Table of Contents
Rust has gained popularity for its focus on safety and performance. When combined with Diesel, a powerful ORM for Rust, developers can create secure and efficient user authentication systems that interact seamlessly with various database backends. This article guides you through the essential steps to implement secure user authentication using Rust and Diesel.
Setting Up Your Rust Environment
Begin by installing Rust through rustup. Ensure you have the latest stable version. Next, create a new project using Cargo:
cargo new user_auth_system
cd user_auth_system
Open your Cargo.toml file and add Diesel along with the database driver of your choice, such as PostgreSQL:
[dependencies]
diesel = { version = "2.0", features = ["postgres"] }
dotenv = "0.15"
bcrypt = "0.12"
jsonwebtoken = "8.0"
chrono = { version = "0.4", features = ["serde"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
Configuring the Database
Create a database and a users table with fields for username, hashed password, and timestamps. Use Diesel CLI to set up migrations:
diesel setup
diesel migration generate create_users
Edit the generated migration files to include:
CREATE TABLE users (
id SERIAL PRIMARY KEY,
username VARCHAR NOT NULL UNIQUE,
password_hash VARCHAR NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT NOW()
);
Run the migration:
diesel migration run
Defining Data Models and Schema
Create a schema.rs file and define the User model along with Diesel's schema inference. Use the following code:
// src/schema.rs
table! {
users (id) {
id -> Int4,
username -> Varchar,
password_hash -> Varchar,
created_at -> Timestamp,
}
}
Define the User struct in your main.rs:
// src/main.rs
#[macro_use]
extern crate diesel;
extern crate dotenv;
use diesel::prelude::*;
use dotenv::dotenv;
use std::env;
use bcrypt::{hash, verify};
use jsonwebtoken::{encode, decode, Header, Validation, EncodingKey, DecodingKey};
use serde::{Serialize, Deserialize};
use chrono::{Utc, Duration};
mod schema;
use schema::users;
#[derive(Queryable, Insertable)]
#[table_name="users"]
struct User {
id: i32,
username: String,
password_hash: String,
created_at: chrono::NaiveDateTime,
}
Implementing User Registration and Authentication
Create functions to register new users with hashed passwords and to authenticate users by verifying passwords. Use bcrypt for hashing and verifying, and JSON Web Tokens (JWT) for session management.
fn register_user(conn: &PgConnection, username: &str, password: &str) -> Result {
let password_hash = hash(password, 12).unwrap();
let new_user = User {
id: 0,
username: username.to_owned(),
password_hash,
created_at: chrono::Local::now().naive_local(),
};
diesel::insert_into(users::table)
.values(&new_user)
.get_result(conn)
}
fn authenticate_user(conn: &PgConnection, username: &str, password: &str) -> Result {
use schema::users::dsl::*;
let user = users.filter(username.eq(username))
.first::(conn)
.map_err(|_| "User not found")?;
if verify(password, &user.password_hash).unwrap() {
let token = create_jwt(&user.username);
Ok(token)
} else {
Err("Invalid password".to_string())
}
}
fn create_jwt(username: &str) -> String {
#[derive(Serialize)]
struct Claims {
sub: String,
exp: usize,
}
let expiration = Utc::now()
.checked_add(Duration::hours(24))
.expect("valid timestamp")
.timestamp() as usize;
let claims = Claims {
sub: username.to_owned(),
exp: expiration,
};
encode(&Header::default(), &claims, &EncodingKey::from_secret("secret".as_ref())).unwrap()
}
Securing User Data and Handling Sessions
Ensure passwords are hashed securely with bcrypt and tokens are signed properly. Store secrets securely and validate tokens on each request to maintain session security.
Conclusion
Using Rust with Diesel provides a safe and efficient way to implement user authentication systems. With proper password hashing, token management, and secure database interactions, you can build robust authentication workflows suitable for production environments.