api_keys_simplified/lib.rs
1#![forbid(unsafe_code)]
2//! # API Keys Simplified
3//!
4//! Secure API key generation and validation with sensible defaults.
5//!
6//! ## Quick Start
7//!
8//! ```rust
9//! use api_keys_simplified::{ApiKeyManagerV0, Environment, ExposeSecret, KeyStatus};
10//!
11//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
12//! // Generate a new key with checksum (enabled by default for DoS protection)
13//! let generator = ApiKeyManagerV0::init_default_config("sk")?;
14//! let key = generator.generate(Environment::production())?;
15//! println!("Key: {}", key.key().expose_secret()); // Show once to user
16//! let hash = key.hash(); // Store this in database
17//!
18//! // Validate a key - checksum is verified first for DoS protection
19//! let status = generator.verify(key.key(), hash)?;
20//! assert_eq!(status, KeyStatus::Valid);
21//! # Ok(())
22//! # }
23//! ```
24//!
25//! ## Why Use Checksums?
26//!
27//! Keys with checksums provide **2900x faster rejection** of invalid keys:
28//! - Invalid keys rejected in ~20μs (checksum validation)
29//! - Valid keys verified in ~300ms (Argon2 hashing)
30//! - **Protects against DoS attacks** via malformed keys
31//!
32//! The checksum uses BLAKE3 (cryptographic hash) for integrity verification.
33
34mod config;
35mod domain;
36mod error;
37mod generator;
38mod hasher;
39mod secure;
40mod token_parser;
41mod validator;
42
43pub use config::{
44 ChecksumAlgo, Environment, HashConfig, KeyConfig, KeyPrefix, KeyVersion, Separator,
45};
46pub use domain::{ApiKey, ApiKeyManagerV0, Hash, NoHash};
47pub use error::{ConfigError, Error, Result};
48pub use secure::{SecureString, SecureStringExt};
49pub use validator::KeyStatus;
50
51// Re-export secrecy traits for convenience
52pub use secrecy::ExposeSecret;