Role based Auth #1792

Gaelik-git · 2023-02-27T10:42:06Z

Gaelik-git
Feb 27, 2023

I would like to have a simple way of having role based auth for my endpoint.

I found the FromRequestParts examples and documentation so I can have some simple

pub struct User {
    pub id: u8,
    pub roles: Vec<Role>,
}

#[async_trait]
impl<S> FromRequestParts<S> for User
where
    S: Send + Sync,
{ ... }

pub async fn health(user: User) -> impl IntoResponse {
    (StatusCode::OK, ())
}

I was also able to make it work with a simple wrapper to check one role

#[derive(Debug, PartialEq)]
pub struct Admin;

#[derive(Debug, PartialEq)]
pub struct Read;

#[derive(Debug, PartialEq)]
pub enum Role {
    Admin(Admin),
    Reader(Reader),
}

trait RoleCheck {
    fn can_access(role: &Role) -> bool;
}

impl RoleCheck for Admin {
    fn can_access(role: &Role) -> bool {
        match role {
            Role::Admin(_) => true,
            _ => false,
        }
    }
}

pub struct UserWithRole<T> {
    role: std::marker::PhantomData<T>,
    inner: User,
}

#[async_trait]
impl<T, S> FromRequestParts<S> for UserWithRole<T>
where
    S: Send + Sync,
    T: RoleCheck,
{ ... }

pub async fn health(user: UserWithRole<Admin>) -> impl IntoResponse {
    (StatusCode::OK, ())
}

But it there a way to create something like UserWithAnyRole<Role[]> or UserWithRoles<Role[]>

so I could do

pub async fn health(user: UserWithRoles<[Admin, Reader]>) -> impl IntoResponse {
    (StatusCode::OK, ())
}

pub async fn info(user: UserWithAnyRole<[Admin, Reader]>) -> impl IntoResponse {
    (StatusCode::OK, ())
}

Answered by davidpdrsn

Feb 27, 2023

Maybe you can use a tuple UserWithAnyRole<(Admin, Reader)>. Can't put Admin and Reader into an array since they don't have the same type.

View full answer

davidpdrsn · 2023-02-27T11:58:46Z

davidpdrsn
Feb 27, 2023
Collaborator

Maybe you can use a tuple UserWithAnyRole<(Admin, Reader)>. Can't put Admin and Reader into an array since they don't have the same type.

1 reply

Gaelik-git Feb 28, 2023
Author

I was able to make it work, thank you.

Also it requires implementing my RoleCheck trait for tuple of multiple size.
I guess it can be done with macros to avoid to much code duplication.

impl<T, V> RoleCheck for (T, V)
where
    T: RoleCheck,
    V: RoleCheck,
{
    fn can_access(role: &Role) -> bool {
        todo!()
    }
}

I have a lot of different roles, so I guess it would not work so great needing to have a empty struct for every role and the associated enum variant.

I guess it's more a Rust question than a axum question

Thank you for your time and the good work

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Role based Auth #1792

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Role based Auth #1792

Gaelik-git Feb 27, 2023

Replies: 1 comment · 1 reply

davidpdrsn Feb 27, 2023 Collaborator

Gaelik-git Feb 28, 2023 Author

Gaelik-git
Feb 27, 2023

Replies: 1 comment 1 reply

davidpdrsn
Feb 27, 2023
Collaborator

Gaelik-git Feb 28, 2023
Author