In this article I want to describe my boilerplate REST API at RUST on Rocket using NoSQL database MongoDB with JWT-token authorization.
Some information about the technologies used in the code
- So Rust is a programming language. Rust is incredibly fast and uses memory efficiently, Rust’s rich type system and ownership model guarantee memory safety.
- REST API (also known as RESTful API) is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services. REST stands for representational state transfer and was created by computer scientist Roy Fielding.
- Rocket is a web framework for Rust that makes it simple to write fast, secure web applications without sacrificing flexibility, usability, or type safety.
- MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License (SSPL) which is deemed non-free by several distributions.
- JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Why do you need this boilerplate?
If you are a backend programmer at RUST then this boilerplate will help you with creating new projects. Instead of writing the same code at the beginning of each project you can start writing your project in my boilerplate.
If you are just beginning to learn RUST then this project will help you understand basic RUST and ROCKET framework. It will help you understand how work JWT-token authorization and how to work properly with the database.
Routes in this boilerplate
- POST /api/v1/registration
- POST /api/v1/login
- GET /api/v1/user
- PATCH /api/v1/user
- DELETE /api/v1/user
- POST /api/v1/refresh-token
- GET /api/v1/public/hello
- GET /api/v1/private/hello
Registration
In this route the user can create an account.
Request:
login
must be unique and length login must be from 3 to 200 characterspassword
length password must be from 8 to 200 characters and password is hashed before being saved to the databasemail
must be unique and be mailfirst_name
length must be from 2 to 150 characters and this field is optionallast_name
length must be from 2 to 200 characters and this field is optional
Response:
- Status Ok (200) -> access token and refresh token in json
- Status BadRequest (400) -> “Week login” / “Week password” / “Already registered by login” / “Bad mail”/ “Already registered by mail” / “Wrong first name”/ “Wrong last name”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
Login
In this route the user can login in his account.
Request:
login
password
Response:
- Status Ok (200) -> access token and refresh token in json
- Status BadRequest (400) -> “Bad request”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
(GET) user
In this route, the user can find out information about his account (except for the password).
Request:
access token
in headers
Response:
- Status Ok (200) ->
login
,mail
,id
,first name
andlast name
- Status Unauthorized (401) -> “Unauthorized”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
(PATCH) user
In this route the user can change his information in the database.
Request:
login
must be unique and length login must be from 3 to 200 characterspassword
length password must be from 8 to 200 characters and password is hashed before being saved to the databasemail
must be unique and be mailfirst_name
length must be from 2 to 150 characters and this field is optionallast_name
length must be from 2 to 200 characters and this field is optional
Response:
- Status Ok (200)
- Status BadRequest (400) -> “Week login” / “Week password” / “Already registered by login” / “Bad mail”/ “Already registered by mail” / “Wrong first name”/ “Wrong last name”
- Status Unauthorized (401) -> “Unauthorized”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
(DELETE) user
In this route the user can delete his account
Request:
access token
in headers
Response:
- Status No content (204)
- Status Unauthorized (401) -> “Unauthorized”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
Refresh-token
In this route the program will update the lifetime of the “access token”
Request:
refresh token
in jsonaccess token
in headers
Response:
- Status Ok (200) -> access token and refresh token in json
- Status Unauthorized (401) -> “Unauthorized”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
Public hello
In this itinerary, the program can say hello to the world
Response:
- Status Ok (200) -> “Hello world” in json
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
Private hello
In this route the program can say hello to the user
Request:
access token
in headers
Response:
- Status Ok (200) -> “Hello <
login
>” / “Hello <first name
> <login
> <last name
>” - Status Unauthorized (401) -> “Unauthorized”
- Status Internal Server Error (500) -> “Internal Server Error”
Example:
How to download?
This program you can download in my GitHub: https://github.com/martyr00/Rust-rocket-mongoDB-token-auth-REST-API-boilerplate
Also on GitHub you can read more thoroughly about my boilerplate.