beep-authz
| Crates.io | beep-authz |
| lib.rs | beep-authz |
| version | 0.4.0 |
| created_at | 2025-12-23 16:44:41.249337+00 |
| updated_at | 2026-01-25 15:10:04.818813+00 |
| description | Authorization library for Beep services |
| homepage | |
| repository | https://github.com/beep-industries/crates |
| max_upload_size | |
| id | 2001899 |
| size | 494,141 |
Hugo Ponthieu (hugoponthieu)
documentation
https://docs.rs/beep-authz
README
๐ beep-authz
A Rust authorization library with SpiceDB integration for fine-grained permissions.
Powerful, flexible authorization with Google Zanzibar-inspired permission checks
๐ Documentation | ๐ Getting Started | ๐ก Examples
โจ Features
๐ SpiceDB Integration
- Native support for SpiceDB/AuthZed
- Fine-grained permission checks
- Relationship-based access control (ReBAC)
โก High Performance
- Async/await support with Tokio
- Connection pooling
- gRPC-based communication
๐ฏ Type-Safe Permissions
- Strongly-typed permission system
- Object-based resource modeling
- Compile-time safety
๐ก๏ธ Enterprise Ready
- Production-tested
- Comprehensive error handling
- Token-based authentication
๐ Quick Start
Installation
Add beep-authz to your Cargo.toml:
[dependencies]
beep-authz = "0.1.0"
tokio = { version = "1.48", features = ["full"] }
Basic Usage
use authz::{SpiceDbRepository, SpiceDbConfig, SpiceDbObject, Permissions};
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// ๐ง Configure SpiceDB connection
let config = SpiceDbConfig {
endpoint: "localhost:50051".to_string(),
token: Some("your-preshared-key".to_string()),
};
// ๐ Connect to SpiceDB
let authz = SpiceDbRepository::new(config).await?;
// ๐ Check if user can view a channel
let result = authz.check_permissions(
SpiceDbObject::Channel("channel-123".to_string()),
Permissions::ViewChannels,
SpiceDbObject::User("user-456".to_string()),
).await;
if result.has_permissions() {
println!("โ
User has permission to view channel");
} else {
println!("โ Access denied");
}
Ok(())
}
๐ Supported Permissions
The library includes built-in permissions for common scenarios:
- Administrator - Full access to all resources
- ManageServer - Update server settings
- ManageRoles - Create and manage roles
- CreateInvitation - Generate invite links
- ManageChannels - Full channel management
- ManageWebhooks - Webhook CRUD operations
- ViewChannels - Read channel contents
- SendMessages - Post messages
- ManageNicknames - Update user nicknames
- ChangeNickname - Update own nickname
- ManageMessages - Moderate messages
- AttachFiles - Upload files
๐๏ธ Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SpiceDbRepository โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ check_permissions() โ โ
โ โ check_permissions_raw() โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โ gRPC
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ SpiceDB Server โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Permission Engine โ โ
โ โ โข Check relationships โ โ
โ โ โข Evaluate permissions โ โ
โ โ โข Return authorization result โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ง Configuration
Configure SpiceDB connection via environment variables or command-line arguments:
# Environment variables
export SPICEDB_ENDPOINT="grpc.authzed.com:443"
export SPICEDB_TOKEN="your-preshared-key"
# Or use command-line arguments
cargo run -- --spicedb-endpoint localhost:50051 --spicedb-token your-key
๐ SpiceDB Setup
This library works with:
๐ Learn More
- SpiceDB Documentation
- Zanzibar Paper - Google's authorization system
- Permission System Design
๐งช Testing
Run the test suite:
cargo test
๐ License
Licensed under Apache License 2.0. See LICENSE for details.