Crates.io | ratpack |
lib.rs | ratpack |
version | 0.1.4 |
source | src |
created_at | 2022-01-24 19:58:00.467497 |
updated_at | 2022-04-27 15:22:33.088519 |
description | ratpack is a HTTP framework designed around simplicity and ease-of-use |
homepage | https://github.com/zerotier/ratpack |
repository | https://github.com/zerotier/ratpack |
max_upload_size | |
id | 520373 |
size | 93,627 |
ratpack
is idealized in the simplicity of the sinatra (ruby) framework in its goal, and attempts to be an alternative to other async HTTP frameworks such as tower, warp, axum, and tide.
ratpack
tries to deliver a promise that any handler can also be middleware, by implementing a "chain of responsibility" pattern that crosses handler boundaries. In summary, what you return from the first handler is fed to the second, which returns to the third, until all handlers are processed, or an error is received. Errors can return valid status codes or plain text errors in the form of a HTTP 500 (Internal Service Error).
ratpack
is not especially designed for services with a large web of routes or complicated interactions with the HTTP protocol, such as SSE or Websockets (at this time, at least). ratpack
is very focused on somewhat typical request/response cycles.ratpack
tries very hard to make both its internals and your interaction with it the simplest thing that could possibly work. This means that your request handlers are functions you pass to a macro called compose_handler!
which you pass to routing calls, and that likely, you won't be spending your time implementing complicated, extremely verbose traits or even need complicated understandings of how futures and async
work.tokio
, nothing is keeping us from moving into smol
and async-std
's territory. The majority of ratpack
's use of async
are futures that tokio
ends up leveraging from a very high level.Here is an example which carries global application state as an authentication token validator middleware handler, which then passes forward to a greeting handler. The greeting handler can also be re-used without authentication at a different endpoint, which is also demonstrated.
Note: this is available at examples/auth-with-state.rs. It can also be run with cargo: cargo run --example auth-with-state
.
use ratpack::prelude::*;
// We'll use authstate to (optionally) capture information about the token
// being correct. if it is Some(true), the user was authed, if None, there was no
// authentication performed.
#[derive(Clone)]
struct AuthedState {
authed: Option<bool>,
}
// All transient state structs must have an initial state, which will be
// initialized internally in the router.
impl TransientState for AuthedState {
fn initial() -> Self {
Self { authed: None }
}
}
// our authtoken validator, this queries the app state and the header
// `X-AuthToken` and compares the two. If there are any discrepancies, it
// returns `401 Unauthorized`.
//
// every handler & middleware takes and returns the same params and has the
// same prototype.
//
async fn validate_authtoken(
req: Request<Body>,
resp: Option<Response<Body>>,
_params: Params,
app: App<State, AuthedState>,
mut authstate: AuthedState,
) -> HTTPResult<AuthedState> {
if let (Some(token), Some(state)) = (req.headers().get("X-AuthToken"), app.state().await) {
authstate.authed = Some(state.clone().lock().await.authtoken == token);
Ok((req, resp, authstate))
} else {
Err(Error::StatusCode(StatusCode::UNAUTHORIZED))
}
}
// our `hello` responder; it simply echoes the `name` parameter provided in the
// route.
async fn hello(
req: Request<Body>,
_resp: Option<Response<Body>>,
params: Params,
_app: App<State, AuthedState>,
authstate: AuthedState,
) -> HTTPResult<AuthedState> {
let name = params.get("name").unwrap();
let bytes = Body::from(format!("hello, {}!\n", name));
if let Some(authed) = authstate.authed {
if authed {
return Ok((
req,
Some(Response::builder().status(200).body(bytes).unwrap()),
authstate,
));
}
} else if authstate.authed.is_none() {
return Ok((
req,
Some(Response::builder().status(200).body(bytes).unwrap()),
authstate,
));
}
Err(Error::StatusCode(StatusCode::UNAUTHORIZED))
}
// Our global application state; must be `Clone`.
#[derive(Clone)]
struct State {
authtoken: &'static str,
}
// ServerError is a catch-all for errors returned by serving content through
// ratpack.
#[tokio::main]
async fn main() -> Result<(), ServerError> {
let mut app = App::with_state(State {
authtoken: "867-5309",
});
app.get("/auth/:name", compose_handler!(validate_authtoken, hello));
app.get("/:name", compose_handler!(hello));
app.serve("127.0.0.1:3000").await?;
Ok(())
}
Hitting this service with curl
gives the result you'd expect:
% curl localhost:3000/erik
hello, erik!
% curl -D- localhost:3000/auth/erik
HTTP/1.1 401 Unauthorized
content-length: 0
date: Fri, 21 Jan 2022 18:29:03 GMT
% curl -D- -H "X-AuthToken: 867-5309" localhost:3000/auth/erik
HTTP/1.1 200 OK
content-length: 13
date: Fri, 21 Jan 2022 18:29:19 GMT
hello, erik!
For more information, see the docs.
Erik Hollensbe erik.hollensbe@zerotier.com
BSD 3-Clause