A tiny async authentication library.
A tool for simplifying authentication in the Rust ecosystems. Purposefully built to be agnostic of your specific business/schema logic for managing users. Primarily controls the user credentials and optionally managing sessions. Built asynchronously with the Tokio runtime, and supports MySql.
Brize auth credentials has 3 fields, an id for linking to your specific business/schema logic, the user_identity which should be a unique way to identify a user such as an email, and a hashed_password. This will be stored in a user_credentials table on your database.
The sessions are optional, in case you want to use some other session solution. If you do enable sessions, Brize auth offers classic table sessions, which have an id field as the token, created_at and expired_at for managing the expiration. The sessions will be stored in a user_sessions table on your database. A CSRF token is also available to use as csrf_token for form validation.
First install the crate
cargo add brize_authNext, set up the database tables with this schema, if using a SQL database
-- Credentials table
CREATE TABLE user_credentials (
credentials_id CHAR(36) PRIMARY KEY,
user_name VARCHAR(255) NOT NULL,
hashed_password VARCHAR(255) NOT NULL
);
-- Sessions table
CREATE TABLE user_sessions (
session_id CHAR(36) PRIMARY KEY,
created_at BIGINT UNSIGNED NOT NULL,
expires_at BIGINT UNSIGNED NOT NULL,
user_id VARCHAR(255) NOT NULL,
csrf_token CHAR(44) NOT NULL
);use anyhow::{Context, Result};
use brize_auth::{
config::DatabaseConfig,
mysql::MySqlGateway,
AuthClient,
SessionClient
};
#[tokio::main]
fn main {
// Set your database params
let db_config = DatabaseConfig {
password: env::var("DB_PASSWORD").expect("DB_PASSWORD not found"),
user_name: env::var("DB_USER").expect("DB_USER not found"),
host: env::var("DB_HOST").expect("DB_HOST not found"),
port: env::var("DB_PORT").ok(),
db_name: env::var("DB_NAME").expect("DB_NAME not found"),
namespace: None,
}
// Start auth client
let auth: AuthClient<MySqlGateway> = AuthClient::new_mysql_client(&db_config).await;
// Get user credentials from a request
let user_name = "[email protected]";
let raw_password = "plokij1234!";
// Create a new set of credentials..
// .. returns the id of the credentials row, use this as some kind of reference key on YOUR user table
let credentials_id: String = auth.register(user_identity, raw_password).await.unwrap();
// Verify user credentials
let is_valid_user = auth.verify_credentials(user_name, raw_password).await.unwrap();
// Start session client
let session_client: SessionClient<MySqlGateway> = SessionClient::new_mysql_client(&db_config).await;
// Begin user session and configure expiration
let session: Session = session_client.start_session(user_id, Expiry::Month(1)).await.unwrap();
// Match csrf token
let csrf_from_form = "saslfj00324-2lkjsdf-sdfksfkajlasjfngj"
let is_valid_csrf: bool = session.match_csrf_toke(csrf_from_form);
// End session for user
session_client.destroy_session(&session.session_id).await.unwrap();
}The preferred database and session expirations can be configured
use brize_auth::{DatabaseConfig, Expiry};
pub struct DatabaseConfig {
pub db_name: String, // Name of database
pub password: String, // Password for user
pub user_name: String, // Name of user
pub host: String, // Host IP
pub port: Option<String>, // Port for host
pub namespace: Option<String> // Optional namespace in db
}
enum Expiry {
Second(u64), // Epoch seconds
Day(u64), // Days in EPOCH
Week(u64), // Weeks in EPOCH
Month(u64), // Months in EPOCH
Year(u64), // Years in EPOCH
}