This is a simple web application built with Rust's Actix-Web framework and the Rusqlite database. It demonstrates how to implement JWT (JSON Web Token) authentication for user registration, login, and access to protected routes.
- User registration with username and password
- User login with JWT token generation
- Protected route accessible only with a valid JWT token
- Unprotected route accessible without authentication
-
Password Hashing:
Switch to usingbcryptfor hashing passwords. Update the registration and login processes to work with hashed passwords. -
Secret Key Management:
Move the JWT secret key to a .env file and adjust the app to pull it in securely. -
Async DB Operations:
Usetokio::task::spawn_blockingto handle SQLite operations without blocking. -
Role-Based Access:
Set up roles likeAdminandUser, store them in the database, and make sure the JWT includes role info for access control. -
Error Handling:
Clean up error messages to make them clearer for users and more useful for debugging.
- Rust (latest stable version)
- Cargo (Rust's package manager)
- Clone the repository:
git clone https://github.com/Stipulations/actix-jwt.git- Navigate to the project directory:
cd actix-jwt- Build the project:
cargo buildTo run the application, use the following command:
cargo runThe application will start running on http://127.0.0.1:8080.
Send a POST request to http://127.0.0.1:8080/register with the following JSON payload:
{
"username": "your_username",
"password": "your_password"
}Send a POST request to http://127.0.0.1:8080/login with the same JSON payload as above. If the credentials are valid, you will receive a JWT token in the response.
To access the protected route at http://127.0.0.1:8080/protected, include the JWT token in the jwt header of your request.
The unprotected route at http://127.0.0.1:8080/unprotected can be accessed without any authentication.
Contributions are welcome! If you find any issues or have suggestions for improvement, please open an issue or submit a pull request.