rapina 0.8.0

A fast, type-safe web framework for Rust inspired by FastAPI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

//! Example demonstrating JWT authentication in Rapina.
//!
//! Run with: `JWT_SECRET=your-secret-key cargo run --example auth`
//!
//! Test endpoints:
//! - GET /health (public) - Health check, no auth required
//! - POST /login (public) - Get a JWT token
//! - GET /me (protected) - Requires valid JWT token

use rapina::prelude::*;

#[derive(Clone, Config)]
struct AppConfig {
    #[env = "HOST"]
    #[default = "127.0.0.1"]
    host: String,

    #[env = "PORT"]
    #[default = "3000"]
    port: u16,
}

#[derive(Deserialize)]
struct LoginRequest {
    username: String,
    password: String,
}

#[derive(Serialize, JsonSchema)]
struct UserResponse {
    id: String,
    username: String,
}

// Public route - no authentication required
#[public]
#[get("/health")]
async fn health() -> &'static str {
    "ok"
}

// Public route - login to get a token
#[public]
#[post("/login")]
async fn login(body: Json<LoginRequest>, auth: State<AuthConfig>) -> Result<Json<TokenResponse>> {
    // In a real app, validate credentials against a database
    if body.username == "admin" && body.password == "password" {
        let token = auth.create_token(&body.username)?;
        Ok(Json(TokenResponse::new(token, auth.expiration())))
    } else {
        Err(Error::unauthorized("invalid credentials"))
    }
}

// Protected route - requires valid JWT
#[get("/me")]
async fn me(user: CurrentUser) -> Json<UserResponse> {
    Json(UserResponse {
        id: user.id.clone(),
        username: user.id,
    })
}

// Protected route - get user by ID
#[get("/users/:id")]
async fn get_user(id: Path<String>, user: CurrentUser) -> Result<Json<UserResponse>> {
    // Only allow users to fetch their own data
    if user.id != id.to_string() {
        return Err(Error::forbidden("you can only access your own data"));
    }

    Ok(Json(UserResponse {
        id: id.to_string(),
        username: user.id,
    }))
}

#[tokio::main]
async fn main() -> std::io::Result<()> {
    load_dotenv();

    let config = AppConfig::from_env().expect("Failed to load config");
    let auth_config = AuthConfig::from_env().expect("JWT_SECRET is required");

    let addr = format!("{}:{}", config.host, config.port);

    println!();
    println!("  Rapina Auth Example");
    println!("  -------------------");
    println!();
    println!("  Server running at http://{}", addr);
    println!();
    println!("  Public endpoints:");
    println!("    GET  /health  - Health check");
    println!("    POST /login   - Get JWT token");
    println!();
    println!("  Protected endpoints (require Authorization: Bearer <token>):");
    println!("    GET  /me         - Current user info");
    println!("    GET  /users/:id  - Get user by ID");
    println!();

    Rapina::new()
        .with_auth(auth_config.clone())
        .state(auth_config)
        .discover()
        .listen(&addr)
        .await
}