Skip to main content

ContextExtractor

ash_rpc::auth

Trait ContextExtractor 

Source 
pub trait ContextExtractor: Send + Sync {
    // Required method
    fn extract<'life0, 'async_trait>(
        &'life0 self,
        remote_addr: Option<SocketAddr>,
        metadata: Option<Arc<dyn Any + Send + Sync>>,
    ) -> Pin<Box<dyn Future<Output = ConnectionContext> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
}
Expand description

Trait for extracting authentication context from connections

Implement this to extract auth data from your transport layer. The library will call this when a new connection is established.

§What you can extract:

  • TLS client certificates for mutual TLS authentication
  • IP addresses for whitelisting/geoblocking
  • Custom connection-level authentication tokens
  • Any connection metadata you need for auth decisions

§Example: TLS Certificate Extraction

use ash_rpc::auth::{ContextExtractor, ConnectionContext};

struct TlsContextExtractor;

#[async_trait::async_trait]
impl ContextExtractor for TlsContextExtractor {
    async fn extract(&self, stream: &tokio_rustls::server::TlsStream<tokio::net::TcpStream>) -> ConnectionContext {
        let mut ctx = ConnectionContext::new();
         
        // Extract TLS peer certificates
        if let Some(certs) = stream.get_ref().1.peer_certificates() {
            ctx.insert("peer_certs".to_string(), certs.clone());
        }
         
        // Extract client IP
        if let Ok(addr) = stream.get_ref().0.peer_addr() {
            ctx.remote_addr = Some(addr);
        }
         
        ctx
    }
}

Required Methods§

Source

fn extract<'life0, 'async_trait>( &'life0 self, remote_addr: Option<SocketAddr>, metadata: Option<Arc<dyn Any + Send + Sync>>, ) -> Pin<Box<dyn Future<Output = ConnectionContext> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Extract connection context for authentication

This is called once when a connection is established. The returned context is passed to the auth policy for each request.

§Arguments
  • remote_addr - Remote socket address of the connection
  • metadata - Optional transport-specific metadata (e.g., TLS session data)
§Returns

A ConnectionContext with whatever data you need for auth

Implementors§