A sample starter project for building REST API Web service in Rust using axum, JSON Web Tokens (JWT), SQLx, PostgreSQL, and Redis
Covers:
- REST API server based on axum
- Routing
- API versioning
- API Error responses (structured format)
- Cross-Origin Resource Sharing (CORS)
- Graceful shutdown
- Authentication & authorization using
JSON Web Tokens (JWT)- Login, logout, refresh, and revoking operations
- Role based authorization
- Generating and validating access and refresh tokens
- Setting tokens expiry time (based on configuration)
- Using refresh tokens rotation technique
- Revoking issued tokens by using Redis (based on configuration)
- Revoke all tokens issued until the current time
- Revoke tokens belonging to the user issued until the current time
- Cleanup of revoked tokens
- Using
PostgreSQLdatabase withSQLx- Database migrations
- Async connection pooling
- Async CRUD operations and transactions
- Using
Redisin-memory storage- Async
Redisoperations
- Async
- Configuration settings
- Loading and parsing
.envfile - Using environment variables
- Loading and parsing
- Logs
tracingbased logs
- Tests
- End-to-end API tests
- Database isolation in tests
- Using
Docker- Running
PostgreSQLandRedisservices - Building the application using the official
Rustimage - Running the full stack: API +
PostgreSQL+Redis
- Running
- GitHub CI configuration
- Running
cargo denyto check for security vulnerabilities and licenses - Running
cargo fmtto check for the Rust code format according to style guidelines - Running
cargo clippyto catch common mistakes and improving the Rust code - Running tests
- Building the application
- Running
- List of available API endpoints: docs/API-endpoints.md
- API request samples in the format RFC 2616: tests/endpoints.http
- Health:
GET /v1/health - Version:
GET /v1/version
- Login:
POST /v1/auth/login - Refresh Tokens:
POST /v1/auth/refresh - Logout:
POST /v1/auth/logout - Revoke Tokens Issued to the User:
POST /v1/auth/revoke-user - Revoke All Issued Tokens:
POST /v1/auth/revoke-all - Cleanup Revoked Tokens:
POST /v1/auth/cleanup
- List Users:
GET /v1/users - Get User by ID:
GET /v1/users/{user_id} - Add a New User:
POST /v1/users - Update User:
PUT /v1/users/{user_id} - Delete User:
DELETE /v1/users/{user_id}
- List Accounts:
GET /v1/accounts - Get Account by ID:
GET /v1/accounts/{account_id} - Add a New Account:
POST /v1/accounts - Update Account:
PUT /v1/accounts/{account_id}
- Transfer Money:
POST /v1/transactions/transfer - Get Transaction by ID:
GET /v1/transactions/{transaction_id}
-
Using REST Client for Visual Studio Code. Supports RFC 2616 format used in request samples: tests/endpoints.http.
-
Using curl:
Health check
curl -i http://127.0.0.1:8080/v1/health
Login
curl -i http://127.0.0.1:8080/v1/auth/login \ -H "Content-Type: application/json" \ -d '{"username":"admin","password_hash":"7c44575b741f02d49c3e988ba7aa95a8fb6d90c0ef63a97236fa54bfcfbd9d51"}'
List of users
curl -i http://127.0.0.1:8080/v1/users \ -H "Content-Type: application/json" \ -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkNTFlNjE4Ny1jYmFjLTQ0ZmEtOWE5NS04ZjFkZWJkYmFlZWEiLCJqdGkiOiIwN2Y3OWE0OC1kMWFhLTQ1ZjItOWE5NS05Y2M5MGZiY2UyYTciLCJpYXQiOjE3MzYwMTA3MjIsImV4cCI6MTczNjAxNDMyMiwidHlwIjowLCJyb2xlcyI6ImFkbWluIn0.3f2c_5PyPXMhgu0FIX4--SGjnSDW1GLxL0ba6gSImfM"
REST API tests: /tests
docker-compose up -d
cargo testdocker-compose up -d
cargo runENV_TEST=1 cargo runSetting the RUST_LOG - logging level on the launch:
RUST_LOG=info,hyper=debug,axum_web=trace cargo rundocker-compose -f docker-compose.full.yml up -dDevelopment: this project is under development.