Rust Rocket MongoDB token-authorization REST API boilerplate

In this article I want to describe my boilerplate REST API at RUST on Rocket using NoSQL database MongoDB with JWT-token authorization.

Some information about the technologies used in the code

• So Rust is a programming language. Rust is incredibly fast and uses memory efficiently, Rust’s rich type system and ownership model guarantee memory safety.
• REST API (also known as RESTful API) is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services. REST stands for representational state transfer and was created by computer scientist Roy Fielding.
• Rocket is a web framework for Rust that makes it simple to write fast, secure web applications without sacrificing flexibility, usability, or type safety.
• MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License (SSPL) which is deemed non-free by several distributions.
• JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

Why do you need this boilerplate?

If you are a backend programmer at RUST then this boilerplate will help you with creating new projects. Instead of writing the same code at the beginning of each project you can start writing your project in my boilerplate.

If you are just beginning to learn RUST then this project will help you understand basic RUST and ROCKET framework. It will help you understand how work JWT-token authorization and how to work properly with the database.

Routes in this boilerplate

1. POST /api/v1/registration
2. POST /api/v1/login
3. GET /api/v1/user
4. PATCH /api/v1/user
5. DELETE /api/v1/user
6. POST /api/v1/refresh-token
7. GET /api/v1/public/hello
8. GET /api/v1/private/hello

Registration

In this route the user can create an account.

Request:

• login must be unique and length login must be from 3 to 200 characters
• password length password must be from 8 to 200 characters and password is hashed before being saved to the database
• mail must be unique and be mail
• first_name length must be from 2 to 150 characters and this field is optional
• last_name length must be from 2 to 200 characters and this field is optional

Response:

• Status Ok (200) -> access token and refresh token in json
• Status BadRequest (400) -> “Week login” / “Week password” / “Already registered by login” / “Bad mail”/ “Already registered by mail” / “Wrong first name”/ “Wrong last name”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example registration in postman

Login

In this route the user can login in his account.

Request:

• login
• password

Response:

• Status Ok (200) -> access token and refresh token in json
• Status BadRequest (400) -> “Bad request”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example login in postman

(GET) user

In this route, the user can find out information about his account (except for the password).

Request:

• access token in headers

Response:

• Status Ok (200) -> login , mail , id , first name and last name
• Status Unauthorized (401) -> “Unauthorized”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example (GET) user

(PATCH) user

In this route the user can change his information in the database.

Request:

• login must be unique and length login must be from 3 to 200 characters
• password length password must be from 8 to 200 characters and password is hashed before being saved to the database
• mail must be unique and be mail
• first_name length must be from 2 to 150 characters and this field is optional
• last_name length must be from 2 to 200 characters and this field is optional

Response:

• Status Ok (200)
• Status BadRequest (400) -> “Week login” / “Week password” / “Already registered by login” / “Bad mail”/ “Already registered by mail” / “Wrong first name”/ “Wrong last name”
• Status Unauthorized (401) -> “Unauthorized”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example (PATCH) user

(DELETE) user

In this route the user can delete his account

Request:

• access token in headers

Response:

• Status No content (204)
• Status Unauthorized (401) -> “Unauthorized”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example (DELETE) user

Refresh-token

In this route the program will update the lifetime of the “access token”

Request:

• refresh token in json
• access token in headers

Response:

• Status Ok (200) -> access token and refresh token in json
• Status Unauthorized (401) -> “Unauthorized”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example refresh-token

Public hello

In this itinerary, the program can say hello to the world

Response:

• Status Ok (200) -> “Hello world” in json
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example public hello

Private hello

In this route the program can say hello to the user

Request:

• access token in headers

Response:

• Status Ok (200) -> “Hello <login>” / “Hello <first name> <login> <last name>”
• Status Unauthorized (401) -> “Unauthorized”
• Status Internal Server Error (500) -> “Internal Server Error”

Example:

Example private hello

How to download?

This program you can download in my GitHub: https://github.com/martyr00/Rust-rocket-mongoDB-token-auth-REST-API-boilerplate

Also on GitHub you can read more thoroughly about my boilerplate.