rocket-grants-proc-macro
| Crates.io | rocket-grants-proc-macro |
| lib.rs | rocket-grants-proc-macro |
| version | 0.1.1 |
| source | src |
| created_at | 2022-02-23 17:01:33.595334 |
| updated_at | 2023-11-23 22:24:14.895953 |
| description | A proc-macro way to validate user permissions for `rocket-grants` crate. |
| homepage | https://github.com/DDtKey/rocket-grants |
| repository | https://github.com/DDtKey/rocket-grants |
| max_upload_size | |
| id | 537960 |
| size | 14,620 |
Artem Medvedev (DDtKey)
documentation
README
rocket-grants
Extension for
rocketto validate user permissions.
To check user access to specific services, you can use built-in proc-macro, PermissionGuard or manual.
Provides a complete analogue of the actix-web-grants and poem-grants.
How to use
- Declare your own permission extraction function
The easiest way is to declare a function with the following signature:
// You can use custom type instead of String
async fn extract(req: &rocket::Request<'_>) -> Option<Vec<String>>
- Add fairing to your application using the extraction function defined in step 1
rocket::build().mount("/api", rocket::routes![endpoint])
.attach(GrantsFairing::with_extractor_fn(|req| {
Box::pin(extract(req)) // example with a separate async function, but you can write a closure right here
}))
Steps 1 and 2 can be replaced by integration with your custom fairing.
- Protect your endpoints in any convenient way from the examples below:
Example of proc-macro way protection
#[rocket_grants::has_permissions("OP_READ_SECURED_INFO")]
#[rocket::get("/")]
async fn macro_secured() -> &'static str {
"ADMIN_RESPONSE"
}
Example of ABAC-like protection and custom permission type
Here is an example using the type and secure attributes. But these are independent features.
secure allows you to include some checks in the macro based on function params.
type allows you to use a custom type for the roles and permissions (then the fairing needs to be configured).
Take a look at an enum-role example
use enums::Role::{self, ADMIN};
use dto::User;
#[rocket_grants::has_roles("USER", secure = "user_id == user.id")]
#[rocket::post("/secure/<user_id>", data = "<user>")]
async fn role_macro_secured_with_params(user_id: i32, user: Json<User>) -> &'static str {
"some secured info with parameters"
}
Example of manual way protection
use rocket_grants::permissions::{AuthDetails, PermissionsCheck};
#[rocket::get("/")]
async fn manual_secure(details: AuthDetails) -> &'static str {
if details.has_permission("ROLE_ADMIN") {
return "ADMIN_RESPONSE"
}
"OTHER_RESPONSE"
}
You can find more examples in the git repository folder and documentation.
Error customization
Custom error responses can be specified using Rocket catchers. See the Rocket documentation for catchers.
You can set up custom responses for:
401 Unauthorized - when it wasn't possible to obtain authorization data from the request in your extractor.
403 Forbidden - when the permissions did not match the specified for the endpoint.
Supported rocket versions
- For
rocket-grants: 0.5.*supported version ofrocketis0.5.*