Skip to main content

Crate rustack_auth

Crate rustack_auth 

Source
Expand description

AWS Signature Version 2 and 4 request authentication for Rustack.

This crate provides SigV4 and SigV2 signature verification for incoming HTTP requests to AWS-compatible services. It supports header-based authentication (via the Authorization header), presigned URL authentication (via query parameters), and legacy SigV2 authentication (HMAC-SHA1).

§Overview

AWS Signature Version 4 is the standard authentication mechanism for AWS API requests. This crate implements the verification side: given an incoming HTTP request and a credential store, it verifies that the request was signed by a known access key with the correct secret key.

§Usage

use rustack_auth::credentials::{CredentialProvider, StaticCredentialProvider};
use rustack_auth::sigv4::{hash_payload, verify_sigv4};

// Set up credentials
let provider = StaticCredentialProvider::new(vec![
    ("AKIAIOSFODNN7EXAMPLE".to_owned(), "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".to_owned()),
]);

// For header-based auth, call verify_sigv4 with the request parts and body hash.
// For presigned URLs, call verify_presigned with the request parts.

§Modules

  • canonical - Canonical request construction per the SigV4 specification
  • credentials - Credential provider trait and in-memory implementation
  • error - Authentication error types
  • presigned - Presigned URL verification
  • sigv2 - Legacy SigV2 signature verification (HMAC-SHA1)
  • sigv4 - Main SigV4 signature verification logic

Re-exports§

pub use credentials::CredentialProvider;
pub use credentials::StaticCredentialProvider;
pub use error::AuthError;
pub use presigned::verify_presigned;
pub use sigv2::is_sigv2;
pub use sigv2::verify_sigv2;
pub use sigv4::AuthResult;
pub use sigv4::hash_payload;
pub use sigv4::verify_sigv4;

Modules§

canonical
Canonical request construction for AWS Signature Version 4.
credentials
Credential provider trait and implementations.
error
Error types for SigV4 authentication.
presigned
Presigned URL verification for AWS Signature Version 4.
sigv2
AWS Signature Version 2 verification.
sigv4
AWS Signature Version 4 verification.