{get, post, web, HttpResponse, Responder};
use r_token::{RTokenManager, RUser, RTokenError};

#[post("/login")]
async fn login(manager: web::Data<RTokenManager>) -> Result<impl Responder, RTokenError> {
    let user_id = "user_123";
    let token = manager.login(user_id, 3600)?;
    Ok(HttpResponse::Ok().body(token))
}

#[get("/profile")]
async fn profile(user: RUser) -> impl Responder {
    format!("Welcome, User ID: {}", user.id)
}

#[post("/logout")]
async fn logout(
    manager: web::Data<RTokenManager>,
    user: RUser,
) -> Result<impl Responder, RTokenError> {
    manager.logout(&user.token)?;
    Ok(HttpResponse::Ok().body("Logged out successfully"))
}

2. Register and Run

Initialize RTokenManager and register it with your Actix application.

use actix_web::{web, App, HttpServer};
use r_token::RTokenManager;

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    let manager = RTokenManager::new();

    HttpServer::new(move || {
        App::new()
            .app_data(web::Data::new(manager.clone()))
            .service(login)
            .service(profile)
            .service(logout)
    })
    .bind(("127.0.0.1", 8080))?
    .run()
    .await
}

Authorization header

The extractor reads the token from Authorization and supports:

Authorization: <token>
Authorization: Bearer <token>

Usage Examples

Login

curl -X POST http://127.0.0.1:8080/login
# Response: 550e8400-e29b-41d4-a716-446655440000

Access Protected Resource

# Without Token -> 401 Unauthorized
curl http://127.0.0.1:8080/profile

# With Token -> 200 OK
curl -H "Authorization: <token>" http://127.0.0.1:8080/profile

Roadmap

  • Basic In-Memory Token Management
  • Authorization Header Support
  • Token Expiration (TTL)
  • Persistent Storage (Redis)
  • Role-Based Access Control (RBAC)
  • Cookie Support

License

MIT