Skip to main content

AuthProvider

apcore_cli::security::auth

Struct AuthProvider

pub struct AuthProvider { /* private fields */ }

Expand description

Provides API key retrieval and HTTP request authentication for the CLI.

API key resolution order:

Environment variable APCORE_AUTH_API_KEY
Config resolver auth.api_key field (may be keyring: or enc: prefixed)
Return None if neither is present.

Audit D1-006 parity (v0.6.x): the optional encryptor injection slot mirrors the TypeScript AuthProvider(config, encryptor?) constructor. When omitted, a fresh ConfigEncryptor is constructed lazily on first keyring/enc lookup.

Implementations§

impl AuthProvider

pub fn new(config: ConfigResolver) -> Self

Create a new AuthProvider with the given configuration resolver. The encryptor is constructed lazily on first keyring/enc lookup.

pub fn with_encryptor( config: ConfigResolver, encryptor: ConfigEncryptor, ) -> Self

Create a new AuthProvider with an explicit ConfigEncryptor. Useful for tests that want to inject a new_forced_aes() instance.

pub fn get_api_key(&self) -> Result<Option<String>, AuthenticationError>

Retrieve the API key using the resolution order above.

Returns Ok(None) when no key is configured, Ok(Some(key)) on success, or Err(DecryptionFailed) when a stored encrypted key cannot be decoded — distinguishes “not configured” from “stored key is corrupt”, which matters for user diagnostics.

pub fn authenticate_request( &self, headers: HashMap<String, String>, ) -> Result<HashMap<String, String>, AuthenticationError>

Add the Authorization header to the given headers map and return it.

Spec (SEC-02) cross-SDK contract: “On success: the input headers dict with Authorization added”. Takes ownership of the map, augments it, and returns it — matching Python’s mutate-and-return semantics. Callers who need to keep the original map should clone before passing.

§Errors

AuthenticationError::MissingApiKey — no key is configured.
AuthenticationError::DecryptionFailed — stored key cannot be decrypted.
AuthenticationError::MalformedApiKey — key contains CR/LF that HTTP rejects.

pub fn apply_to_reqwest( &self, builder: RequestBuilder, ) -> Result<RequestBuilder, AuthenticationError>

Inject the Authorization header into a reqwest::RequestBuilder.

Convenience adapter over authenticate_request for reqwest-based callers.

pub fn check_status_code(&self, status: u16) -> Result<(), AuthenticationError>

Check an HTTP status code for authentication errors.

Returns Ok(()) for non-auth-error codes, Err(InvalidApiKey) for 401/403. This is the testable core of handle_response.

pub fn handle_response( &self, response: Response, ) -> Result<Response, AuthenticationError>

Inspect an HTTP response for 401/403 codes and raise the appropriate error.

Returns the response unchanged if authentication succeeded.

Auto Trait Implementations§

impl Freeze for AuthProvider

impl RefUnwindSafe for AuthProvider

impl Send for AuthProvider

impl Sync for AuthProvider

impl Unpin for AuthProvider

impl UnsafeUnpin for AuthProvider

impl UnwindSafe for AuthProvider

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more