snowfinch
Authentication and sessions for Rust tower/axum servers.
about
snowfinch provides the building blocks for session-based authentication in
Tower-compatible HTTP stacks. It is designed to work naturally with Axum, but
the core middleware is implemented in terms of tower::Layer and
tower::Service so it can be used with other Tower HTTP frameworks too.
The crate centres around three traits:
User, implemented by your application user type.Backend, implemented by the component that loads and authenticates users.Store, implemented by the component that persists sessions.
Add ProvideAuthenticationLayer to your service stack to make an
Authentication handle and, when a valid session cookie is present, the
current Session available through request extensions. The authorization
helpers in authorization can then reject unauthenticated users or require
custom permission checks.
The scope! macro defines compact bitmap-backed permission types. Generated
scopes support bitwise operations, lookup by name, iteration over active
flags, and optional serde/sqlx integration when those feature flags are
enabled.
example
use ;
scope!
let layer = new
.with_backend
.with_memory_store;
feature flags
axum: enables Axum extractors and response integration.session-local: keeps the current session intokiotask-local storage.memory-store: enables the moka-backed in-memorystore::MemoryStore.password: enables thePasswordhelper type.serde: enables serialization support forPasswordand generated scopes.sqlx: enables database encoding/decoding support forPasswordand generated scopes.
license
snowfinch is licensed under the MIT License. See LICENSE for details.
contributing
Contributions are welcome.
Please follow the existing code style and conventions used throughout the project. If you're proposing a new feature or API, opening an issue first is often the easiest way to discuss the design.