Skip to main content

IdentityGate

aperion_shield::identity

Struct IdentityGate 

Source 
pub struct IdentityGate { /* private fields */ }
Expand description

The IdentityGate is the single object main.rs interacts with. It owns the provider registry, the signed proof cache, and (lazily) the local callback server.

Construction is cheap (loads config, opens cache file, generates or loads the signing key). The callback server is not spun up until the first [IdentityGate::start_challenge] call – shields that never hit an identity-gated rule pay zero runtime cost.

Implementations§

Source§

impl IdentityGate

Source

pub fn new( config: IdentityConfig, providers: Vec<Arc<dyn IdentityProvider>>, state_dir: PathBuf, ) -> Result<Self>

Build a gate from a config and a list of provider implementations. Cache key + signing keypair live in <state_dir> (typically ~/.aperion-shield).

Source

pub fn cached_proof_for(&self, req: &Requirement) -> Option<Proof>

Look up a cached proof satisfying req. None means we have to prompt the user.

Source

pub fn provider(&self, id: &str) -> Option<Arc<dyn IdentityProvider>>

Provider with the given id, or None.

Source

pub async fn callback_base(&self) -> Result<String>

Ensure the callback server is running and return its base URL (e.g. http://127.0.0.1:53201).

Source

pub async fn register_inflight( &self, challenge: &Challenge, requirement: Requirement, provider: String, rule_id: String, ) -> Result<()>

Hand the gate a freshly-minted challenge so the callback server can correlate the user’s redirect back to its in-flight state.

Source

pub async fn wait_for_proof( &self, req: &Requirement, hold_seconds: u64, ) -> Option<Proof>

Block up to hold_seconds waiting for a proof to land in the cache for req. Returns the proof if one arrives; None on timeout. Callers should treat None as “tell the agent to retry”.

Source

pub fn mint_and_cache( &self, vi: &VerifiedIdentity, req: &Requirement, ) -> Result<Proof>

Persist a freshly-verified identity as a signed proof.

Source

pub fn cached_count(&self) -> usize

Number of valid (signature-verified, non-expired) proofs cached.

Source

pub fn flush(&self) -> Result<usize>

Drop every cached proof. Returns how many were evicted.

Source

pub fn hold_seconds(&self) -> u64

Hold seconds configured for this gate.

Source

pub fn has_ready_provider(&self) -> bool

True if at least one provider is registered AND ready.

Source

pub fn config(&self) -> &IdentityConfig

Read-only access to the loaded config.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more