1use thiserror::Error;
4
5pub type Result<T> = std::result::Result<T, AuthError>;
7
8#[derive(Error, Debug)]
10pub enum AuthError {
11 #[error("Configuration error: {message}")]
13 Configuration { message: String },
14
15 #[error("Authentication method '{method}' error: {message}")]
17 AuthMethod { method: String, message: String },
18
19 #[error("Token error: {0}")]
21 Token(#[from] TokenError),
22
23 #[error("Permission error: {0}")]
25 Permission(#[from] PermissionError),
26
27 #[error("Storage error: {0}")]
29 Storage(#[from] StorageError),
30
31 #[error("Network error: {0}")]
33 Network(#[from] reqwest::Error),
34
35 #[error("JSON error: {0}")]
37 Json(#[from] serde_json::Error),
38
39 #[error("JWT error: {0}")]
41 Jwt(#[from] jsonwebtoken::errors::Error),
42
43 #[error("Rate limit exceeded: {message}")]
45 RateLimit { message: String },
46
47 #[error("MFA error: {0}")]
49 Mfa(#[from] MfaError),
50
51 #[error("Cryptography error: {message}")]
53 Crypto { message: String },
54
55 #[error("Validation error: {message}")]
57 Validation { message: String },
58
59 #[error("Internal error: {message}")]
61 Internal { message: String },
62}
63
64#[derive(Error, Debug)]
66pub enum TokenError {
67 #[error("Token has expired")]
68 Expired,
69
70 #[error("Token is invalid")]
71 Invalid,
72
73 #[error("Token not found")]
74 NotFound,
75
76 #[error("Token creation failed: {message}")]
77 CreationFailed { message: String },
78
79 #[error("Token refresh failed: {message}")]
80 RefreshFailed { message: String },
81
82 #[error("Token revocation failed: {message}")]
83 RevocationFailed { message: String },
84}
85
86#[derive(Error, Debug)]
88pub enum PermissionError {
89 #[error("Access denied: missing permission '{permission}' for resource '{resource}'")]
90 AccessDenied { permission: String, resource: String },
91
92 #[error("Role '{role}' not found")]
93 RoleNotFound { role: String },
94
95 #[error("Permission '{permission}' not found")]
96 PermissionNotFound { permission: String },
97
98 #[error("Invalid permission format: {message}")]
99 InvalidFormat { message: String },
100}
101
102#[derive(Error, Debug)]
104pub enum StorageError {
105 #[error("Connection failed: {message}")]
106 ConnectionFailed { message: String },
107
108 #[error("Operation failed: {message}")]
109 OperationFailed { message: String },
110
111 #[error("Serialization error: {message}")]
112 Serialization { message: String },
113
114 #[error("Storage backend not available")]
115 BackendUnavailable,
116}
117
118#[derive(Error, Debug)]
120pub enum MfaError {
121 #[error("MFA challenge expired")]
122 ChallengeExpired,
123
124 #[error("Invalid MFA code")]
125 InvalidCode,
126
127 #[error("MFA method not supported: {method}")]
128 MethodNotSupported { method: String },
129
130 #[error("MFA setup required")]
131 SetupRequired,
132
133 #[error("MFA verification failed: {message}")]
134 VerificationFailed { message: String },
135}
136
137impl AuthError {
138 pub fn config(message: impl Into<String>) -> Self {
140 Self::Configuration {
141 message: message.into(),
142 }
143 }
144
145 pub fn auth_method(method: impl Into<String>, message: impl Into<String>) -> Self {
147 Self::AuthMethod {
148 method: method.into(),
149 message: message.into(),
150 }
151 }
152
153 pub fn rate_limit(message: impl Into<String>) -> Self {
155 Self::RateLimit {
156 message: message.into(),
157 }
158 }
159
160 pub fn crypto(message: impl Into<String>) -> Self {
162 Self::Crypto {
163 message: message.into(),
164 }
165 }
166
167 pub fn validation(message: impl Into<String>) -> Self {
169 Self::Validation {
170 message: message.into(),
171 }
172 }
173
174 pub fn internal(message: impl Into<String>) -> Self {
176 Self::Internal {
177 message: message.into(),
178 }
179 }
180}
181
182impl TokenError {
183 pub fn creation_failed(message: impl Into<String>) -> Self {
185 Self::CreationFailed {
186 message: message.into(),
187 }
188 }
189
190 pub fn refresh_failed(message: impl Into<String>) -> Self {
192 Self::RefreshFailed {
193 message: message.into(),
194 }
195 }
196
197 pub fn revocation_failed(message: impl Into<String>) -> Self {
199 Self::RevocationFailed {
200 message: message.into(),
201 }
202 }
203}
204
205impl PermissionError {
206 pub fn access_denied(permission: impl Into<String>, resource: impl Into<String>) -> Self {
208 Self::AccessDenied {
209 permission: permission.into(),
210 resource: resource.into(),
211 }
212 }
213
214 pub fn role_not_found(role: impl Into<String>) -> Self {
216 Self::RoleNotFound {
217 role: role.into(),
218 }
219 }
220
221 pub fn permission_not_found(permission: impl Into<String>) -> Self {
223 Self::PermissionNotFound {
224 permission: permission.into(),
225 }
226 }
227
228 pub fn invalid_format(message: impl Into<String>) -> Self {
230 Self::InvalidFormat {
231 message: message.into(),
232 }
233 }
234}
235
236impl StorageError {
237 pub fn connection_failed(message: impl Into<String>) -> Self {
239 Self::ConnectionFailed {
240 message: message.into(),
241 }
242 }
243
244 pub fn operation_failed(message: impl Into<String>) -> Self {
246 Self::OperationFailed {
247 message: message.into(),
248 }
249 }
250
251 pub fn serialization(message: impl Into<String>) -> Self {
253 Self::Serialization {
254 message: message.into(),
255 }
256 }
257}
258
259impl MfaError {
260 pub fn method_not_supported(method: impl Into<String>) -> Self {
262 Self::MethodNotSupported {
263 method: method.into(),
264 }
265 }
266
267 pub fn verification_failed(message: impl Into<String>) -> Self {
269 Self::VerificationFailed {
270 message: message.into(),
271 }
272 }
273}