- Update
tower-sessions
to 0.13.0
- Update dev dependencies; placate docs.rs
- Avoid unnecessary clone #225
- Replace
ring
withsubtle
#216
This makes using axum-login
with targets like wasm32-unknown-unknown
easier, as ring
required C and assembly whereas subtle
is a pure Rust constant time comparator.
- Update
tower-sessions
to 0.12.0
As of this update, signed and encrypted session cookies are supported.
- Update
tower-sessions
to 0.11.0
This updates tower-sessions
to its latest release, which itself contains breaking changes.
Please review those changes for more details.
- Record user id on span when available. #160
Breaking Changes
- Update
tower-sessions
to 0.10.0
This updates tower-sessions
to its latest release, which itself contains breaking changes, especially with regard to previously-bundled session stores.
Please review those changes for more details.
Breaking Changes
- Make service infallible.
This follows along with the upstream changes to tower-sessions
, where
we made it such that the sessions middleware will not directly result in
an error.
Here we do the same and in doing so are able to use the layer directly
with axum
. This should reduce boilerplate.
- Relax trait bounds such that e.g.
Credentials
do not requireClone
. ##157
- Ensure correct redirect uri query handling. #155
- Address request URI prefix truncation in nested routes by using
OriginalUri
extractor. #153
Breaking Changes
- Update
tower-sessions
to 0.8.0; this introduces lazy sessions. #132
This is a significant update to the session API, which now requires awaiting its methods. That said, changes to this crate are fairly minimal.
- Ensure
http
is referenced apropriately in macros.
- Ensure
predicate_required
is invoked correctly.
Breaking Changes
- Update
tower-sessions
to 0.7.0.
This includes support for axum
0.7.0.
Breaking Changes
- Update
tower-sessions
to 0.6.0; this removesreplace_if_equal
and addressed a performance bottleneck.
** Other Changes**
- Make
DATA_KEY
configurable. #109
Breaking changes
- Update
tower-sessions
to 0.5.0; this changes the default session cookie name from "tower.sid" to "id".
Note that applications using the old default, "tower.sid", may continue to do so without disruption by specifying with_name("tower.sid")
.
Other changes
- Ensure session error type is accessible. #120
- Fix
permission_required
macro. #116 and 7a6720a
- Ensure middleware-producing macros (
login_required
,permission_required
, andpredicate_required
) use crate dependencies. - Re-organize into a workspace such that examples are self-contained crates.
We have entirely reimagined this crate's API, having now rewritten it to use tower-sessions
.
The upshot of this is issues with deadlocks are a thing of the past. However, applications that rely on prior versions of the crate will have to evaluate the new API and decide if it's appropriate to migrate or not.
Please review the documentation for an overview of the new API.
BREAKING CHANGES:
- Provide
User
withoutOption
#70 - Use associated type
Error
inUserStore
instead of eyre for error handling #69 - Make
role_bounds
optional #67
OTHER CHANGES
- Introduce
DefaultQueryProvider
forsqlx
stores #72 - Update
tower
to0.4.0
- Add optional redirect in
RequireAuthorizationLayer
BREAKING CHANGES:
- Parametrize the
UserId
type (formerly hard-coded toString
) inAuthUser
,AuthContext
, andRequireAuthorizationLayer
. SqlxStore
: Removewith_table_name
andwith_column_name
in favor ofwith_query
.
OTHER CHANGES:
- Add this changelog 🎉
- Extend .gitignore
- Bump
axum-sessions
to 0.5.0
- Expose
sqlx_store::SqlxStore
PR #31 - Update README example
- Bump Axum to 0.6.0
- Introduce a
secrecy
feature
- Implement role bounds
- Implement
PartialOrd
forRole
- Implement a role-based
RequireAuthorizationLayer
- Implement basic RBAC support
- Add an example to require a special user field value
- Remove
std::fmt::Debug
fromAuthUser
requirements - Add
oauth
example
- General fixes and improvements
- Initial release 🎉