DACquiri

A compile-time enforced authorization framework for Rust applications.

Authorization

In typical applications, authorization checks are performed in seemingly random locations. This leads to implicit assumptions on what kinds of permissions or checks have been enforced at various parts of the codebase. For example:

```rust fn handler(req: Request) -> Result { privilegedfn(req.getuser()) }

// makes no assumptions on a user's permissions or access, initially fn privileged_fn(user: User) -> Result { if !user.has(SimplePermission) { return Err(Error::PermissionError); }

// action otherprivilegedfn(user) }

// Implicitly depends on user having the "SimplePermissions" permission or role. fn otherprivilegedfn(user: User) -> Result { if !user.has(AdvancedPermission) { return Err(Error::PermissionError); }

// advanced action

Ok(()) } ```

DACquiri does things differently.

With DACquiri, you explicitly declare your authorization requirements in the function definition. DACquiri will, at compile-time, enforce all code-paths invoking your function will have checked the appropriate authorization requirements beforehand.

With DACquiri, you:

• Know all of your authorization requirements based on your function's definition
• Know that all authorization requirements are enforced in all codepaths
• Know that authorization violations cannot be introduced accidentally

Missing an authorization check? That's a compile-time error.

Missing DACquiri? That's your error.

How it works