The best way to develop your web service with one click.
WebShelf is a production-ready Rust web framework built on Axum, providing a complete backend scaffold with authentication, database integration, distributed locking, and comprehensive middleware support.
- 🔐 JWT Authentication - Secure token-based authentication with Argon2 password hashing
- 🗄️ Database Integration - PostgreSQL support via SeaORM with async operations
- 🔒 Distributed Locking (Optional) - Redis-based distributed locks for scalable services
- 🛡️ Middleware Stack - Panic capture, CORS, tracing, and authentication layers
- ✅ Input Validation - Request validation with email and password rules
- 📝 Structured Logging - Tracing-based logging with configurable levels
- ⚙️ Flexible Configuration - TOML-based config with CLI argument overrides
- 🧪 Testing Support - Unit tests and integration test framework
- 🚦 RESTful API - Complete CRUD operations for user management
- 📦 Production Ready - Error handling, compression, and graceful shutdown
- 🔄 Utility Functions - Configuration loading, error handling, logging, and so on
- Rust 1.92 or higher
- PostgreSQL 16+
- Redis 7+ (for distributed locking)
git clone https://github.com/aiqubits/webshelf.git
cd webshelfCreate a Docker network:
docker network create webshelf-netCreate a PostgreSQL database:
# creatdb webshelf
docker run --name webshelf-postgres \
--network webshelf-net \
-e POSTGRES_USER=postgres \
-e POSTGRES_PASSWORD=password \
-e POSTGRES_DB=webshelf \
-p 5432:5432 \
-d postgres:16Start Redis:
docker run --name webshelf-redis \
--network webshelf-net \
-p 6379:6379 \
-d redis:7-alpineCopy and edit configuration:
mv config.toml.example config.toml
# Edit config.toml with your database credentialscargo runThe server will start on http://0.0.0.0:3000 by default.
# Database connection
database_url = "postgres://postgres:password@localhost:5432/webshelf"
# Redis for distributed locking
redis_url = "redis://localhost:6379"
# JWT settings
jwt_secret = "your-super-secret-key-change-in-production"
jwt_expiry_seconds = 3600
# Server settings
[server]
host = "0.0.0.0"
port = 3000
# Rate limiting
[rate_limit]
per_second = 2
burst_size = 5webshelf [OPTIONS]
Options:
-H, --host <HOST> Server bind address [default: 0.0.0.0]
-P, --port <PORT> Server port [default: 3000]
-E, --env <ENV> Environment [default: development]
-C, --config <CONFIG> Configuration file path [default: config.toml]
-L, --log-level <LOG_LEVEL> Log level [default: info]
-h, --help Print help
-V, --version Print versionExample:
cargo run -- --host 127.0.0.1 --port 8080 --log-level debugPOST /api/public/auth/register
Content-Type: application/json
{
"email": "newuser@example.com",
"password": "Password123",
"name": "User Name"
}Response:
{
"message": "User registered successfully",
"user_id": "550e8400-e29b-41d4-a716-446655440000"
}POST /api/public/auth/login
Content-Type: application/json
{
"email": "newuser@example.com",
"password": "Password123"
}Response:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
"token_type": "Bearer",
"expires_in": 3600,
"user_id": "550e8400-e29b-41d4-a716-446655440000",
"role": "user"
}POST /api/users
Content-Type: application/json
{
"email": "newuser@example.com",
"password": "SecurePass123",
"name": "New User"
}Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "newuser@example.com",
"name": "New User",
"role": "user",
"created_at": "2026-01-11T06:00:00Z",
"updated_at": "2026-01-11T06:00:00Z"
}GET /api/users/{id}PUT /api/users/{id}
Content-Type: application/json
{
"email": "updated@example.com",
"name": "Updated Name",
"role": "admin"
}DELETE /api/users/{id}GET /api/users?page=1&per_page=10GET /api/healthResponse:
{
"status": "ok",
"version": "0.0.1"
}webshelf/
│── k8s/ # Kubernetes manifests
│── migrations/ # Database migrations
├── src/
│ ├── handlers/ # Request handlers
│ │ ├── api.rs # API request handlers
│ │ ├── auth.rs # Auth request handlers
│ │ └── mod.rs
│ ├── middlewares/ # Middleware components
│ │ ├── auth.rs # JWT authentication
│ │ ├── panic.rs # Panic capture
│ │ └── mod.rs
│ ├── repositories/ # Data Access Layer (DAL)
│ │ ├── user.rs # User entity
│ │ └── mod.rs
│ ├── routes/ # API routes
│ │ ├── api.rs # User CRUD endpoints
│ │ ├── auth.rs # Authentication endpoints
│ │ └── mod.rs
│ ├── services/ # Business logic
│ │ ├── auth.rs # Authentication service
│ │ ├── user.rs # User service
│ │ ├── lock.rs # Distributed locking
│ │ └── mod.rs
│ ├── utils/ # Utilities
│ │ ├── config.rs # Configuration loading
│ │ ├── error.rs # Error types
│ │ ├── logger.rs # Logging setup
│ │ ├── password.rs # Password hashing
│ │ ├── validator.rs # Input validation
│ │ └── mod.rs
│ ├── bootstrap.rs # Initialization logic
│ ├── lib.rs # Library exports
│ ├── main.rs # Application entry
│ └── migrations.rs # Database migrations
├── tests/
│ └── integration_tests.rs # Integration tests
├── Cargo.toml # Dependencies
├── config.toml.example # Configuration
└── README.md # This file
cargo testNote: Integration tests require PostgreSQL and Redis to be running.
# Start PostgreSQL and Redis first
cargo test --test integration_tests- ✅ Password hashing and verification
- ✅ Input validation (email, password)
- ✅ Configuration loading
- ✅ API endpoint integration tests
- ✅ User CRUD operations
- Password Hashing: Argon2 algorithm with salt
- JWT Tokens: Secure token generation and validation
- Input Validation: Email format and password strength checks
- CORS: Configurable cross-origin resource sharing
- Panic Recovery: Graceful error handling without server crashes
- Minimum 8 characters
- At least one lowercase letter
- At least one uppercase letter
- At least one digit
- axum - Web framework
- tokio - Async runtime
- sea-orm - ORM for PostgreSQL
- redis - Distributed locking
- jsonwebtoken - JWT handling
- argon2 - Password hashing
- serde - Serialization
- validator - Input validation
- tracing - Structured logging
- anyhow/thiserror - Error handling
See Cargo.toml for the complete dependency list.
cargo run -- --env development --log-level debugcargo build --release./target/release/webshelf --config prod.config.tomlMiddleware execution order (innermost to outermost):
- Panic Capture - Catches panics and returns 500 errors
- Authentication - JWT token validation (for protected routes)
- Trace - Request/response logging
- CORS - Cross-origin resource sharing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- aiqubits - The first complete version - aiqubits@hotmail.com