All DinoPark Rust services use actix as their web framework. In general the endpoints are separated into small apps:
src
├── endpoint1
│ ├── app.rs
│ ├── mod.rs
│ └── …
├── endpoint2
│ ├── app.rs
│ ├── mod.rs
│ └── …
├── healthz.rs # basic health check endpoint for k8s
├── main.rs
└── settings.rsPermissions are and authentication happens via DinoPark Gate. It decodes and verifies
the id_token and translates it into user_id, scope, groups_scope and AAL. Routes
may be guarded to on a minimal requirement on either of those claims by DinoPark Guard
via a simple annotation like: #[guard(Staff, Creator, Medium)] which would only allow
access to this route if the logged in user is a staff member, is an allowed access group creator and is logged in via a MFA'd login method.
All services use a common CIS client to interact with the CIS APIs. Signing fields is also supported given the correct signing keys.
All Rust code must pass at least:
cargo fmt --all -- --check
cargo clippy -- -D warnings
cargo test --all