A REST API written in Rust with JWT.
The goal is to perform CRUD operations on succinct data provided by the user: names and birthdates of family members. The API is intended to serve a front-end that will aggregate the ages to find out how old the crowd is, cumulated.
- Rust because its low level and strong typing offer valuable insights into the working of a web app.
- Actix as the asynchronous web framework.
- Diesel as the easy-to use ORM and query builder.
- Json Web Token for a stateless session management.
- PostgresQL, for SQL learning purposes mainly.
- OpenAPI to document the API's behaviour.
This work was made possible by:
- This basic Actix+Diesel tutorial by Olasunkanmi John Ajiboye
- This more in-depth example with JWT by Ba Hai Phan
- The excellent documentation of Actix and all rust dependencies
It looks like so:
- user
- id
- username
- password (hashed)
- person
- id
- name
- birthdate in posix seconds
- id of the user who registered the person (foreign key)
The nice thing with Diesel is that we write SQL that is then translated into Rust, not the other way around.
On users :
- create a user (signup)
- update a user (ex: change the password)
- delete a user (and all the related data)
And for persons:
- create one
- retrieve one or all
- update one
- delete one
A user has access only to the data she created.
The json web token standard allows for stateless user session management thanks to its clever one-sided encryption scheme. The downside is: one does not simply logout with JWT. The client will have to make sure the JWT is deleted. In case of emergency, the nuclear otpion will be to request the deletion of the user and all the associated data. The authentication middleware checks for the user's existence before verifying the token.
It is a good thing apparently, so documenting the API's behaviour with it won't hurt.
Accessible on the /documentation
endpoint:
curl $URL:$PORT/documentation
- Clone the repo
- configure the
.env
file - have rust installed and PostgresQL enabled
- do
cargo run
. - Import
apicontract.json
in postman and you're good to play around.
Better instructions will follow in further commits.