pub struct ApiKeyStore { /* private fields */ }Expand description
In-memory store of API key entries loaded from a JSON file.
Implementations§
Source§impl ApiKeyStore
impl ApiKeyStore
Sourcepub fn from_entries(entries: Vec<ApiKeyEntry>) -> Self
pub fn from_entries(entries: Vec<ApiKeyEntry>) -> Self
Build a store directly from in-memory entries.
Used by the local single-process entrypoint (AAASM-3369), which seeds a single admin key from the environment (or a generated one) without a keys-on-disk file.
Sourcepub fn load(path: &Path) -> Result<Self, ApiKeyError>
pub fn load(path: &Path) -> Result<Self, ApiKeyError>
Load API key entries from a JSON file.
Returns an empty store if the file does not exist.
Sourcepub fn revoke(&self, key_id: &str)
pub fn revoke(&self, key_id: &str)
Mark a key ID as revoked; subsequent validate_detailed calls for that
key will return Err(KeyNotValid::Revoked).
Sourcepub fn validate_detailed(
&self,
raw_key: &str,
) -> Result<&ApiKeyEntry, KeyNotValid>
pub fn validate_detailed( &self, raw_key: &str, ) -> Result<&ApiKeyEntry, KeyNotValid>
Validate a raw API key and distinguish revoked from not-found.
Returns Ok(&ApiKeyEntry) on success, Err(KeyNotValid::Revoked) if the
key exists but has been revoked, or Err(KeyNotValid::NotFound) for any
other failure (parse error, wrong hash, unknown key).
Sourcepub fn validate(&self, raw_key: &str) -> Option<&ApiKeyEntry>
pub fn validate(&self, raw_key: &str) -> Option<&ApiKeyEntry>
Validate a raw API key string against stored entries.
Returns the matching entry if the key is valid, or None if no match.
Use validate_detailed when the caller needs
to distinguish revoked keys from unknown keys.