Repository

Creating the Project

1	cargo new rust-web-starter

Directory Structure

/src
    /handlers
        - mod.rs
        - posts.rs
        - user.rs
    /utils
        - mod.rs
        - jwt.rs
    main.rs
.env
dev.db

Database

Using sqlx for database operations, and SQLite for testing convenience.

Creating Database Tables

Implemented in the code:

#[tokio::main]
async fn main() {
    // Load environment variables
    let _ = dotenvy::dotenv();
    // Logging subscriber
    tracing_subscriber::fmt::init();
    info!("Starting server");
    // Database connection
    let database_url = std::env::var("SQLITE_DB_URL").expect("SQLITE_DB_URL not set");
    let pool = sqlx::SqlitePool::connect(&database_url)
        .await
        .expect("Error with pool connection");
    // Create tables
    sqlx::query(
        r#"create table users
            (
                id       integer
                    primary key autoincrement,
                username text,
                password text,
                email    text
            );
            "#,
    )
    .execute(&pool)
    .await;
    sqlx::query(
        r#"create table posts
            (
                id         integer
                    primary key autoincrement,
                created_at datetime,
                updated_at datetime,
                deleted_at datetime,
                title      text,
                body       text
            );
            create index idx_posts_deleted_at
                on posts (deleted_at);
            "#,
    )
    .execute(&pool)
    .await; 
    
}

Password Encryption

No suitable method found, using plaintext.

Creating JWT Tokens

use chrono::{DateTime, Duration, Utc};
use jsonwebtoken::{DecodingKey, EncodingKey, Header, Validation, decode, encode, errors::Error};
use serde::{Deserialize, Serialize};
use tracing::{debug, error};
#[derive(Debug, Serialize, Deserialize)]
pub struct Claims {
    pub sub: String,
    pub exp: i64,
    pub iat: i64,
}
impl Claims {
    pub fn new(sub: String, exp: DateTime<Utc>) -> Self {
        Self {
            sub,
            exp: exp.timestamp(),
            iat: Utc::now().timestamp(),
        }
    }
}
// 32-byte secure key
pub const SECRET_KEY: &[u8] = b"030c8d02eea6e5e5219096bd076c41e58e955632d59beb7d44fa18e3fbccb0bd12345678901234";
// Generate JWT
pub fn generate_token(user_id: &str) -> Result<String, Error> {
    let claims = Claims::new(user_id.to_string(), Utc::now() + Duration::hours(1));
    let token = encode(
        &Header::default(),
        &claims,
        &EncodingKey::from_secret(SECRET_KEY),
    )?;
    debug!("Generated token: {}", token);
    Ok(token)
}
// Validate JWT
pub fn validate_token(token: &str) -> Result<Claims, Error> {
    debug!("Received token: {}", token);
    let mut validation = Validation::new(jsonwebtoken::Algorithm::HS256);
    validation.validate_exp = true;
    match decode::<Claims>(token, &DecodingKey::from_secret(SECRET_KEY), &validation) {
        Ok(data) => {
            debug!("Decoded claims: {:?}", data.claims);
            Ok(data.claims)
        }
        Err(e) => {
            error!("Token error: {:?}", e);
            Err(e)
        }
    }
}

Testing

/// JWT method code
#[cfg(test)]
mod tests {
    use super::*;
    #[test]
    fn test_generate_and_validate_token() {
        // Generate token
        let user_id = "test_user";
        let token_result = generate_token(user_id);
        
        assert!(token_result.is_ok(), "Failed to generate token");
        let token = token_result.unwrap();
        // Validate token
        let claims_result = validate_token(&token);
        assert!(claims_result.is_ok(), "Failed to validate token");
        
        let claims = claims_result.unwrap();
        
        // Check if claims information is correct
        assert_eq!(claims.sub, user_id.to_string());
    }
    #[test]
    fn test_invalid_token() {
        // Provide an invalid token
        let invalid_token = "invalid.token.here";
        let claims_result = validate_token(invalid_token);
        assert!(claims_result.is_err(), "Expected error for invalid token");
    }
}

Post Information Table

CRUD Operations

posts.rs provides API interfaces for retrieving, posting, updating, and deleting post information.

