Struct AllowThemBuilder 

pub struct AllowThemBuilder { /* private fields */ }

Builder for constructing a configured AllowThem handle.

Implementations

impl AllowThemBuilder

pub fn new(url: impl Into<String>) -> Self

Start building from a database URL.

At build time, calls Db::connect(url) which creates the pool, sets pragmas (foreign_keys, WAL, busy_timeout), and runs migrations.

pub fn with_pool(pool: SqlitePool) -> Self

Start building from an existing pool.

At build time, calls Db::new(pool) which runs migrations. The caller is responsible for pragma configuration on their pool.

pub fn session_ttl(self, ttl: Duration) -> Self

Override session TTL. Default: 24 hours.

pub fn cookie_name(self, name: &'static str) -> Self

Override session cookie name. Default: "allowthem_session".

pub fn cookie_secure(self, secure: bool) -> Self

Set the Secure attribute on session cookies.

Default: true. Set to false for local development over HTTP.

pub fn cookie_domain(self, domain: impl Into<String>) -> Self

Set the Domain attribute on session cookies.

Default: empty (omitted). When set, the cookie is sent to the domain and all its subdomains.

pub fn mfa_key(self, key: [u8; 32]) -> Self

Set the AES-256-GCM encryption key for MFA secrets.

When not set, all MFA operations return AuthError::MfaNotConfigured. This keeps MFA opt-in for embedded integrators who don’t need it.

pub fn signing_key(self, key: [u8; 32]) -> Self

Set the AES-256-GCM encryption key for RS256 signing key storage.

Required for OIDC/standalone mode. When not set, all signing key operations return AuthError::SigningKeyNotConfigured.

pub fn base_url(self, url: impl Into<String>) -> Self

Set the base URL (issuer) for the OIDC provider.

Required for standalone mode. Used as the iss claim in tokens and for issuer validation on incoming access tokens. When not set, OIDC operations return AuthError::BaseUrlNotConfigured.

pub fn csrf_key(self, key: [u8; 32]) -> Self

Set the HMAC key for session-bound CSRF token derivation.

Required for csrf_middleware in crates/server. If not set, csrf_middleware returns 500. Use 32 random bytes distinct from mfa_key and signing_key.

pub fn on_user_active(self, callback: OnUserActive) -> Self

Register a callback invoked after every active authentication event.

“Active” means: successful password login, OAuth callback completion, MFA/TOTP completion, and OIDC access token issuance (authorization code exchange). Session validation, token refresh, and API token checks do not fire the callback.

The callback must not block. Use a channel-send if heavy work is needed. Panics inside the callback are caught, logged via tracing::error!, and never propagated to the caller.

Primarily used by the SaaS binary to record MAU into the control plane.

pub fn email_sender(self, sender: Box<dyn EmailSender>) -> Self

Register the email sender used by every email-bearing flow (password reset, email verification, invitations, MFA recovery).

Default is NoopEmailSender, which silently drops messages — call this method for any production deployment. A tracing::warn! is emitted at build time if the default is left in place.

Email flows that compose URLs (send_password_reset_email, send_verification_email) also require base_url to be set.

pub fn event_sink(self, sink: Box<dyn EventSink>) -> Self

Register the event sink that fires for every state-changing auth operation.

Default is NoopEventSink (silent). The SaaS binary will register a sink that writes rows to webhook_deliveries for outbound HTTP delivery (epic 7xw.2). Embedded integrators that do not need webhook delivery can leave this unset.

pub async fn build(self) -> Result<AllowThem, BuildError>

Construct the AllowThem handle.

Connects to (or wraps) the database, runs migrations, and assembles the session configuration from overrides plus defaults.