rustauth-redis 0.2.0

Redis integrations for RustAuth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

# rustauth-redis

Redis and Valkey integrations for RustAuth using `redis-rs`.

## What It Is

`rustauth-redis` provides Redis-compatible backing stores for RustAuth rate
limiting and secondary key-value storage. Use it when your application already
uses `redis-rs` or wants a small Redis integration.

Use `rustauth-fred` instead when your application standardizes on the `fred`
client.

## Naming

RustAuth storage backends share one vocabulary:

| Type | Role |
|------|------|
| `RedisStores` | Rate limit + secondary storage sharing one `ConnectionManager` |
| `RedisOptions` | Connection options for both stores |
| `apply_to_options` | Wire both stores into [`RustAuthOptions`] |

`RedisRustAuthStores` and `RedisRustAuthOptions` are type aliases kept for
migration.

## What It Provides

- `RedisStores`: one shared `ConnectionManager` for rate limiting and secondary
  storage (recommended entry point).
- `RedisRateLimitStore`: distributed atomic rate limiting through Lua.
- `RedisSecondaryStorage`: secondary storage for sessions, verification state,
  SSO state, and plugin data that opt into secondary storage.
- `list_keys()` / `clear()` on secondary storage (`SCAN`, matching `rustauth-fred`).
- `redis://`, `rediss://`, `valkey://`, and `valkeys://` URL support. Valkey
  schemes are normalized internally. TLS schemes (`rediss://`, `valkeys://`)
  require enabling a TLS feature; see [TLS](#tls).

## Quick Start

```rust
use rustauth::{RustAuth, RustAuthOptions};
use rustauth_redis::RedisStores;

let stores = RedisStores::connect("redis://127.0.0.1:6379").await?;

let auth = RustAuth::builder()
    .options(stores.apply_to_options(
        RustAuthOptions::new().secret("secret-a-at-least-32-chars-long!!"),
    ))
    .build()?;
# let _ = auth;
# Ok::<(), Box<dyn std::error::Error>>(())
```

`apply_to_options` wires both `secondary_storage` and distributed rate limiting
in one call.

### Individual stores

```rust
use rustauth::{RustAuth, RustAuthOptions, RateLimitOptions};
use rustauth_redis::RedisRateLimitStore;
use std::sync::Arc;
use rustauth_redis::RedisSecondaryStorage;

let store = RedisRateLimitStore::connect("redis://127.0.0.1:6379").await?;
let storage = RedisSecondaryStorage::connect("redis://127.0.0.1:6379").await?;

let auth = RustAuth::builder()
    .options(
        RustAuthOptions::new()
            .secret("secret-a-at-least-32-chars-long!!")
            .secondary_storage(Arc::new(storage))
            .rate_limit(RateLimitOptions::secondary_storage(store).enabled(true)),
    )
    .build()?;
# let _ = auth;
# Ok::<(), Box<dyn std::error::Error>>(())
```

## TLS

TLS connections are opt-in. `rediss://` and `valkeys://` URLs only work when a
redis-rs TLS backend is compiled in through one of these crate features:

```toml
# rustls backend (pure Rust)
rustauth-redis = { version = "0.2.0", features = ["rustls"] }

# or native-tls backend (system TLS)
rustauth-redis = { version = "0.2.0", features = ["native-tls"] }
```

Without a TLS feature, opening a `rediss://` or `valkeys://` URL fails with an
`InvalidClientConfig` error because the TLS backend is not enabled.

## Status

Experimental beta. URL handling, key layout, Lua script behavior, and storage
contracts may change before stable release.

## Better Auth compatibility

Server-side Redis/Valkey secondary storage and rate limiting via `redis-rs`.
Aligned with Better Auth **1.6.9** where it matters for this crate; RustAuth is
not a line-by-line port.

For route-level parity, test counts, intentional differences, and known gaps, see
[UPSTREAM.md](./UPSTREAM.md).

## Links

- [Root README](../../README.md)
- [Repository](https://github.com/salasebas/rustauth)