Production-style Rust backend built with Axum + Tokio, designed as a clean, modular foundation for real-world APIs.
This project demonstrates enterprise-grade architecture with strong separation of concerns (domain / services / infrastructure), structured configuration, observability, security middleware, and scalable rate limiting.
- Async HTTP API powered by Axum (0.8) + Tokio
- Clean architecture approach
domaindefines core contracts (ports)servicesimplement business logicinfrastructureprovides MongoDB / Redis adapters
- MongoDB integration with repository layer (User + Vault)
- Redis integration (Fred client) for caching and distributed rate limiting
- Two-level rate limiting
- In-memory governor-based limits (
tower-governor) - Redis-backed limiter using Lua script + EVALSHA optimization
- In-memory governor-based limits (
- Security middleware
- CSP, XSS protection, nosniff, frame deny
- CORS configuration driven by typed settings
- Structured logging
- console logs + JSON logs to file
tracingspans + request tracing middleware
- Graceful shutdown with configurable timeout
Create a .env file in the root directory and configure your application credentials:
# Database Credentials (used by Rust App & MongoDB Init Script)
DATABASE__USER=zero_day_app_user
DATABASE__PASSWORD=bardzo_bezpieczne_haslo_aplikacji
DATABASE__NAME=zero_day_db
# Root Credentials (used only by MongoDB Container Setup)
MONGO_ROOT_USER=app_admin
MONGO_ROOT_PASSWORD=twoje_bezpieczne_haslo
# Redis Config
REDIS__PASSWORD=devpasswordTo spin up MongoDB (with automatic user creation) and Redis, run:
# Start containers in background
docker compose up -d
# (Optional) Verify that the dedicated application user has been created successfully
docker exec -it zero_day_mongo mongosh -u app_admin -p twoje_bezpieczne_haslo --eval "db.getSiblingDB('zero_day_db').getUsers()"
Once the backing services are healthy, start the Axum API server using one of the following methods:
cargo run
If you are using Visual Studio Code with the CodeLLDB extension, you can debug the application directly.
Create or update your .vscode/launch.json with the following configuration:
{
"version": "0.2.0",
"configurations": [
{
"name": "Debug Rust Server",
"type": "lldb",
"request": "launch",
"program": "${workspaceFolder}/target/debug/http_server_rs",
"args": [],
"cwd": "${workspaceFolder}",
"stopOnEntry": false,
"preLaunchTask": "cargo build"
}
]
}GET /health— healthcheckPOST /auth/login— authentication entrypoint (stub)POST /vault/unlock— decrypts stored encrypted payload and returns decrypted CV
Vault data is encrypted using:
- AES-256-GCM
- key derivation via Argon2
- Base64 encoding for payload storage (
ciphertext,salt,nonce)
src/
├── config/ # typed settings + env support
├── domain/ # entities + repository ports + crypto contracts
├── services/ # use-cases (user + vault)
├── infrastructure/ # MongoDB + Redis adapters, Lua scripts, serialization
├── server/ # router, middleware, extractors, graceful shutdown
├── handlers/ # HTTP handlers (auth, vault, health)
└── errors/ # centralized AppError + API error mapping
Apache-2.0