Expand description
HTTP Basic authentication extractor and middleware layer for Axum.
Provides two complementary tools for RFC 7617 Basic authentication:
BasicAuth decodes Authorization: Basic credentials from a request and
returns 401 Unauthorized if the header is absent or malformed.
BasicAuthLayer validates those credentials against a configured
username and password using constant-time comparison before the handler runs.
§Features
- RFC 7617
Authorization: Basicheader parsing with base64 decoding. WWW-Authenticate: Basic realm="protected"on every401response.- Constant-time credential comparison via
subtle— prevents timing attacks. - Extractor-only mode: use
BasicAuthin a handler when you need the credentials but want to validate them yourself.
[!WARNING] Basic authentication encodes credentials in base64, which is trivially reversible. Always serve over HTTPS in production.
§Quick Start
§Middleware
use axum::{routing::get, Router};
use rune_axum_basicauth::BasicAuthLayer;
#[tokio::main]
async fn main() {
let app: Router = Router::new()
.route("/admin", get(|| async { "dashboard" }))
.route_layer(BasicAuthLayer::new("admin", "s3cr3t"));
let listener = tokio::net::TcpListener::bind("0.0.0.0:3000").await.unwrap();
axum::serve(listener, app).await.unwrap();
}§Extractor
use axum::{routing::get, Router};
use rune_axum_basicauth::BasicAuth;
async fn handler(auth: BasicAuth) -> String {
format!("Hello, {}!", auth.username)
}
let app: Router = Router::new().route("/", get(handler));Structs§
- Basic
Auth - Decoded HTTP Basic authentication credentials extracted from the request.
- Basic
Auth Future - Future returned by
BasicAuthService. - Basic
Auth Layer - Tower
Layerthat validates HTTP Basic credentials before every request. - Basic
Auth Service - Tower
Serviceproduced byBasicAuthLayer.
Enums§
- Basic
Auth Rejection - Rejection returned when
BasicAuthextraction fails.