Torrust Index

Torrust Index is a library for BitTorrent Files. Written in Rust Language (edition 2024, MSRV 1.88) with the Axum web framework. This index aims to be respectful to established standards, (both formal and otherwise).

This is a Torrust project and is in active development. It is community supported as well as sponsored by Nautilus Cyberneering.

About

The core purpose of a BitTorrent Index is to maintain a database that connects torrent files with useful metadata. Allowing a community of users to keep track of their torrents in a well-organized and informative manner.

The Torrust Index serves as a high-level API for our Torrust Index GUI client. It also connects to the management api of our Torrust Tracker, to provide statistics and whitelisting functionality.

Key Features

• High Quality and Modern Rust Codebase.
• Documentation Generated from Code Comments.
• Comprehensive Suite of Unit and Functional Tests.
• Good Performance in Busy Conditions.
• Native IPv4 and IPv6 support.
• Persistent SQLite3 or MySQL Databases.

Getting Started

Upgrading

If you are using Version 1 of torrust-tracker-backend, please view our upgrading guide.

Container Version

The Torrust Index is deployed to DockerHub, you can run a demo immediately with the following commands. Per ADR-T-009 §D2, the image no longer ships a default tracker token or database.connect_url, so two overrides are mandatory at startup — a bare docker run -it torrust/index:develop now fails with a missing field error rather than booting against hidden defaults.

Docker

docker run -it \
    --env TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
    --env TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL="sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc" \
    torrust/index:develop

Please read our container guide for more information.

Podman

podman run -it \
    --env TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
    --env TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL="sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc" \
    torrust/index:develop

Please read our container guide for more information.

Compose (development sandbox)

For a complete local stack (index + tracker + MySQL + mailcatcher) the repository ships a Compose split: a production-shaped compose.yaml baseline plus an auto-loaded compose.override.yaml that supplies dev defaults. Two Makefile wrappers cover the documented invocation paths:

# Dev sandbox (auto-loads compose.override.yaml):
make up-dev

# Production-shaped (validates required credentials first):
make up-prod

See Compose Split in the container guide for the required env vars and the validation contract.

Development Version

• Please assure you have the latest stable (or nightly) version of Rust.
• Please assure that your computer has enough RAM. Recommended 16GB.

Checkout, Test and Run:

# Checkout repository into a new folder:
git clone https://github.com/torrust/torrust-index.git

# Change into directory and create a empty database file:
cd torrust-index
mkdir -p ./storage/index/lib/database/
touch ./storage/index/lib/database/sqlite3.db

# Check all tests in application:
cargo test --tests --benches --examples --workspace --all-targets --all-features

# Run the index:
cargo run

Customization

# Copy the default configuration into the standard location:
mkdir -p ./storage/index/etc/
cp ./share/default/config/index.development.sqlite3.toml ./storage/index/etc/index.toml

# Customize the index configuration (for example):
vim ./storage/index/etc/index.toml

# Run the index with the updated configuration:
TORRUST_INDEX_CONFIG_TOML_PATH="./storage/index/etc/index.toml" cargo run

Optionally, you may choose to supply the entire configuration as an environmental variable:

# Use a configuration supplied on an environmental variable:
TORRUST_INDEX_CONFIG_TOML=$(cat "./storage/index/etc/index.toml") cargo run

For deployment, you should override the tracker.token (per ADR-T-009 §D2 it is mandatory; the shipped TOMLs no longer carry a default):

# Override secrets in configuration using environmental variables
TORRUST_INDEX_CONFIG_TOML=$(cat "./storage/index/etc/index.toml") \
  TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN=$(cat "./storage/tracker/lib/tracker_api_admin_token.secret") \
  cargo run

By default, an ephemeral RSA key pair is auto-generated in memory for JWT signing. Sessions will not survive server restarts. For persistent sessions, generate your own RSA key pair and configure the paths:

# Generate an RSA key pair for JWT signing:
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem

# Supply key paths via environment variables:
TORRUST_INDEX_CONFIG_TOML=$(cat "./storage/index/etc/index.toml") \
  TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__PRIVATE_KEY_PATH="/path/to/private.pem" \
  TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__PUBLIC_KEY_PATH="/path/to/public.pem" \
  cargo run

Container deployments auto-generate persistent keys on first boot — no manual setup is required. See the container guide for details.

Please view our crate documentation for more detailed instructions.

Services

The following services are provided by the default configuration:

• API
  • http://127.0.0.1:3001/.

Documentation

• API (Version 1)

Architecture Decision Records

• ADR-T-001: Lowercase Infohashes — All infohashes are normalized to lowercase throughout the codebase, database, and API.
• ADR-T-002: Ignore Non-Standard Fields in Info Dictionary — Non-standard fields in the torrent info dictionary are ignored to prevent info-hash mismatches.
• ADR-T-003: Preparing for Rust Edition 2024 — Pin dependencies to avoid edition-2024-only crates while the workspace remains on edition 2021; raise MSRV to 1.83.
• ADR-T-004: Remove located-error Package — Replace the torrust-index-located-error wrapper with tracing for error context.
• ADR-T-005: Migrate to Rust Edition 2024 — Migrate the entire workspace to edition = "2024" and raise the MSRV to 1.88.
• ADR-T-006: Refactor the Error System — Replace the 41-variant ServiceError god enum with domain-scoped error enums (AuthError, UserError, TorrentError, CategoryTagError) and a thin ApiError wrapper.
• ADR-T-007: Refactor the JWT System — Centralise JWT handling into src/jwt.rs, redesign claims to RFC 7519, move to RS256 asymmetric signing, and consolidate session validation into a single code path.
• ADR-T-008: Refactor the Roles and Permissions System — Replace Casbin with a native Rust permission system (PermissionMatrix + RequirePermission<A> Axum extractors), migrate from administrator: bool to a role column, and add a /me/permissions discovery endpoint.
• ADR-T-009: Container Infrastructure Refactor — Split the runtime image into release (distroless, root-only toolset) and debug bases; extract three helper binaries (torrust-index-health-check, torrust-index-auth-keypair, torrust-index-config-probe) into their own workspace crates with no HTTP/TLS/async-runtime deps; strip credentials from shipped TOMLs and make database.connect_url / tracker.token mandatory schema fields; split Compose into a production-shaped compose.yaml baseline plus an auto-loaded compose.override.yaml dev sandbox; and add an internal audit record for vendored su-exec.

Contributing

We are happy to support and welcome new people to our project. Please consider our contributor guide.
This is an open-source community-supported project. We welcome contributions from the community!

How can you contribute?

• Bug reports and feature requests.
• Code contributions. You can start by looking at the issues labeled "good first issues".
• Documentation improvements. Check the documentation and API documentation for typos, errors, or missing information.
• Participation in the community. You can help by answering questions in the discussions.

License

Copyright (c) 2023 The Torrust Developers.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.

Some files include explicit copyright notices and/or license notices.

Legacy Exception

For posterity, versions of Torrust Index that are older than five years are automatically granted the MIT-0 license in addition to the existing AGPL-3.0-only license.

Contributor Agreement

The copyright of the Torrust Index is retained by the respective authors.

Contributors agree that:

• All their contributions be granted a license(s) compatible with the Torrust Index License.
• All contributors signal clearly and explicitly any other compatible licenses if they are not: AGPL-3.0-only with the legacy MIT-0 exception.

The Torrust Index project has no copyright assignment agreement.

We kindly ask you to take time and consider The Torrust Project Contributor Agreement in full.

Acknowledgments

This project was a joint effort by Nautilus Cyberneering GmbH and Dutch Bits.