Lightbridge Authz is a modular authorization and API-key validation service with pluggable transports (REST and gRPC), a shared core library for configuration, persistence, and errors, and a CLI to run servers and perform basic checks.
- Workspace layout is defined in Cargo.toml.
- Core exports are in crates/lightbridge-authz-core/src/lib.rs.
- REST server entry point is start_rest_server().
- gRPC server entry point is start_grpc_server().
- CLI entry is main(), with subcommands declared at enum Commands.
- Centralize API key validation and authorization logic behind a transport-agnostic core.
- Provide REST and gRPC frontends for flexible integration.
- Use a single YAML config to keep deployments simple and reproducible.
- Core library exposes config loading, error types, DB primitives, and API key models, see re-exports in lib.rs.
- REST and gRPC crates currently expose async server start functions: start_rest_server() and start_grpc_server(). They are placeholders ready for wiring.
- CLI parses commands and flags using clap, see Cli, Commands, and main().
- Configuration lives in config/default.yaml.
- Rust 2024 edition (workspace-wide).
- Single-source configuration via YAML files.
- Error handling centralized in core; prefer using the core Result and Error.
- Avoid putting too much logic in one file; favor small, focused modules.
- Prerequisites:
- Rust stable toolchain.
- PostgreSQL (if using the database features).
- Clone the repo and build:
- cargo build
- cargo test
- Optional: set DATABASE_URL if different from the YAML configuration.
Workspace crates are listed in Cargo.toml.
- Prepare a config file patterned after config/default.yaml.
Example run commands (CLI parsing defined at crates/lightbridge-authz-cli/src/main.rs):
- Run REST server (placeholder implementation):
- cargo run -p lightbridge-authz-cli -- serve --config ./config/default.yaml --rest
- Run gRPC server (placeholder implementation):
- cargo run -p lightbridge-authz-cli -- serve --config ./config/default.yaml --grpc
- Validate config:
- cargo run -p lightbridge-authz-cli -- config --config ./config/default.yaml --check_config
- Client health (transport argument parsed at transport and health flag at health):
- cargo run -p lightbridge-authz-cli -- client --config ./config/default.yaml --transport rest --health
Current status: REST and gRPC servers are scaffolds.
- REST:
- Entrypoint: start_rest_server().
- Planned endpoints:
- POST /v1/keys/validate: Validate an API key.
- GET /health: Health check.
- gRPC:
- Entrypoint: start_grpc_server().
- Planned services:
- Authz.ValidateKey: Validate an API key.
- Health.Check: Health check.
Proto definitions will live under the proto crate (see crates/lightbridge-authz-proto and build script build.rs).
Base config example: config/default.yaml
- server.grpc.address: string IP to bind, see address.
- server.grpc.port: numeric port, see port.
- logging.level: log level string, see level.
- auth.api_keys: list of allowed API keys, see api_keys.
- database.url: Postgres connection string, see url.
Core config loader is exposed from load_from_path() and Config.
-
Primary crates:
- Core: crates/lightbridge-authz-core
- REST: crates/lightbridge-authz-rest
- gRPC: crates/lightbridge-authz-grpc
- CLI: crates/lightbridge-authz-cli
- API facade: crates/lightbridge-authz-api
- Proto: crates/lightbridge-authz-proto
-
Testing:
- Integration tests live in tests/ folders like crates/lightbridge-authz-rest/tests/api_tests.rs.
- Run all: cargo test
-
Logging:
- Provided by tracing; level set via config logging.level.
- Fork and create a feature branch.
- Ensure rustfmt and clippy pass.
- Add tests in the respective crate's tests/ directory.
- Open a PR with a clear description and link relevant code areas:
- Core changes around Error, Result.
- CLI surface at Commands.
- REST/gRPC servers at start_rest_server() and start_grpc_server().
No LICENSE file found in the repository at this time. Add a LICENSE file (e.g., MIT, Apache-2.0) at the repo root and reference it here once chosen.