Skip to main content

Crate snowfinch

Crate snowfinch 

Source
Expand description

Authentication and sessions for Rust tower/axum servers.

snowfinch provides the building blocks for session-based authentication in Tower-compatible HTTP stacks. It is designed to work naturally with Axum, but the core middleware is implemented in terms of tower::Layer and tower::Service so it can be used with other Tower HTTP frameworks too.

The crate centres around three traits:

  • User, implemented by your application user type.
  • Backend, implemented by the component that loads and authenticates users.
  • Store, implemented by the component that persists sessions.

Add ProvideAuthenticationLayer to your service stack to make an Authentication handle and, when a valid session cookie is present, the current Session available through request extensions. The authorization helpers in authorization can then reject unauthenticated users or require custom permission checks.

The scope! macro defines compact bitmap-backed permission types. Generated scopes support bitwise operations, lookup by name, iteration over active flags, and optional serde/sqlx integration when those feature flags are enabled.

§example

use snowfinch::{Backend, ProvideAuthenticationLayer, Session, User, scope};

scope! {
    // Permissions granted to an application user.
    pub enum Permissions {
        Read = 0,
        Write = 1,
        Admin = Read && Write,
    }
}

#[derive(Clone)]
struct AppUser {
    id: i64,
    scope: Permissions,
}

impl User for AppUser {
    type Scope = Permissions;
    type Id = i64;
    type Credentials = (String, String);

    fn id(&self) -> Self::Id { self.id }
    fn scope(&self) -> Self::Scope { self.scope }
}

let layer = ProvideAuthenticationLayer::<AppUser>::new()
    .with_backend(MyBackend)
    .with_memory_store();

§feature flags

  • axum: enables Axum extractors and response integration.
  • session-local: keeps the current session in tokio task-local storage.
  • memory-store: enables the moka-backed in-memory store::MemoryStore.
  • password: enables the Password helper type.
  • serde: enables serialization support for Password and generated scopes.
  • sqlx: enables database encoding/decoding support for Password and generated scopes.

Re-exports§

pub use crate::authentication::Authentication;
pub use crate::authentication::ProvideAuthenticationLayer;
pub use crate::backend::Backend;
pub use crate::backend::User;
pub use crate::error::Error;
pub use crate::scope::Scope;
pub use crate::session::Session;
pub use crate::store::Store;
pub use password::Password;password

Modules§

authentication
Authentication middleware and login/logout helpers. Authentication state and Tower middleware.
authorization
Authorization middleware and Tower/Axum extension traits. Authorization middleware and extension traits.
backend
User and backend traits used to load and authenticate application users. Traits for application users and authentication backends.
error
Error types returned by snowfinch helpers.
passwordpassword
Password hashing and constant-time comparison utilities. Password hashing and verification helpers.
scope
Bitmap-backed permission scopes and the scope! macro. Bitmap-backed permission scopes.
session
Authenticated session values and Axum session extraction. Authenticated session values.
store
Session store traits and built-in store implementations. Session store traits and implementations.

Macros§

scope
Defines one or more bitmap-backed permission scope types.

Type Aliases§

Result
A crate-wide result type using Error as the error variant.