diff --git a/README.md b/README.md index 2e757ad..a869c5d 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,15 @@ -```markdown # 🦀 RustAPI **An example API built with Rust, Axum, SQLx, and PostgreSQL** [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) ## 🚀 Core Features -- **Rust API Template** - Production-ready starter template with modern practices -- **PostgreSQL Integration** - Full database support with SQLx migrations -- **Comprehensive Health Monitoring** +- **Rust API template** - Production-ready starter template with modern practices, +- **PostgreSQL integration** - Full database support with SQLx migrations, +- **Easy to secure** - HTTP/2 with secure TLS defaults (AWS-LC, FIPS 140-3), +- **Easy to configure** - `.env` and environment variables, +- **JWT authentication** - Secure token-based auth with Argon2 password hashing, +- **Optimized for performance** - Brotli compression, +- **Comprehensive health monitoring** Docker-compatible endpoint with system metrics: ```json { @@ -19,15 +22,14 @@ "status": "degraded" } ``` -- **JWT Authentication** - Secure token-based auth with Argon2 password hashing -- **Granular Access Control** - Role-based endpoint protection: +- **Granular access control** - Role-based endpoint protection: ```rust .route("/", post(post_todo).layer(axum::middleware::from_fn(|req, next| { let allowed_roles = vec![1, 2]; authorize(req, next, allowed_roles) }))) ``` -- **User Context Injection** - Automatic user profile handling in endpoints: +- **User context injection** - Automatic user profile handling in endpoints: ```rust pub async fn post_todo( Extension(user): Extension, // Injected user @@ -39,12 +41,67 @@ })))); } ``` -- **Modern protocols ** - HTTP/2 with secure TLS defaults -- **Observability** - Integrated tracing -- **Optimized for performance** - Brotli compression -- **Easy configuration** - `.env` and environment variables -- **Documented codebase** - Extensive inline comments for easy modification and readability -- **Latest dependencies** - Regularly updated Rust ecosystem crates +- **Observability** - Integrated tracing, +- **Documented codebase** - Extensive inline comments for easy modification and readability, +- **Latest dependencies** - Regularly updated Rust ecosystem crates, + +## 🛠️ Technology stack +| Category | Key Technologies | +|-----------------------|---------------------------------| +| Web Framework | Axum 0.8 + Tower | +| Database | PostgreSQL + SQLx 0.8 | +| Security | JWT + Argon2 + Rustls | +| Monitoring | Tracing + Sysinfo | + +## 📂 Project structure +``` +rustapi/ +├── migrations/ # SQL schema migrations. Creates the required tables and inserts demo data. +├── src/ +│ ├── core/ # Core modules: for reading configuration files, starting the server and configuring HTTPS/ +│ ├── database/ # Database connectivity, getters and setters for the database. +│ ├── middlewares/ # Currently just the authentication system. +│ ├── models/ # Data structures +│ └── routes/ # API endpoints +│ └── mod.rs # API endpoint router. +│ └── .env # Configuration file. +└── Dockerfile # Builds a docker container for the application. +└── compose.yaml # Docker-compose.yaml. Runs container for the application (also includes a PostgreSQL-container). +``` + +## 🌐 Default API endpoints + +| Method | Endpoint | Auth Required | Allowed Roles | Description | +|--------|------------------------|---------------|---------------|--------------------------------------| +| POST | `/signin` | No | None | Authenticate user and get JWT token | +| GET | `/protected` | Yes | 1, 2 | Test endpoint for authenticated users | +| GET | `/health` | No | None | System health check with metrics | +| | | | | | +| **User routes** | | | | | +| GET | `/users/all` | No* | None | Get all users | +| GET | `/users/{id}` | No* | None | Get user by ID | +| POST | `/users/` | No* | None | Create new user | +| | | | | | +| **Todo routes** | | | | | +| GET | `/todos/all` | No* | None | Get all todos | +| POST | `/todos/` | Yes | 1, 2 | Create new todo | +| GET | `/todos/{id}` | No* | None | Get todo by ID | + +**Key:** +🔒 = Requires JWT in `Authorization: Bearer ` header +\* Currently unprotected - recommend adding authentication for production +**Roles:** 1 = User, 2 = Administrator + +**Security notes:** +- All POST endpoints expect JSON payloads +- User creation endpoint should be protected in production +- Consider adding rate limiting to authentication endpoints +**Notes:** +- 🔒 = Requires JWT in `Authorization: Bearer ` header +- Roles: `1` = Regular User, `2` = Administrator +- *Marked endpoints currently unprotected - recommend adding middleware for production use +- All POST endpoints expect JSON payloads + ## 📦 Installation & Usage ```bash @@ -59,7 +116,7 @@ sqlx database create && sqlx migrate run cargo run --release ``` -### 🔐 Default Accounts +### 🔐 Default accounts **Warning:** These accounts should only be used for initial testing. Always change or disable them in production environments. @@ -68,13 +125,15 @@ cargo run --release | `user@test.com` | `test` | User | | `admin@test.com` | `test` | Administrator | -⚠️ **Security Recommendations:** +⚠️ **Security recommendations:** 1. Rotate passwords immediately after initial setup 2. Disable default accounts before deploying to production 3. Implement proper user management endpoints -## ⚙️ Configuration +### ⚙️ Configuration +Create a .env file in the root of the project or configure the application using environment variables. + ```env # ============================== # 📌 DATABASE CONFIGURATION @@ -145,24 +204,3 @@ SERVER_COMPRESSION_LEVEL=6 # Argon2 salt for password hashing (must be kept secret!) AUTHENTICATION_ARGON2_SALT="dMjQgtSmoQIH3Imi" ``` - -## 📂 Project Structure -``` -rustapi/ -├── migrations/ # SQL schema versions -├── src/ -│ ├── core/ # Config, TLS, server setup -│ ├── database/ # Query handling -│ ├── middlewares/ # Auth system -│ ├── models/ # Data structures -│ └── routes/ # API endpoints -└── Dockerfile # Containerization -``` - -## 🛠️ Technology Stack -| Category | Key Technologies | -|-----------------------|---------------------------------| -| Web Framework | Axum 0.8 + Tower | -| Database | PostgreSQL + SQLx 0.8 | -| Security | JWT + Argon2 + Rustls | -| Monitoring | Tracing + Sysinfo |