Expand description
Authentication and sessions for Rust tower/axum servers.
snowfinch provides the building blocks for session-based authentication in
Tower-compatible HTTP stacks. It is designed to work naturally with Axum, but
the core middleware is implemented in terms of tower::Layer and
tower::Service so it can be used with other Tower HTTP frameworks too.
The crate centres around three traits:
User, implemented by your application user type.Backend, implemented by the component that loads and authenticates users.Store, implemented by the component that persists sessions.
Add ProvideAuthenticationLayer to your service stack to make an
Authentication handle and, when a valid session cookie is present, the
current Session available through request extensions. The authorization
helpers in authorization can then reject unauthenticated users or require
custom permission checks.
The scope! macro defines compact bitmap-backed permission types. Generated
scopes support bitwise operations, lookup by name, iteration over active
flags, and optional serde/sqlx integration when those feature flags are
enabled.
§example
use snowfinch::{Backend, ProvideAuthenticationLayer, Session, User, scope};
scope! {
// Permissions granted to an application user.
pub enum Permissions {
Read = 0,
Write = 1,
Admin = Read && Write,
}
}
#[derive(Clone)]
struct AppUser {
id: i64,
scope: Permissions,
}
impl User for AppUser {
type Scope = Permissions;
type Id = i64;
type Credentials = (String, String);
fn id(&self) -> Self::Id { self.id }
fn scope(&self) -> Self::Scope { self.scope }
}
let layer = ProvideAuthenticationLayer::<AppUser>::new()
.with_backend(MyBackend)
.with_memory_store();§feature flags
axum: enables Axum extractors and response integration.session-local: keeps the current session intokiotask-local storage.memory-store: enables the moka-backed in-memorystore::MemoryStore.password: enables thePasswordhelper type.serde: enables serialization support forPasswordand generated scopes.sqlx: enables database encoding/decoding support forPasswordand generated scopes.
Re-exports§
pub use crate::authentication::Authentication;pub use crate::authentication::ProvideAuthenticationLayer;pub use crate::backend::Backend;pub use crate::backend::User;pub use crate::error::Error;pub use crate::scope::Scope;pub use crate::session::Session;pub use crate::store::Store;pub use password::Password;password
Modules§
- authentication
- Authentication middleware and login/logout helpers. Authentication state and Tower middleware.
- authorization
- Authorization middleware and Tower/Axum extension traits. Authorization middleware and extension traits.
- backend
- User and backend traits used to load and authenticate application users. Traits for application users and authentication backends.
- error
- Error types returned by snowfinch helpers.
- password
password - Password hashing and constant-time comparison utilities. Password hashing and verification helpers.
- scope
- Bitmap-backed permission scopes and the
scope!macro. Bitmap-backed permission scopes. - session
- Authenticated session values and Axum session extraction. Authenticated session values.
- store
- Session store traits and built-in store implementations. Session store traits and implementations.
Macros§
- scope
- Defines one or more bitmap-backed permission scope types.