Update README.md

Fixed some grammatical errors, made it look better.
2025-10-21 16:00:34 +00:00 · 2025-01-30 23:03:02 +01:00 · 2025-01-30 23:03:02 +01:00 · 3c92ad7f13
commit 3c92ad7f13
parent e20f21bc8b
1 changed files with 75 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -1,12 +1,15 @@
-```markdown
 # 🦀 RustAPI
 **An example API built with Rust, Axum, SQLx, and PostgreSQL**  
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

 ## 🚀 Core Features
- **Rust API Template** - Production-ready starter template with modern practices
- **PostgreSQL Integration** - Full database support with SQLx migrations
- **Comprehensive Health Monitoring**  
+- **Rust API template** - Production-ready starter template with modern practices,
+- **PostgreSQL integration** - Full database support with SQLx migrations,
+- **Easy to secure** - HTTP/2 with secure TLS defaults (AWS-LC, FIPS 140-3),
+- **Easy to configure** - `.env` and environment variables,
+- **JWT authentication** - Secure token-based auth with Argon2 password hashing,
+- **Optimized for performance** - Brotli compression,
+- **Comprehensive health monitoring**  
  Docker-compatible endpoint with system metrics:  
  ```json
  {
@ -19,15 +22,14 @@
    "status": "degraded"
  }
  ```
- **JWT Authentication** - Secure token-based auth with Argon2 password hashing
- **Granular Access Control** - Role-based endpoint protection:  
+- **Granular access control** - Role-based endpoint protection:  
  ```rust
  .route("/", post(post_todo).layer(axum::middleware::from_fn(|req, next| {
      let allowed_roles = vec![1, 2];
      authorize(req, next, allowed_roles)
  })))
  ```
- **User Context Injection** - Automatic user profile handling in endpoints:  
+- **User context injection** - Automatic user profile handling in endpoints:  
  ```rust
  pub async fn post_todo(
      Extension(user): Extension<User>,  // Injected user
@ -39,12 +41,67 @@
          }))));
      }
  ```
- **Modern protocols ** - HTTP/2 with secure TLS defaults
- **Observability** - Integrated tracing
- **Optimized for performance** - Brotli compression
- **Easy configuration** - `.env` and environment variables 
- **Documented codebase** - Extensive inline comments for easy modification and readability
- **Latest dependencies** - Regularly updated Rust ecosystem crates
+- **Observability** - Integrated tracing,
+- **Documented codebase** - Extensive inline comments for easy modification and readability,
+- **Latest dependencies** - Regularly updated Rust ecosystem crates,
+
+## 🛠️ Technology stack
+| Category              | Key Technologies               |
+|-----------------------|---------------------------------|
+| Web Framework         | Axum 0.8 + Tower               |
+| Database              | PostgreSQL + SQLx 0.8          |
+| Security              | JWT + Argon2 + Rustls           |
+| Monitoring            | Tracing + Sysinfo              |
+
+## 📂 Project structure
+```
+rustapi/
+├── migrations/      # SQL schema migrations. Creates the required tables and inserts demo data.
+├── src/
+│   ├── core/        # Core modules: for reading configuration files, starting the server and configuring HTTPS/
+│   ├── database/    # Database connectivity, getters and setters for the database.
+│   ├── middlewares/ # Currently just the authentication system.
+│   ├── models/      # Data structures
+│   └── routes/      # API endpoints
+│        └── mod.rs      # API endpoint router.
+│   └── .env         # Configuration file.
+└── Dockerfile       # Builds a docker container for the application.
+└── compose.yaml     # Docker-compose.yaml. Runs container for the application (also includes a PostgreSQL-container).
+```
+
+## 🌐 Default API endpoints
+
+| Method | Endpoint               | Auth Required | Allowed Roles | Description                          |
+|--------|------------------------|---------------|---------------|--------------------------------------|
+| POST   | `/signin`              | No            | None          | Authenticate user and get JWT token  |
+| GET    | `/protected`           | Yes           | 1, 2          | Test endpoint for authenticated users |
+| GET    | `/health`              | No            | None          | System health check with metrics     |
+|        |                        |               |               |                                      |
+| **User routes**         |                        |               |               |                                      |
+| GET    | `/users/all`           | No*           | None          | Get all users                        |
+| GET    | `/users/{id}`          | No*           | None          | Get user by ID                       |
+| POST   | `/users/`              | No*           | None          | Create new user                      |
+|        |                        |               |               |                                      |
+| **Todo routes**         |                        |               |               |                                      |
+| GET    | `/todos/all`           | No*           | None          | Get all todos                        |
+| POST   | `/todos/`              | Yes           | 1, 2          | Create new todo                      |
+| GET    | `/todos/{id}`          | No*           | None          | Get todo by ID                       |
+
+**Key:**  
+🔒 = Requires JWT in `Authorization: Bearer <token>` header  
+\* Currently unprotected - recommend adding authentication for production  
+**Roles:** 1 = User, 2 = Administrator
+
+**Security notes:**  
+- All POST endpoints expect JSON payloads
+- User creation endpoint should be protected in production
+- Consider adding rate limiting to authentication endpoints
+**Notes:**  
+- 🔒 = Requires JWT in `Authorization: Bearer <token>` header  
+- Roles: `1` = Regular User, `2` = Administrator  
+- *Marked endpoints currently unprotected - recommend adding middleware for production use
+- All POST endpoints expect JSON payloads
+

 ## 📦 Installation & Usage
 ```bash
@ -59,7 +116,7 @@ sqlx database create && sqlx migrate run
 cargo run --release
 ```

-### 🔐 Default Accounts
+### 🔐 Default accounts

 **Warning:** These accounts should only be used for initial testing. Always change or disable them in production environments.

@ -68,13 +125,15 @@ cargo run --release
 | `user@test.com`     | `test`   | User           |
 | `admin@test.com`    | `test`   | Administrator  |

-⚠️ **Security Recommendations:**
+⚠️ **Security recommendations:**
 1. Rotate passwords immediately after initial setup
 2. Disable default accounts before deploying to production
 3. Implement proper user management endpoints


-## ⚙️ Configuration
+### ⚙️ Configuration
+Create a .env file in the root of the project or configure the application using environment variables.
+
 ```env
 # ==============================
 # 📌 DATABASE CONFIGURATION
@ -145,24 +204,3 @@ SERVER_COMPRESSION_LEVEL=6
 # Argon2 salt for password hashing (must be kept secret!)
 AUTHENTICATION_ARGON2_SALT="dMjQgtSmoQIH3Imi"
 ```
-
-## 📂 Project Structure
-```
-rustapi/
-├── migrations/      # SQL schema versions
-├── src/
-│   ├── core/        # Config, TLS, server setup
-│   ├── database/    # Query handling
-│   ├── middlewares/ # Auth system
-│   ├── models/      # Data structures
-│   └── routes/      # API endpoints
-└── Dockerfile       # Containerization
-```
-
-## 🛠️ Technology Stack
-| Category              | Key Technologies               |
-|-----------------------|---------------------------------|
-| Web Framework         | Axum 0.8 + Tower               |
-| Database              | PostgreSQL + SQLx 0.8          |
-| Security              | JWT + Argon2 + Rustls           |
-| Monitoring            | Tracing + Sysinfo              |