owez / rocket-basicauth Goto Github PK

View Code? Open in Web Editor NEW

4.0 2.0 6.0 16 KB

A high-level basic access authentication request guard for Rocket.rs

Home Page: https://crates.io/crates/rocket-basicauth

License: MIT License

Rust 100.00%

web rocket auth basic-auth authentication

rocket-basicauth's Introduction

rocket-basicauth

A high-level basic access authentication request guard for Rocket.rs

Example

#[macro_use] extern crate rocket;

use rocket_basicauth::BasicAuth;

/// Hello route with `auth` request guard, containing a `name` and `password`
#[get("/hello/<age>")]
fn hello(auth: BasicAuth, age: u8) -> String {
    format!("Hello, {} year old named {}!", age, auth.username)
}

#[launch]
fn rocket() -> _ {
    rocket::build().mount("/", routes![hello])
}

Installation

Simply add the following to your Cargo.toml file:

[dependencies]
rocket-basicauth = "3"

Disabling logging

By default, this crate uses the log library to automatically add minimal trace-level logging, to disable this, instead write:

[dependencies]
rocket-basicauth = { version = "2", default-features = false }

Rocket 0.5-rc1 to 0.5-rc3

Version 2.0 supports the pre-release versions of Rocket 0.5 RC1 to RC3

[dependencies]
rocket-basicauth = "2"

Rocket 0.4

Support for Rocket 0.4 is decrepit in the eyes of this crate but may still be used by changing the version, to do this, instead write:

[dependencies]
rocket-basicauth = "1"

Security

Some essential security considerations to take into account are the following:

This crate has not been audited by any security professionals. If you are willing to do or have already done an audit on this crate, please create an issue as it would help out enormously! 😊
This crate purposefully does not limit the maximum length of http basic auth headers arriving so please ensure your webserver configurations are set properly.

rocket-basicauth's People

Contributors

Stargazers

Watchers

Forkers

timothynewton schnippl0r gw2scratch akovacs fenhl markeel

rocket-basicauth's Issues

Make it easy to test basic-auth protected routes

This crate works great to build basic-auth protected routes!

It would be nice if we could also expose a utility function to make it easy to create a basic auth header that can be used with rocket's local client!

See https://rocket.rs/v0.5-rc/guide/testing/.

Incompatible with rocket-0.5.0-rc.4

Full changelog

I guess these is the relevant changes:

Route Forward outcomes are now associated with a Status.
Outcome::Failure was renamed to Outcome::Error.

error[E0308]: mismatched types
Error:    --> /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-basicauth-2.1.1/src/lib.rs:166:35
    |
166 |             0 => Outcome::Forward(()),
    |                  ---------------- ^^ expected `Status`, found `()`
    |                  |
    |                  arguments to this enum variant are incorrect
    |
help: the type constructed contains `()` due to the type of the argument passed
   --> /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-basicauth-2.1.1/src/lib.rs:166:18
    |
166 |             0 => Outcome::Forward(()),
    |                  ^^^^^^^^^^^^^^^^^--^
    |                                   |
    |                                   this argument influences the type of `Outcome`
note: tuple variant defined here
   --> /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-0.5.0-rc.4/src/outcome.rs:111:5
    |
111 |     Forward(F),
    |     ^^^^^^^

error[E0599]: no variant or associated item named `Failure` found for enum `Outcome` in the current scope
Error:    --> /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-basicauth-2.1.1/src/lib.rs:169:34
    |
169 |                 None => Outcome::Failure((Status::BadRequest, BasicAuthError::Invalid)),
    |                                  ^^^^^^^ variant or associated item not found in `Outcome<_, _, _>`

error[E0599]: no variant or associated item named `Failure` found for enum `Outcome` in the current scope
Error:    --> /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-basicauth-2.1.1/src/lib.rs:171:27
    |
171 |             _ => Outcome::Failure((Status::BadRequest, BasicAuthError::BadCount)),
    |                           ^^^^^^^ variant or associated item not found in `Outcome<_, _, _>`

Some errors have detailed explanations: E0308, E0599.
For more information about an error, try `rustc --explain E0308`.
error: could not compile `rocket-basicauth` (lib) due to 3 previous errors
Error: warning: build failed, waiting for other jobs to finish...
Error: The process '/home/runner/.cargo/bin/cargo' failed with exit code 101

Remove fmt_id

Useless bit that wasn't picked up because of the logging cfg guard

Publish version 2.0.0 to crates.io

Please publish version 2.0.0 to crates.io, because for the time being, only version 1.0.0 is available.

how is this intended to be used?

I just want to add basic auth with a fixed password to a simple rocket app for demo purposes.

The example doesn't include a route to prompt for a basic auth username/password, and I'm actually unable to get that working seemingly because working with forward catchers in rocket 0.5 seems to be completely undocumented. Should this not be part of the crate?

was expecting it to automatically respond with the proper WWW-Authenticate header when unauthenticated and have an easy way of doing this when password/username is incorrect. I am perplexed how people are using this without that