Conversation
Introduces the new rustapi-extras crate with modules for config, CORS, JWT, rate limiting, and SQLx integration. Adds a SQLx CRUD example application. Updates rustapi-core with middleware support, SSE, and stream modules, and adds SQLx and related dependencies across the workspace.
Expanded documentation in README files to detail optional features such as JWT, CORS, rate limiting, and configuration management. Updated Cargo.toml feature flags for clarity and consistency. Refactored feature-gated re-exports in lib.rs for simpler usage and improved documentation. Improved header extraction test to handle duplicate headers correctly.
There was a problem hiding this comment.
Pull request overview
This pull request introduces comprehensive middleware infrastructure, optional security features, and production-ready utilities to RustAPI, completing Phase 3 of the roadmap. The changes add JWT authentication, CORS, rate limiting, configuration management, SQLx database integration, and enhanced extractors while maintaining the framework's ergonomic API design.
Key changes:
- Middleware system with Tower-compatible layer stacking and execution
- Optional feature flags for JWT, CORS, rate limiting, configuration, cookies, and SQLx
- New extractors: Headers, HeaderValue, Extension, ClientIp, Cookies
Reviewed changes
Copilot reviewed 32 out of 34 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| crates/rustapi-core/src/middleware/ | Core middleware infrastructure with layer stacking and built-in RequestId/Tracing layers |
| crates/rustapi-extras/ | New crate containing optional JWT, CORS, rate limiting, config, and SQLx features |
| crates/rustapi-core/src/extract.rs | Added Headers, HeaderValue, Extension, ClientIp, and Cookies extractors |
| crates/rustapi-core/src/response.rs | Added WithStatus generic wrapper for custom status codes |
| crates/rustapi-core/src/sse.rs | Server-Sent Events support with SseEvent and Sse types |
| crates/rustapi-core/src/stream.rs | Streaming response body support with StreamBody |
| examples/sqlx-crud/ | Complete CRUD example demonstrating SQLx integration with error conversion |
| README.md | Updated documentation with feature descriptions and usage examples |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| #[tokio::main] | ||
| async fn main() -> Result<()> { | ||
| RustApi::new() | ||
| .with_middleware(JwtLayer::<Claims>::new("your-secret-key")) |
There was a problem hiding this comment.
The method name should be .layer() instead of .with_middleware() to match the actual API shown in the app.rs implementation where the method is named layer.
| .allow_credentials(true); | ||
|
|
||
| RustApi::new() | ||
| .with_middleware(cors) |
There was a problem hiding this comment.
The method name should be .layer() instead of .with_middleware() to match the actual API implementation.
| let rate_limit = RateLimitLayer::new(100, Duration::from_secs(60)); // 100 req/min | ||
|
|
||
| RustApi::new() | ||
| .with_middleware(rate_limit) |
There was a problem hiding this comment.
The method name should be .layer() instead of .with_middleware() to match the actual API implementation.
| - `extras` - Meta feature enabling jwt, cors, and rate-limit | ||
| - `full` - All features enabled |
There was a problem hiding this comment.
The description of the extras feature is missing sqlx in the list, but according to Cargo.toml line 69, the full feature includes sqlx while extras does not. Consider clarifying that extras only includes security-related features (jwt, cors, rate-limit) and full includes everything.
| - `extras` - Meta feature enabling jwt, cors, and rate-limit | |
| - `full` - All features enabled | |
| - `extras` - Meta feature enabling only the security-related middleware: `jwt`, `cors`, and `rate-limit` | |
| - `full` - Meta feature enabling all available features (e.g., `jwt`, `cors`, `rate-limit`, `config`, `cookies`, `sqlx`) |
This pull request introduces several new features and enhancements to the RustAPI framework, focusing on middleware infrastructure, optional features, and improved error handling. The most significant changes include the addition of middleware support, new feature flags for extended functionality, and robust SQLx database error conversion. The documentation has also been updated to reflect these improvements and provide usage examples.
Middleware infrastructure and extensibility:
RustApi, including the.layer()method and supporting types (LayerStack,MiddlewareLayer, etc.), allowing users to stack and compose middleware layers such as JWT authentication, CORS, and rate limiting. (crates/rustapi-core/src/app.rs,crates/rustapi-core/src/lib.rs,crates/rustapi-core/src/middleware/mod.rs) [1] [2] [3] [4] [5]Optional features and dependency management:
Cargo.tomlandREADME.mdfor JWT, CORS, rate limiting, configuration management, cookies, and SQLx support, enabling users to opt-in to specific functionality and keep binary size minimal. (Cargo.toml,README.md,crates/rustapi-core/Cargo.toml) [1] [2] [3] [4] [5] [6]SQLx error handling:
ApiError, mapping common database errors to appropriate HTTP responses (e.g., 503 for pool exhaustion, 409 for unique constraint violations, 404 for missing rows). (crates/rustapi-core/src/error.rs)Documentation and examples:
README.mdwith detailed descriptions of new features, usage instructions, and code examples for JWT authentication, CORS, and rate limiting. (README.md) [1] [2] [3]Internal improvements:
Arc, improving thread safety and potential performance for handler invocation. (crates/rustapi-core/src/handler.rs) [1] [2]These changes collectively make RustAPI more modular, extensible, and production-ready, with clear documentation and robust error handling for modern web API development.