Skip to content

An authentication and permissions management service written in Rust

License

Notifications You must be signed in to change notification settings

asonix/authentication-rs

Repository files navigation

Authentication

Authentication is a user-management web service created in Rust using Rocket and Diesel. Please tell me how to make it more idiomatic; I'm new to this.

Current abilities

Server binary

Usage

$ cargo run --bin server

Information

This application accepts data as JSON. It can create, verify, authenticate, and delete users.

  • POST /sign-up
    • INPUT: username and password
    • Creates a User entry and a VerificationCode entry in the database.
    • OUTPUT: user_id and username
  • POST /log-in
    • INPUT: username and password
    • OUTPUT: user_token and renewal_token
  • POST /is-authenticated
    • INPUT: auth
    • OUTPUT: Whether or not auth is valid
  • POST /users/<target_user>/delete
    • INPUT: auth
    • Deletes target_user if user_token represents target_user or if user_token represents and admin.
  • POST /users/<target_user>/grant/<permission>
    • INPUT: auth, target_user, and permission
    • If auth represents an admin, gives target_user the permission.
  • POST /users/<target_user>/revoke/<permission>
    • INPUT: auth, target_user, and permission
    • If auth represents an admin, revokes the permission from target_user.
  • POST /renew-token
    • INPUT: renewal_token
    • OUTPUT: user_token and renewal_token
  • GET /verify/<verification_code>
    • INPUT: verification_code
    • Marks User as verified and deletes associated VerificationCode.
  • POST /permissions
    • INPUT: auth and permission_name
    • If auth represents and admin, creates a new Permission with permission_name
  • POST /permissions/<permission>/delete
    • INPUT: auth and permission
    • If auth represents and admin, deletes the permission

MakeAdmin binary

Usage

$ cargo run --bin make_admin <username>

Information

This binary accepts a username as a commandline argument and makes that user an admin.

VerifyUser binary

Usage

$ cargo run --bin verify_user <username>

Information

This binary accepts a username as a commandline argument and verifies that user.

CreateUser binary

Usage

$ cargo run --bin create_user <username> <password>

Information

This binary accepts a username and password as commandline arguments and creates a user with that information.

Information

This binary accepts a username as a commandline argument and verifies that user.

Contributing

Setup

Acquire rustup and use the latest nightly:

$ rustup default nightly

If you already have rustup, update to the latest nightly:

$ rustup update nightly

This project depends on PostgreSQL, so make sure that is installed and running. Create a postgres user and a database for the application.

$ sudo -u postgres psql -c "CREATE USER your_user WITH PASSWORD 'your_users_password';"
$ sudo -u postgres psql -c "CREATE DATABASE your_database WITH OWNER your_user;"

Generate RSA Keys for the JSON Web Token library. The library can only understand keys in the DER format currently, so we'll create keys in that format.

$ mkdir -p authentication_backend/keys && cd authentication_backend/keys
$ openssl genrsa -des3 -out private.pem 2048
$ openssl rsa -in private.pem -outform DER -out private.der
$ openssl rsa -in private.der -inform DER -RSAPublicKey_out -outform DER -out public.der

Don't commit your keys. authentication_backend/keys is currently in the gitignore so you don't do this.

Copy .env.example to .env and set the required variables.

# .env
DATABASE_URL=postgres://your_user:your_users_password@localhost/your_database
JWT_PRIVATE_KEY=/path/to/authentication/authentication_backend/keys/private.der
JWT_PUBLIC_KEY=/path/to/authentication/authentication_backend/keys/public.der
BCRYPT_COST=4

The BCRYPT_COST in the environment is optional. If unspecified, BCrypt will use the DEFAULT_COST which is 12 at the time of writing. This value exists on a scale of 4 to 31. To make testing quicker, smaller values can be used. For production systems, larger values should be used.

Install diesel_cli and make sure your global rust binaries are in your path.

Installing:

$ cargo install diesel_cli

Setting path in ~/.bashrc for bash:

# ~/.bashrc
export PATH="$HOME/.cargo/bin:$PATH"

Setting path in ~/.zshenv for zsh:

# ~/.zshenv
path=(~/.cargo/bin $path[@])

You may need to restart your shell for changes to take effect.

$ exec $SHELL

Run the existing migrations to bring your database up to speed.

$ cd authentication_backend
$ diesel migration run

Running

Compile the application with:

$ cargo build

Run the application with

$ cargo run --bin server

Testing

Test the application with. Currently there are tests for the authentication_backend and authentication_rocket packages. More tests will come.

$ cargo test

License

Copyright © 2017 Riley Trautman

Authentication is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Authentication is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This file is part of Authentication.

You should have received a copy of the GNU General Public License along with Authentication. If not, see http://www.gnu.org/licenses/.

About

An authentication and permissions management service written in Rust

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published