Skip to content

elliot14A/cerberust

Repository files navigation

Cerberust 🦀

About the Project

Cerberust is a reliable Rust authentication server, safeguards your application effortlessly. Using JSON Web Tokens (JWT) for seamless logins, it also offers hierarchical resource management and role-based access controls, ensuring security without the hassle of complex setups.

Tech Stack

  • Rust Axum
  • Postgres
  • Diesel

Features

  • Fast Authentication 🚀: Swift and efficient user authentication.
  • Refresh Tokens 🔐: Enhances security and extends user sessions.
  • Refresh Token Rotation 🔄: Regularly updates refresh tokens for heightened security.
  • Refresh Token Reuse Detection 🚫: Blocks unauthorized reuse of refresh tokens.
  • Database Support 🗃️: Compatible with PostgreSQL 🐘.
  • Email Verification 📧: Sends verification emails for account confirmation.
  • Password Reset 🔑: Securely resets user passwords.
  • ORM Integration 🛠️: Seamless integration with Diesel for database management.
  • Hierarchical Resource Management 🌐: Create and manage hierarchical resources.
  • Role-Based Access Control (RBAC) 🛡️: Define and manage roles to control access to resources effectively.

Database structure

token entity: It is used for storing email-verification-tokens/reset-password-token in the database.

Note: Account entity not yet fully implemented

Getting Started

  • Clone the repo:
git clone https://github.com/elliot14A/cerberust
  • Run Postgres migrations: this step will be removed in the future versions
export DATABASE_URL=postgres://postges:postgres@localhost/cerberust
diesel migration run
  • Create cerberust.toml file and define your roles and resources

  • Run the application with docker-compose:

docker compose up

Configuration

The application can be configured using the cerberust.toml file. If this file is not created, the application will use default configurations and will not create any default roles and resources, except the root role, which will be created at the migration step itself. Below is an example configuration for cerberust.toml:

[config]
# Port for the application to listen on
port = "8080"

# Database URL
database_url = "postgres://postgres:postgres@postgres/cerberust"

# SMTP host for sending verification emails
smtp_host = "mailhog"

# SMTP port for sending verification emails
smtp_port = "1025"

[[resource]]
name = "Book Vault"
description = "A place to store your books"

[[resource]]
name = "Into the Wild"
description = "A book about a guy who goes into the wild"
parent = "Book Vault"

[[resource]]
name = "Into Thin Air"
description = "A book about a guy who goes up a mountain"
parent = "Book Vault"

[[resource]]
name = "The Hobbit"
description = "A book about a hobbit"
parent = "Book Vault"

[[role]]
name = "Reader"
privileges = [{ entity = "resource", privilege = ["read"] }]
description = "Can read books"

[[role]]
name = "Writer"
privileges = [{ entity = "resource", privilege = ["read", "create"] }]
description = "Can read and create new books in book vault"

To create resources, you need to export ROOT_EMAIL and ROOT_PASSWORD environment variables.

export [email protected]
export ROOT_PASSWORD=rootpassword

Roadmap

  •  Integration Tests
  •  Add API Endpoint documentation
  •  Social Auth
    •  Google
    •  Github
    •  Facebook
    •  Twitter
  • RBAC Feature
  • Proper Error Handling and Logging
  • Docker Image
  • User management

Contributing

Contributions are always welcome!

See CONTRIBUTING.md for ways to get started.

Code of Conduct

Please read the Code_of_Conduct.md

License

This project is licensed under WTFPL. See LICENSE for more information.

Contact

Akshith Katkuri - [email protected]

project link: https://github.com/elliot14a/cerberust

About

A fast authentication application in rust

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published