/
main.rs
44 lines (38 loc) · 1.51 KB
/
main.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
use crate::role::Role::{self, Admin};
use rocket::http::Status;
use rocket::Request;
use rocket_grants::authorities::{AuthDetails, AuthoritiesCheck};
use rocket_grants::GrantsFairing;
use std::collections::HashSet;
mod role;
// `proc-macro` way require specify your type. It can be an import or a full path.
#[rocket_grants::protect(any("Admin", "role::Role::Manager"), ty = Role)]
// For the `Admin` or `Manager` - endpoint will give the HTTP status 200, otherwise - 403
#[rocket::get("/macro_secured")]
async fn macro_secured() -> Status {
Status::Ok
}
// An example of programmable protection with custom type
#[rocket::get("/manual")]
async fn manual_secure(details: AuthDetails<Role>) -> &'static str {
if details.has_authority(&Role::Admin) {
return "Hello Admin!";
}
"Hello!"
}
#[rocket::launch]
// Sample application with grant protection based on extracting by your custom function
async fn rocket() -> _ {
rocket::build()
.mount("/api", rocket::routes![macro_secured, manual_secure])
.attach(GrantsFairing::with_extractor_fn(|req| {
Box::pin(extract(req))
}))
}
// You can specify any of your own type (`PartialEq` + `Clone`) for the return type wrapped in a vector: rocket::Result<Vec<YOUR_TYPE_HERE>>
async fn extract(_req: &mut Request<'_>) -> Option<HashSet<Role>> {
// Here is a place for your code to get user permissions/roles/authorities from a request
// For example from a token or database
// Stub example
Some(HashSet::from([Role::Admin]))
}