Expand description
Auth: sessions, guards, policies. Argon2-backed.
Structs§
- ApiGuard
- Auth
- The
Auth<U>extractor. On every request, looks up the session, reads the stored user ID, and loads the user viaU::find_by_id. Returns 401 if there’s no session, no user_id, or no matching user. - Auth
Manager - Manager-level auth state. Currently holds a hashing pepper toggle; future expansion: multiple guards, OAuth providers, etc.
- Guarded
- Optional
Auth - Optional version of
Auth<U>— returnsNoneinstead of 401 when the user isn’t authenticated. Useful for routes that customize their response based on auth state (e.g., a home page that shows “Login” vs the user’s name). - WebGuard
- Phantom guard markers. The current
Auth<U>extractor is session-only; these are reserved so v0.2 can add bearer-token guards via type parameter.
Constants§
Traits§
- Authenticatable
- Marker trait for app-defined user models that participate in auth.
- Guard
- Policy
- Policy trait: implementations decide whether
usercan performabilityonsubject.
Functions§
- attempt
- Run a credentials-based login attempt. Returns the authenticated user
or
Noneif credentials are invalid. Does NOT persist the login — callloginto write the user ID into the session. - authorize
- Convenience: ability-check shorthand. Returns
Error::Forbiddenon failure. - hash_
password - Hash a password using argon2id. Returns the encoded PHC string.
- login
- Persist a user as authenticated for the current session.
- logout
- Clear the authenticated user from the session.
- verify_
password - Verify a plaintext password against an encoded PHC string.