-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathmain.rs
More file actions
77 lines (67 loc) · 2.46 KB
/
Copy pathmain.rs
File metadata and controls
77 lines (67 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
#[tokio::main]
async fn main() {
use std::sync::Arc;
use axum::{Router, middleware::from_fn, routing::get};
use shield::{Shield, ShieldOptions};
use shield_axum::{AuthRoutes, ShieldLayer, auth_required};
use shield_memory::{MemoryStorage, User};
use shield_oidc::{Keycloak, OidcMethod};
use time::Duration;
use tokio::net::TcpListener;
use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
use tracing::{info, level_filters::LevelFilter};
use utoipa::OpenApi;
use utoipa_swagger_ui::SwaggerUi;
// Initialize tracing
tracing_subscriber::fmt()
.with_max_level(LevelFilter::DEBUG)
.init();
// Configuration
let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 8080);
// Initialize sessions
let session_store = MemoryStore::default();
let session_layer = SessionManagerLayer::new(session_store)
.with_secure(false)
.with_expiry(Expiry::OnInactivity(Duration::minutes(10)));
// Initialize Shield
let storage = MemoryStorage::new();
let shield = Shield::new(
storage.clone(),
vec![Arc::new(
OidcMethod::new(storage).with_providers([Keycloak::builder(
"keycloak",
"http://localhost:18080/realms/Shield",
"client1",
)
.client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")
.redirect_url(format!(
"http://localhost:{}/api/auth/oidc/sign-in-callback/keycloak",
addr.port()
))
.build()]),
)],
ShieldOptions::default(),
);
let shield_layer = ShieldLayer::new(shield.clone());
// Initialize OpenAPI specification (optional)
#[derive(OpenApi)]
#[openapi(nest(
(path = "/api/auth", api = AuthRoutes, tags = ["auth"]),
))]
struct Docs;
// Initialize router
let router = Router::new()
.route("/api/protected", get(async || "Protected"))
.route_layer(from_fn(auth_required::<User>))
.nest("/api/auth", AuthRoutes::router::<User, ()>())
.merge(SwaggerUi::new("/api-docs").url("/api/openapi.json", Docs::openapi()))
.layer(shield_layer)
.layer(session_layer);
// Start app
info!("listening on http://{}", &addr);
let listener = TcpListener::bind(&addr).await.unwrap();
axum::serve(listener, router.into_make_service())
.await
.unwrap();
}