apfsds_protocol/
auth.rs

1//! Authentication structures
2
3use rkyv::{Archive, Deserialize, Serialize};
4
5/// Authentication request from client
6#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
7#[rkyv(derive(Debug))]
8pub struct AuthRequest {
9    /// HMAC base: "user_id:timestamp:random"
10    pub hmac_base: Vec<u8>,
11
12    /// HMAC signature
13    pub hmac_signature: [u8; 32],
14
15    /// Client's Ed25519 public key (for response encryption)
16    pub client_pk: [u8; 32],
17
18    /// Random nonce (replay protection)
19    pub nonce: [u8; 32],
20
21    /// Request timestamp (milliseconds)
22    pub timestamp: u64,
23}
24
25/// Authentication response from server
26#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
27#[rkyv(derive(Debug))]
28pub struct AuthResponse {
29    /// One-time connection token
30    pub token: Vec<u8>,
31
32    /// Token expiration timestamp
33    pub valid_until: u64,
34
35    /// Optional emergency warning
36    pub warning: Option<EmergencyWarning>,
37}
38
39/// Emergency warning in auth response
40#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
41#[rkyv(derive(Debug))]
42pub struct EmergencyWarning {
43    /// Warning level
44    pub level: String,
45
46    /// Recommended action
47    pub action: String,
48
49    /// When to trigger the action
50    pub trigger_after: u64,
51}
52
53/// Token payload (signed by server)
54#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
55#[rkyv(derive(Debug))]
56pub struct TokenPayload {
57    /// User ID
58    pub user_id: u64,
59
60    /// Nonce from auth request
61    pub nonce: [u8; 32],
62
63    /// Issue timestamp
64    pub issued_at: u64,
65
66    /// Expiration timestamp
67    pub valid_until: u64,
68}
69
70/// Connection record for MVCC storage
71#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
72#[rkyv(derive(Debug))]
73pub struct ConnRecord {
74    /// Connection ID
75    pub conn_id: u64,
76
77    /// Connection metadata
78    pub metadata: ConnMeta,
79
80    /// Creation timestamp
81    pub created_at: u64,
82
83    /// Last activity timestamp
84    pub last_active: u64,
85
86    /// Access counter
87    pub access_count: u32,
88
89    /// MVCC transaction ID
90    pub txid: u64,
91}
92
93/// Connection metadata
94#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
95#[rkyv(derive(Debug))]
96pub struct ConnMeta {
97    /// Client address (IPv6)
98    pub client_addr: [u8; 16],
99
100    /// NAT entry (local_port, remote_port)
101    pub nat_entry: (u16, u16),
102
103    /// Assigned pod ID
104    pub assigned_pod: u32,
105
106    /// Stream states for multiplexing
107    pub stream_states: Vec<StreamState>,
108}
109
110/// Stream state for multiplexed connections
111#[derive(Archive, Serialize, Deserialize, Debug, Clone)]
112#[rkyv(derive(Debug))]
113pub struct StreamState {
114    /// Stream ID
115    pub stream_id: u32,
116
117    /// Bytes sent
118    pub bytes_sent: u64,
119
120    /// Bytes received
121    pub bytes_received: u64,
122
123    /// Is stream closed
124    pub is_closed: bool,
125}