{"id":21061672,"url":"https://github.com/nepet/futhark","last_synced_at":"2025-05-16T00:34:30.776Z","repository":{"id":144460389,"uuid":"572609071","full_name":"nepet/futhark","owner":"nepet","description":"Futhark is a rust implementaion of the original Runes by Rusty Russell - Like Macaroons only simpler","archived":false,"fork":false,"pushed_at":"2024-02-12T15:51:47.000Z","size":103,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-10T09:02:55.108Z","etag":null,"topics":["authorization","lightning","rust","token"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nepet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-30T16:32:34.000Z","updated_at":"2024-02-05T22:18:01.000Z","dependencies_parsed_at":"2023-11-19T21:20:59.574Z","dependency_job_id":"532f1a5a-4a8f-4a92-9a20-6d268fc19e14","html_url":"https://github.com/nepet/futhark","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nepet%2Ffuthark","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nepet%2Ffuthark/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nepet%2Ffuthark/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nepet%2Ffuthark/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nepet","download_url":"https://codeload.github.com/nepet/futhark/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254448065,"owners_count":22072755,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","lightning","rust","token"],"created_at":"2024-11-19T17:26:31.182Z","updated_at":"2025-05-16T00:34:28.366Z","avatar_url":"https://github.com/nepet.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Futhark - A Runes Implementation in Rust\n\nThis is a rust implementation of the original runes library by *Rusty Russell* [https://github.com/rustyrussell/runes](https://github.com/rustyrussell/runes).\n\n## What are Runes?\n\nRunes are extendable authorization cookies, similar to **Macaroons** [https://research.google/pubs/pub41892/](https://research.google/pubs/pub41892/) but simpler. Extendable meaning that a client that has access to a cookie issued by a server can derive a cookie with extra restrictions that can not be removed from the derived cookie. This cookie can then possibly be passed to some other party to authenticate at the server.\n\nTo find out more about the motivation of runes see the original repository.\n\n## Coverage and Features\n\nThis implementation is fully compliant with the given set of test vectors. However, a clean implementation of functional values for alternatives to check on are currently missing. These will be part of a future update.\n\n- [x] Compliant with test vectors\n- [ ] Functional checks on values\n- [ ] Full crate documentation\n\n## Rune Language\n(See the original repository for an in-depth explanation)\n\nA _rune_ is a set of _restrictions_ that have to be passed. A _restriction_ consists of one or more _alternatives_ where at least one _alternative_ has to pass.\n\n### Alternative\n\nAn _alternative_ is a string of the form (no spaces):\n```\nALTERNATIVE := FIELDNAME CONDITION VALUE\n```\n\n`FIELDNAME` contains only UTF-8 characters excluding punctuation characters:\n\n```\n! \" # $ % \u0026 ' ( ) * +, - . / : ; \u003c = \u003e ? @ [ \\ ] ^ _ \\` { | } ~\n```\nStill, the punctuation characters can appear inside a `VALUE` but `\u0026`, `|` and `\\\\` must be escaped with `\\`, as these are used to separate _alternatives_ and _restrictions_.\n\n`CONDITION` is one of the following values with the corresponding check\n| `CONDITION` | check                                                                  |\n| ----------- | ---------------------------------------------------------------------- |\n| `!`         | field is missing                                                       |\n| `=`         | exists and exactly equals                                              |\n| `/`         | exists and is not exactly equal                                        |\n| `^`         | exists and begins with                                                 |\n| `$`         | exists and ends with                                                   |\n| `~`         | exists and contains                                                    |\n| `\u003c`         | exists, is valid integer (may be signed), and numerically less than    |\n| `\u003e`         | exists, is valid integer (may be signed), and numerically greater than |\n| `{`         | exists and lexicographically less than (or shorter)                    |\n| `}`         | exists and lexicographically greater than (or longer)                  |\n| `#`         | comment (always pass)                                                  |\n\n### Restriction\n\nA _restriction_ is a group of _alternatives_ chained by a logically `OR` condition represented by `|`; _restrictions_ are separated by `\u0026`. Example _rune_:\n```\ncmd=foo|cmd=bar\u0026subcmd!|subcmd={get\n```\nThe first _restriction_ requires `cmd` to be `foo` or `bar`, the second requires that `subcmd` is not present, or is lexicographically less than (or shorter) `get`.\n\n## Rune Authorization\nEvery rune comes with a __SHA-256__ authentication code that ensures that no _restriction_ can be striped from the rune. The basis for every `authcode` is a secret (less than 56 bytes), that is only known by the server that issues the rune.\n\nFrom this `authbase` every _restriction_ is appended to a rune with the following update to the `authcode`, assuming that the secret has been treated the same way:\n - Pad the _restriction_ (the secret for the `authbase`) as per SHA-256 such that the result is a multiple of 64:\n    - append `0x80`.\n    - append `0`s (such that the result is a multiple of 64).\n    - append the big-endian 64-bit bitcount (len) of the _restriction_.\n\nThis way, the `authcode` is always a SHA-256 digest.\n\nA derivation is then achieved by adding a new restriction to the rune and updating the `authcode`.\n\n### Encoding\n\n_Runes_ are _base64_ encoded (URL safe), starting with the SHA-256 `authcode`, followed by the restrictions (one or more) separated by `\u0026`.\n\n\n## More\n\nFor more insights additional infos and examples visit the original repo [https://github.com/rustyrussell/runes](https://github.com/rustyrussell/runes).\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnepet%2Ffuthark","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnepet%2Ffuthark","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnepet%2Ffuthark/lists"}