Skip to main content

ap_client/
lib.rs

1//! Noise Protocol Clients for access-protocol
2//!
3//! This crate provides both remote and user client implementations for
4//! connecting through a proxy using the Noise Protocol.
5//!
6//! ## Features
7//!
8//! - PSK-based authentication using pairing codes
9//! - Noise Protocol NNpsk2 pattern for secure 2-message handshake
10//! - Session caching for reconnection without re-pairing
11//! - Supports both classical (Curve25519) and post-quantum (Kyber768) cryptography
12//!
13//! ## Remote Client Usage (untrusted device)
14//!
15//! ```ignore
16//! use ap_client::{RemoteClient, RemoteClientHandle, DefaultProxyClient, IdentityProvider, SessionStore};
17//! use ap_proxy_client::ProxyClientConfig;
18//!
19//! // Create proxy client
20//! let proxy_client = Box::new(DefaultProxyClient::new(ProxyClientConfig {
21//!     proxy_url: "ws://localhost:8080".to_string(),
22//!     identity_keypair: Some(identity_provider.identity().to_owned()),
23//! }));
24//!
25//! // Connect — spawns event loop internally, returns handle with channels
26//! let RemoteClientHandle { client, mut notifications, mut requests } =
27//!     RemoteClient::connect(identity_provider, session_store, proxy_client).await?;
28//!
29//! // Pair with rendezvous code
30//! client.pair_with_handshake("ABCDEF123".to_string(), false).await?;
31//!
32//! let query = ap_client::CredentialQuery::Domain("example.com".to_string());
33//! let credential = client.request_credential(&query).await?;
34//! ```
35//!
36//! ## User Client Usage (trusted device)
37//!
38//! ```ignore
39//! use ap_client::{DefaultProxyClient, IdentityProvider, UserClient, UserClientHandle};
40//! use ap_proxy_client::ProxyClientConfig;
41//!
42//! // Create proxy client
43//! let proxy_client = Box::new(DefaultProxyClient::new(ProxyClientConfig {
44//!     proxy_url: "ws://localhost:8080".to_string(),
45//!     identity_keypair: Some(identity_provider.identity().to_owned()),
46//! }));
47//!
48//! // Connect — spawns event loop internally, returns handle with channels
49//! let UserClientHandle { client, mut notifications, mut requests } =
50//!     UserClient::connect(identity_provider, session_store, proxy_client, None).await?;
51//!
52//! // Already listening. Just use it.
53//! let token = client.get_psk_token(None).await?;
54//! // Or: let code = client.get_rendezvous_token(None).await?;
55//! ```
56
57/// Error types
58pub mod error;
59/// Proxy client trait and default implementation
60pub mod proxy;
61/// Traits for storage implementations
62pub mod traits;
63/// Protocol types and events
64pub mod types;
65
66mod clients;
67pub(crate) mod compat;
68
69pub use clients::remote_client::{
70    RemoteClient, RemoteClientFingerprintReply, RemoteClientHandle, RemoteClientNotification,
71    RemoteClientRequest,
72};
73pub use clients::user_client::{
74    CredentialRequestReply, FingerprintVerificationReply, UserClient, UserClientHandle,
75    UserClientNotification, UserClientRequest,
76};
77pub use error::ClientError;
78#[cfg(feature = "native-websocket")]
79pub use proxy::DefaultProxyClient;
80pub use proxy::ProxyClient;
81pub use traits::{
82    AuditConnectionType, AuditEvent, AuditLog, CredentialFieldSet, IdentityProvider, NoOpAuditLog,
83    SessionStore,
84};
85pub use types::{ConnectionMode, CredentialData, CredentialQuery, PskId};
86
87// Re-export ap-proxy-protocol types
88pub use ap_proxy_protocol::{IdentityFingerprint, RendezvousCode};
89// Re-export PSK type from noise protocol
90pub use ap_noise::{MultiDeviceTransport, Psk};