Skip to main content

CapabilityStore

astrid_capabilities

Struct CapabilityStore 

Source 
pub struct CapabilityStore { /* private fields */ }
Expand description

Capability store with both session and persistent storage.

Implementations§

Source§

impl CapabilityStore

Source

pub fn in_memory() -> Self

Create an in-memory only store (no persistence).

Source

pub fn with_persistence(path: impl AsRef<Path>) -> CapabilityResult<Self>

Create a store with persistence.

§Errors

Returns an error if the database cannot be opened or read.

Source

pub fn with_kv_store(store: Arc<dyn KvStore>) -> CapabilityResult<Self>

Create a store backed by an existing KvStore (for shared stores).

§Errors

Returns an error if loading existing revoked/used tokens fails.

Source

pub fn add(&self, token: CapabilityToken) -> CapabilityResult<()>

Add a capability token.

§Errors

Returns an error if the token is invalid or storage fails.

Source

pub fn get( &self, token_id: &TokenId, ) -> CapabilityResult<Option<CapabilityToken>>

Get a token by ID.

§Errors

Returns CapabilityError::TokenRevoked if the token has been revoked, or a storage error if reading fails.

Source

pub fn has_capability(&self, resource: &str, permission: Permission) -> bool

Check if there’s a capability for a resource and permission.

Source

pub fn find_capability( &self, resource: &str, permission: Permission, ) -> Option<CapabilityToken>

Find a token that grants a capability.

Source

pub fn revoke(&self, token_id: &TokenId) -> CapabilityResult<()>

Revoke a token.

§Errors

Returns an error if storage operations fail.

Source

pub fn clear_session(&self) -> CapabilityResult<()>

Clear all session tokens.

§Errors

Returns an error if the lock cannot be acquired.

Source

pub fn mark_used(&self, token_id: &TokenId) -> CapabilityResult<()>

Mark a single-use token as used.

This should be called after successfully using a single-use token to prevent replay attacks.

§Errors

Returns an error if the token was already used or storage fails.

Source

pub fn is_used(&self, token_id: &TokenId) -> bool

Check if a single-use token has been used.

Source

pub fn use_token(&self, token_id: &TokenId) -> CapabilityResult<CapabilityToken>

Validate and optionally consume a token.

For single-use tokens, this marks them as used. For regular tokens, this just validates them.

§Errors

Returns an error if the token is invalid, expired, revoked, or already used.

Source

pub fn list_tokens(&self) -> CapabilityResult<Vec<CapabilityToken>>

List all valid tokens.

§Errors

Returns an error if storage operations fail.

Source

pub fn cleanup_expired(&self) -> CapabilityResult<usize>

Cleanup expired tokens from persistent storage.

§Errors

Returns an error if storage operations fail.

Trait Implementations§

Source§

impl Debug for CapabilityStore

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for CapabilityStore

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more