This repo is my implementation of the rust version of Ben Awad's how to roll your own auth.
You can check out Ben Awad's TypeScript verision here.
The project is organized into the following modules:
errors
: Handles error types and error handling for the application.routes
: Contains the route handlers for the API endpoints, including:auth
:logout
: Handles user logout functionality.oauth
: Manages OAuth-related operations with Discord.refresh_token
: Handles token refresh operations.
protected
: Manages protected routes that require authentication.view
: Provides HTML views for the application.
startup
: Manages the application startup and configuration.
- OAuth integration with Discord
- JWT-based authentication with separate access and refresh tokens
- Protected routes requiring authentication
- Token refresh functionality
- Logout mechanism
- PostgreSQL database integration using SQLx
- Secrets management using Shuttle's SecretStore
- HTML views for sign-in and protected content
- Rust toolchain
- Docker (for running PostgreSQL via Shuttle)
- Shuttle CLI
The application requires the following secrets to be set in Secrets.toml
, check example.Secrets.toml
:
ACCESS_TOKEN_SECRET
: Secret for signing JWT access tokensREFRESH_TOKEN_SECRET
: Secret for signing JWT refresh tokensDISCORD_OAUTH_CLIENT_ID
: Discord OAuth client IDDISCORD_OAUTH_CLIENT_SECRET
: Discord OAuth client secretCOOKIE_KEY
: A key that will be used to to sign cookies
COOKIE_KEY
should be a cryptographically random key >= 64 bytes
You can generate one using rust like this and pass it as a string in Secrets.toml e.g
# secrets.toml
COOKIE_KEY="[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63]"
fn main() {
let key: &Vec<u8> = &(0..64).collect();
println!("{:?}", key);
}
Check axum-extra docs for more information about the Key
- Ensure you have the Shuttle CLI installed.
- Set the required secrets in the
Secrets.toml
. - Run the application using the Shuttle CLI:
cargo shuttle run
This command will create a PostgreSQL database for you automatically. Make sure you have docker running before running it.
/api/auth/discord/authorize
: Initiates the Discord OAuth flow/api/auth/discord/callback
: Handles the OAuth callback from Discord/api/auth/logout
: Logs out the user/api/auth/refresh
: Refreshes the access token/protected
: A protected route that requires authentication and returns user information
/
: Landing page with a sign-in link/home
: Protected home page displaying user information