ares/auth/mod.rs
1//! JWT Authentication and Middleware
2//!
3//! This module provides authentication infrastructure for the A.R.E.S API,
4//! including JWT token generation/validation and Axum middleware.
5//!
6//! # Module Structure
7//!
8//! - [`auth::jwt`](crate::auth::jwt) - JWT token encoding, decoding, and claims
9//! - [`auth::middleware`](crate::auth::middleware) - Axum layers and extractors for authentication
10//!
11//! # Security Features
12//!
13//! - **Password Hashing**: Uses Argon2id (memory-hard) for secure password storage
14//! - **JWT Tokens**: HS256 signed tokens with configurable expiration
15//! - **Claims**: Standard JWT claims plus custom user data
16//!
17//! # Usage
18//!
19//! ## Token Generation
20//!
21//! ```ignore
22//! use ares::auth::jwt::{encode_jwt, Claims};
23//!
24//! let claims = Claims::new(user_id, username, &config.jwt_secret, expiry_hours);
25//! let token = encode_jwt(&claims, &config.jwt_secret)?;
26//! ```
27//!
28//! ## Middleware
29//!
30//! The `AuthLayer` middleware validates JWT tokens and injects `Claims` into
31//! the request extensions:
32//!
33//! ```ignore
34//! use ares::auth::middleware::AuthLayer;
35//!
36//! let app = Router::new()
37//! .route("/protected", get(handler))
38//! .layer(AuthLayer::new(jwt_secret));
39//! ```
40//!
41//! ## Extracting Claims in Handlers
42//!
43//! ```ignore
44//! async fn protected_handler(
45//! Extension(claims): Extension<Claims>,
46//! ) -> impl IntoResponse {
47//! format!("Hello, {}!", claims.sub)
48//! }
49//! ```
50//!
51//! # Configuration
52//!
53//! Configure via `ares.toml`:
54//! ```toml
55//! [server]
56//! jwt_secret = "your-secret-key" # Required, use a strong random value
57//! jwt_expiry_hours = 24 # Token validity duration
58//! ```
59
60/// JWT token generation, validation, and password hashing services.
61pub mod jwt;
62/// Authentication middleware and extractors for protected routes.
63pub mod middleware;