use axum::{
    extract::{Path, State},
    http::StatusCode,
    Json,
};
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use sqlx_core::sqlite::SqlitePool;
#[derive(Serialize, Deserialize)]
pub struct NewPost {
    title: String,
    body: String,
}
#[derive(Serialize, Deserialize, sqlx::FromRow)]
pub struct Post {
    id: i32,
    title: String,
    body: String, 
}
pub async fn create_post(
    // Get database connection pool from global route state
    State(pool): State<SqlitePool>,
    Json(product): Json<NewPost>,
) -> Result<Json<Value>, (StatusCode, String)> {
    let resp = sqlx::query("INSERT INTO posts (title, body) values ($1, $2)")
        // Fill placeholders
        .bind(&product.title)
        .bind(&product.body)
        .execute(&pool)
        .await
        .map_err(|err| {
            (
                StatusCode::INTERNAL_SERVER_ERROR,
                format!("Error is: {}", err),
            )
        })?;
    Ok(Json(json!(product)))
}
pub async fn get_posts(
    State(pool): State<SqlitePool>,
) -> Result<Json<Vec<Post>>, (StatusCode, String)> {
    let result = sqlx::query_as("SELECT * from posts")
        // Fill data back into the struct
        .fetch_all(&pool)
        .await
        .map_err(|err| {
            (
                StatusCode::INTERNAL_SERVER_ERROR,
                format!("Error is: {}", err),
            )
        })?;
    Ok(Json(result))
}
pub async fn get_one_post(
    State(pool): State<SqlitePool>,
    Path(id): Path<i32>,
) -> Result<Json<Post>, (StatusCode, String)> {
    let result = sqlx::query_as("SELECT * FROM posts WHERE id = $1")
        .bind(id)
        .fetch_one(&pool)
        .await
        .map_err(|err| match err {
            sqlx::Error::RowNotFound => (StatusCode::NOT_FOUND, format!("Error is: {}", err)),
            _ => (
                StatusCode::INTERNAL_SERVER_ERROR,
                format!("Error is: {}", err),
            ),
        })?;
    Ok(Json(result))
}
pub async fn delete_post(
    State(pool): State<SqlitePool>,
    Path(id): Path<i32>,
) -> Result<Json<Value>, (StatusCode, String)> {
    let result = sqlx::query("DELETE FROM posts WHERE id = $1")
        .bind(id)
        .execute(&pool)
        .await
        .map_err(|err| match err {
            sqlx::Error::RowNotFound => (StatusCode::NOT_FOUND, format!("Error is: {}", err)),
            _ => (
                StatusCode::INTERNAL_SERVER_ERROR,
                format!("Error is: {}", err),
            ),
        })?;
    Ok(Json(json!({"msg": "Product deleted successfully"})))
}
pub async fn update_post(
    State(pool): State<SqlitePool>,
    Path(id): Path<i32>,
    Json(product): Json<Post>,
) -> Result<Json<Value>, (StatusCode, String)> {
    let result = sqlx::query("UPDATE posts SET title=$1, body=$2 WHERE id=$3")
        .bind(&product.title)
        .bind(&product.body)
        .bind(id)
        .execute(&pool)
        .await
        .map_err(|err| match err {
            sqlx::Error::RowNotFound => (StatusCode::NOT_FOUND, format!("Error is: {}", err)),
            _ => (
                StatusCode::INTERNAL_SERVER_ERROR,
                format!("Error is: {}", err),
            ),
        })?;
    Ok(Json(json!({"msg": "Product updated successfully"})))
}

Network Interfaces

Defining Routes

RESTful API style:

HTTP Method	Operation Type	Example
GET	Query resource	Get user list /api/users
POST	Create resource	Create new user /api/users
PUT	Update resource	Update specified user /api/users/{id}
DELETE	Delete resource	Delete specified user /api/users/{id}

#[tokio::main]
async fn main() {
    /// Database creation code from earlier
    // Network interface code
    let postRouter = Router::new()
        .route("/posts", get(handlers::posts::get_posts))
        .route("/posts/:id", get(handlers::posts::get_one_post))
        .route("/posts", post(handlers::posts::create_post))
        .route("/posts/:id", patch(handlers::posts::update_post))
        .route("/posts/:id", delete(handlers::posts::delete_post))
        .route_layer(middleware::from_fn(auth));
    let userRouter = Router::new()
        .route("/users", post(handlers::uesr::register))
        .route("/auth/login", post(handlers::uesr::login));
    let userProfileRouter = Router::new()
        .route("/auth/profile", get(handlers::uesr::validateUser))
        .route_layer(middleware::from_fn(auth));
    // CORS middleware
    let cors = CorsLayer::new().allow_origin(Any);
    let app = Router::new()
        // Merge routers
        .merge(userRouter)
        .merge(postRouter)
        .merge(userProfileRouter)
        // State, data accessible across all routes, here is the database connection pool
        .with_state(pool)
        // CORS
        .layer(cors)
        // Code compression layer
        .layer(CompressionLayer::new())
        // HTTP tracer
        .layer(TraceLayer::new_for_http());
    let listener = tokio::net::TcpListener::bind("127.0.0.1:4000")
        .await
        .unwrap();
    println!("Listening on {}", listener.local_addr().unwrap());
    axum::serve(listener, app).await.unwrap();
}

Authentication Middleware

/// main function
#[derive(Clone)]
struct AuthHeader {
    id: String,
}
async fn auth(
    headers: HeaderMap,
    mut req: Request,
    next: Next,
) -> Result<impl IntoResponse, (StatusCode, String)> {
    // Extract Authorization header
    let header = headers.get("Authorization").ok_or((
        StatusCode::UNAUTHORIZED,
        "missing authorization header".to_string(),
    ))?;
    let header_str = header
        .to_str()
        .map_err(|_| (StatusCode::BAD_REQUEST, "invalid authorization header"))
        .unwrap();
    let token = header_str.replace("Bearer ", "").trim().to_string();
    // Validate token
    let claims = validate_token(token.as_str()).map_err(|e| {
        tracing::warn!("token validation failed: {:?}", e);
        (
            StatusCode::UNAUTHORIZED,
            "invalid or expired token".to_string(),
        )
    })?;
    // Inject user information into request context
    req.extensions_mut().insert(AuthHeader { id: claims.sub });
    Ok(next.run(req).await)
}