auth_framework/lib.rs
1//! # Auth Framework
2//!
3//! A comprehensive authentication and authorization framework for Rust applications.
4//!
5//! This crate provides a unified interface for various authentication methods,
6//! token management, permission checking, and secure credential handling with
7//! a focus on distributed systems.
8//!
9//! ## Features
10//!
11//! - Multiple authentication methods (OAuth, API keys, JWT, etc.)
12//! - Token issuance, validation, and refresh
13//! - Role-based access control integration
14//! - Permission checking and enforcement
15//! - Secure credential storage
16//! - Authentication middleware for web frameworks
17//! - Distributed authentication with cross-node validation
18//! - Single sign-on capabilities
19//! - Multi-factor authentication support
20//! - Audit logging of authentication events
21//! - Rate limiting and brute force protection
22//! - Session management
23//! - Password hashing and validation
24//! - Customizable authentication flows
25//!
26//! ## Quick Start
27//!
28//! ```rust,no_run
29//! use auth_framework::{AuthFramework, AuthConfig};
30//! use auth_framework::methods::JwtMethod;
31//! use std::time::Duration;
32//!
33//! # #[tokio::main]
34//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
35//! // Configure the auth framework
36//! let config = AuthConfig::new()
37//! .token_lifetime(Duration::from_secs(3600))
38//! .refresh_token_lifetime(Duration::from_secs(86400 * 7));
39//!
40//! // Create the auth framework
41//! let mut auth = AuthFramework::new(config);
42//!
43//! // Register a JWT authentication method
44//! let jwt_method = JwtMethod::new()
45//! .secret_key("your-secret-key")
46//! .issuer("your-service");
47//!
48//! auth.register_method("jwt", Box::new(jwt_method));
49//!
50//! // Initialize the framework
51//! auth.initialize().await?;
52//!
53//! // Create a token
54//! let token = auth.create_auth_token(
55//! "user123",
56//! vec!["read".to_string(), "write".to_string()],
57//! "jwt",
58//! None,
59//! ).await?;
60//!
61//! // Validate the token
62//! if auth.validate_token(&token).await? {
63//! println!("Token is valid!");
64//!
65//! // Check permissions
66//! if auth.check_permission(&token, "read", "documents").await? {
67//! println!("User has permission to read documents");
68//! }
69//! }
70//! # Ok(())
71//! # }
72//! ```
73//!
74//! ## Security Considerations
75//!
76//! - Always use HTTPS in production
77//! - Use strong, unique secrets for token signing
78//! - Enable rate limiting to prevent brute force attacks
79//! - Regularly rotate secrets and keys
80//! - Monitor authentication events for suspicious activity
81//! - Follow the principle of least privilege for permissions
82//!
83//! See the [Security Policy](https://github.com/yourusername/auth-framework/blob/main/SECURITY.md)
84//! for comprehensive security guidelines.
85
86pub mod auth;
87pub mod config;
88pub mod credentials;
89pub mod errors;
90pub mod methods;
91pub mod permissions;
92pub mod providers;
93pub mod storage;
94pub mod tokens;
95pub mod utils;
96
97// Testing utilities (behind feature flag)
98#[cfg(any(test, feature = "testing"))]
99pub mod testing;
100
101// Re-export main types for convenience
102pub use auth::{AuthFramework, AuthResult};
103pub use config::AuthConfig;
104pub use credentials::Credential;
105pub use errors::{AuthError, Result, DeviceFlowError, OAuthProviderError};
106pub use tokens::{AuthToken, TokenInfo};
107
108// Re-export method types
109pub use methods::{
110 ApiKeyMethod, JwtMethod, OAuth2Method, PasswordMethod,
111 AuthMethod, MethodResult,
112};
113
114// Re-export provider types
115pub use providers::{OAuthProvider, UserProfile, DeviceAuthorizationResponse};
116
117// Re-export permission types
118pub use permissions::{Permission, Role, PermissionChecker};
119
120// Re-export testing utilities when available
121#[cfg(any(test, feature = "testing"))]
122pub use testing::{MockAuthMethod, MockStorage, helpers};