Skip to content

batleforc/rust-template

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

197 Commits
deploy
deploy
 
 
docker
docker
 
 
src
src
 
 
terraform
terraform
 
 
.dockerignore
.dockerignore
 
 
.env
.env
 
 
.env.template
.env.template
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
Readme.md
Readme.md
 
 
Rust_Template.postman_collection.json
Rust_Template.postman_collection.json
 
 
audit-report.json
audit-report.json
 
 
docker-compose.yaml
docker-compose.yaml
 
 
sonar-project.properties
sonar-project.properties
 
 
swagger.json
swagger.json
 
 

Repository files navigation

Api

Description

This is a template of an api to have a quick start.

This api is linked to a vue3 template.

This api also help me learn how to use:

  • tracing/metrics/open telemetry
  • Prometheus
  • swagger
  • Otp (with rust, already done in golang)
  • actix-web deeper (middleware, guards, wrap, etc)

What this api does:

  • Auth module (Login,Logout,Register,Refresh(token), Otp)
  • User module (Read,Update,Delete) the create is done by the auth module
  • Expose a swagger doc
  • Expose Metrics and Tracing
  • Handle Postgres
  • And some more handsome stuff

Auth Endpoint

Secu : https://github.com/juhaku/utoipa/blob/master/examples/todo-actix/src/todo.rs#L135

GET /api/auth => Return the auth model : DONE

POST /api/auth/login => Include the otp code if the user has activated it : DONE

GET /api/auth/logout : DONE

POST /api/auth/register : DONE

GET /api/auth/refresh : DONE

GET /api/auth/logout-all

GET /api/auth/otp/activate => Gen QRCODE string : DONE

POST /api/auth/otp/activate => Activate the otp : Done

POST /api/auth/otp/validate => Validate the otp (2FA login) : DONE

https://crates.io/crates/totp-rs

https://qoomon.github.io/otp-authenticator-webapp/

User Endpoint

GET /api/user : DONE

GET /api/user/{id} : DONE

PUT /api/user : DONE

DELETE /api/user : DONE

Asset Endpoint

GET /api/asset/{id}/download

GET /api/asset/{id}

POST /api/asset

PUT /api/asset

DELETE /api/asset

TODO

  • Create a container for the api
  • Create a helm chart
  • Integrate the CI/CD pipeline (Working on it)
  • Add support for OIDC
  • Create a vue3 template with model auto generation
  • Integrate the api with S3 (asset endpoint)
  • Make the code more KISS (Keep it simple stupid)
  • WRITE SOME TESTS

TODO : Kiss

  • Factorize the login and validate_otp (refresh token handling)

TODO : Ci/Cd

  • Sonarqube
  • Dependency check
  • Build the docker image and push it to the registry (handle the multi env)
  • Deploy the helm chart (handle the multi env)

TODO : OIDC

  • Enable/Disable OIDC
  • Add the OIDC config in the helm chart
  • Add endpoint to authenticate user with OIDC
  • Handle case where the user log for the first time
  • Handle case where the email is already used
  • Handle the role workflow

TODO : True backoffice

  • Add a backoffice to manage the user
  • Add a backoffice to enable/disable the OIDC
  • Add a backoffice to enable/disable the register
  • Add a backoffice to handle the user role (can build a role system and add if needed mapping to the oidc provider)
  • Add a backoffice to reset the user password or trigger the reset password email
  • Add a backoffice to turn on/off the maintenance mode
  • Add a backoffice to manage the maintenance mode message
  • Make the backoffice enough generic to be able to use and expand it in other project
  • Make the backoffice hable to connect to grafana and prometheus

Pre-requisites

  • Rust
  • OpenSSL
  • Make
  • Docker (for the database and the tracing/metrics)

Test de charge

https://github.com/fcsonline/drill

Configuring Jaeger collector

Generate swagger.json

cargo run --bin generate

Oidc Support "Zitadel"

In order to handle the OIDC workflow there is a need to make a choice:

  • The full workflow is handled by the api
  • The FRONT auth the user and handle the token and the backend only validate the token (chosen one)

If possible it would be best to be able to have both build in auth and oidc auth.

The FRONT auth the user and handle the token and the backend only validate the token

If we chose this way, there is some need to be aware of:

  • The back need to be aware of the FRONT token (the FRONT need to send the token in the header)
  • The back need to be able to validate the token (the back need to have a way to validate the token with the OIDC provider)

If possible it would be better to have the backend provide the frontend oidc configuration (client id, auth url, etc) it would allow to have better security and why not have an apikey for the front to call this kind of backend endpoint.

The full workflow is handled by the api

If we chose this way, there is some need to be aware of:

  • The front is aware of the token but have no directe access to the OIDC provider (the token is either put in cookie or handed to the front who put it in the header each time it call the back)
  • The back need to handle manualy the full auth process

About

Rust api template with lot's of feature (linked to https://github.com/batleforc/vue-template)

Topics

rust swagger tracing otpauth prometheus-metrics jaeger actix-web opentelemetry

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages