pub struct ApiKeyManagerV0 { /* private fields */ }Expand description
ApiKeyManager is storable object used to generate and verify API keys. It contains immutable config data necessary to operate. It does NOT contain ANY sensitive data.
Implementations§
Source§impl ApiKeyManagerV0
Auto-generated by derive_getters::Getters.
impl ApiKeyManagerV0
Auto-generated by derive_getters::Getters.
Source§impl ApiKeyManagerV0
impl ApiKeyManagerV0
pub fn init( prefix: impl Into<String>, config: KeyConfig, hash_config: HashConfig, ) -> Result<Self, ConfigError>
pub fn init_default_config( prefix: impl Into<String>, ) -> Result<Self, ConfigError>
pub fn init_high_security_config( prefix: impl Into<String>, ) -> Result<Self, ConfigError>
Sourcepub fn generate(
&self,
environment: impl Into<Environment>,
) -> Result<ApiKey<Hash>>
pub fn generate( &self, environment: impl Into<Environment>, ) -> Result<ApiKey<Hash>>
Generates a new API key for the specified environment.
The generated key includes a checksum (if enabled) for fast DoS protection.
§Example
let key = manager.generate(Environment::production())?;
println!("Key: {}", key.key().expose_secret());Sourcepub fn generate_with_expiry(
&self,
environment: impl Into<Environment>,
expiry: DateTime<Utc>,
) -> Result<ApiKey<Hash>>
pub fn generate_with_expiry( &self, environment: impl Into<Environment>, expiry: DateTime<Utc>, ) -> Result<ApiKey<Hash>>
Generates a new API key with an expiration timestamp.
The expiration is embedded in the key itself, making it stateless. Keys are automatically rejected after the expiry time without database lookups.
§Use Cases
- Trial keys (7-30 days)
- Temporary partner access
- Time-limited API access
§Example
// Create a 7-day trial key
let expiry = Utc::now() + Duration::days(7);
let key = manager.generate_with_expiry(Environment::production(), expiry)?;Sourcepub fn verify(
&self,
key: &SecureString,
stored_hash: impl AsRef<str>,
) -> Result<KeyStatus>
pub fn verify( &self, key: &SecureString, stored_hash: impl AsRef<str>, ) -> Result<KeyStatus>
Verifies an API key against a stored hash.
Returns KeyStatus indicating whether the key is valid or invalid.
§Security Flow
- Checksum validation (if enabled): Rejects invalid keys in ~20μs
- Argon2 verification: Verifies hash for valid checksums (~300ms)
- Expiry check: Returns
Invalidif the key’s timestamp has passed
§Returns
KeyStatus::Valid- Key is valid and not expiredKeyStatus::Invalid- Key is invalid (wrong key, hash mismatch, checksum failed, or expired)
§Note on Revocation
This method does NOT check revocation status. To implement key revocation:
- Mark the hash as revoked in your database
- Check revocation status before calling this method
- Only call
verify()for non-revoked hashes
§Example
match manager.verify(key.key(), key.hash())? {
KeyStatus::Valid => { /* grant access */ },
KeyStatus::Invalid => { /* reject - wrong key or expired */ },
}pub fn verify_checksum(&self, key: &SecureString) -> Result<bool>
Trait Implementations§
Source§impl Clone for ApiKeyManagerV0
impl Clone for ApiKeyManagerV0
Source§fn clone(&self) -> ApiKeyManagerV0
fn clone(&self) -> ApiKeyManagerV0
Returns a duplicate of the value. Read more
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moreAuto Trait Implementations§
impl Freeze for ApiKeyManagerV0
impl RefUnwindSafe for ApiKeyManagerV0
impl Send for ApiKeyManagerV0
impl Sync for ApiKeyManagerV0
impl Unpin for ApiKeyManagerV0
impl UnwindSafe for ApiKeyManagerV0
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more