Tools & Utilities
Open Source

Easy-DB: Dynamic REST API & SQLite Automation Library

RustAxumTokioRusqliteReqwestSerdeCargo

A zero-boilerplate Rust library distributed via crates.io that instantly converts SQLite tables into a secure REST API, bundled with its own asynchronous HTTP client.

Tech Stack

RustAxumTokioRusqliteReqwestSerdeCargo

System Metrics

Minimal memory footprint achieved by completely bypassing heavy ORMs in favor of raw query mapping
High-throughput concurrent HTTP request handling leveraging Tokio's asynchronous event loop
Zero network latency for database operations due to the embedded nature of the SQLite engine

Why Did I Build This?

"Writing repetitive CRUD endpoints and DTO boilerplate for every new backend project is a massive time sink. I built this library to eliminate that friction: define your SQLite tables, and the engine instantly spins up a secure REST API along with a built-in HTTP client. It is designed as a drop-in solution for rapid prototyping and embedded backend architectures."

Architecture & Decisions

The library is engineered on top of Axum and Tokio. The core database state is wrapped in an `Arc<Mutex<Connection>>` to ensure thread-safe sharing across asynchronous route handlers. The server engine (`EasyDB`) dynamically injects endpoints into the Axum router by iterating over exposed tables at initialization. While network I/O is fully asynchronous, the inherently synchronous SQLite disk operations are managed via a strict locking mechanism. The bundled `EasyClient` utilizes `reqwest` under the hood, perfectly mapped to consume the generated API out-of-the-box.

Key Features

  • 01.Zero-boilerplate REST API generation via dynamic endpoint injection
  • 02.Bundled asynchronous `EasyClient` module ready to consume the generated API natively
  • 03.Strict identifier sanitization layer actively preventing column/table name injection attacks
  • 04.Dynamic parameterized queries ensuring absolute immunity to standard SQL Injection vectors
  • 05.Autonomous URL-based filtering and sorting engine (e.g., `?_sort=age&_order=desc`)
The most critical engineering decision in this library was securing the dynamic SQL generation. Standard prepared statements (`?`) do not protect against malicious table or column names (identifier injection). To counter this, I implemented a strict validation boundary (`is_valid_identifier`) that aggressively sanitizes all incoming keys through an ASCII/Alphanumeric filter before they ever touch the query string. Distributing this on crates.io makes it a highly portable, production-ready micro-tool for any Rust developer looking to bypass backend boilerplate.