pub struct AuthFramework { /* private fields */ }
Expand description
The primary authentication and authorization framework for Rust applications.
AuthFramework
is the central component that orchestrates all authentication
and authorization operations. It provides a unified interface for multiple
authentication methods, token management, session handling, and security monitoring.
§Core Capabilities
- Multi-Method Authentication: Support for password, OAuth2, MFA, passkeys, and custom methods
- Token Management: JWT token creation, validation, and lifecycle management
- Session Management: Secure session handling with configurable storage backends
- Permission System: Role-based and resource-based authorization
- Security Monitoring: Real-time threat detection and audit logging
- Rate Limiting: Configurable rate limiting for brute force protection
§Thread Safety
The framework is designed for concurrent use and can be safely shared across
multiple threads using Arc<AuthFramework>
.
§Storage Backends
Supports multiple storage backends:
- In-memory (for development/testing)
- Redis (for production with clustering)
- PostgreSQL (for persistent storage)
- Custom implementations via the
AuthStorage
trait
§Example
use auth_framework::{AuthFramework, AuthConfig};
// Create framework with default configuration
let config = AuthConfig::default();
let auth = AuthFramework::new(config);
// Register authentication methods
auth.register_method("password", password_method);
auth.register_method("oauth2", oauth2_method);
// Authenticate a user
let result = auth.authenticate("password", credential, metadata).await?;
§Security Considerations
- All tokens are signed with cryptographically secure keys
- Session data is encrypted at rest when using persistent storage
- Rate limiting prevents brute force attacks
- Audit logging captures all security-relevant events
- Configurable security policies for enterprise compliance
Implementations§
Source§impl AuthFramework
impl AuthFramework
Sourcepub fn new(config: AuthConfig) -> Self
pub fn new(config: AuthConfig) -> Self
Create a new authentication framework.
This method is infallible and creates a basic framework instance.
Configuration validation and component initialization is deferred to initialize()
.
This design improves API usability while maintaining security through proper initialization.
Sourcepub fn new_validated(config: AuthConfig) -> Result<Self>
pub fn new_validated(config: AuthConfig) -> Result<Self>
Create a new authentication framework with validation.
This method validates the configuration immediately and returns an error if the configuration is invalid. Use this when you want early validation.
Sourcepub fn register_method(
&mut self,
name: impl Into<String>,
method: AuthMethodEnum,
)
pub fn register_method( &mut self, name: impl Into<String>, method: AuthMethodEnum, )
Register an authentication method.
Sourcepub async fn initialize(&mut self) -> Result<()>
pub async fn initialize(&mut self) -> Result<()>
Initialize the authentication framework.
This method performs configuration validation, sets up secure components, and prepares the framework for use. It must be called before any other operations.
§Security Note
This method validates JWT secrets and replaces any temporary secrets with properly configured ones for production security.
Sourcepub async fn authenticate(
&self,
method_name: &str,
credential: Credential,
) -> Result<AuthResult>
pub async fn authenticate( &self, method_name: &str, credential: Credential, ) -> Result<AuthResult>
Authenticate a user with the specified method.
Sourcepub async fn authenticate_with_metadata(
&self,
method_name: &str,
credential: Credential,
metadata: CredentialMetadata,
) -> Result<AuthResult>
pub async fn authenticate_with_metadata( &self, method_name: &str, credential: Credential, metadata: CredentialMetadata, ) -> Result<AuthResult>
Authenticate a user with the specified method and metadata.
Sourcepub async fn complete_mfa(
&self,
challenge: MfaChallenge,
mfa_code: &str,
) -> Result<AuthToken>
pub async fn complete_mfa( &self, challenge: MfaChallenge, mfa_code: &str, ) -> Result<AuthToken>
Complete multi-factor authentication.
Sourcepub async fn validate_token(&self, token: &AuthToken) -> Result<bool>
pub async fn validate_token(&self, token: &AuthToken) -> Result<bool>
Validate a token.
Sourcepub async fn get_user_info(&self, token: &AuthToken) -> Result<UserInfo>
pub async fn get_user_info(&self, token: &AuthToken) -> Result<UserInfo>
Get user information from a token.
Sourcepub async fn check_permission(
&self,
token: &AuthToken,
action: &str,
resource: &str,
) -> Result<bool>
pub async fn check_permission( &self, token: &AuthToken, action: &str, resource: &str, ) -> Result<bool>
Check if a token has a specific permission.
Sourcepub async fn refresh_token(&self, token: &AuthToken) -> Result<AuthToken>
pub async fn refresh_token(&self, token: &AuthToken) -> Result<AuthToken>
Refresh a token.
Sourcepub async fn revoke_token(&self, token: &AuthToken) -> Result<()>
pub async fn revoke_token(&self, token: &AuthToken) -> Result<()>
Revoke a token.
Sourcepub async fn create_api_key(
&self,
user_id: &str,
expires_in: Option<Duration>,
) -> Result<String>
pub async fn create_api_key( &self, user_id: &str, expires_in: Option<Duration>, ) -> Result<String>
Create a new API key for a user.
Sourcepub async fn validate_api_key(&self, api_key: &str) -> Result<UserInfo>
pub async fn validate_api_key(&self, api_key: &str) -> Result<UserInfo>
Validate an API key and return user information.
Sourcepub async fn revoke_api_key(&self, api_key: &str) -> Result<()>
pub async fn revoke_api_key(&self, api_key: &str) -> Result<()>
Revoke an API key.
Sourcepub async fn create_session(
&self,
user_id: &str,
expires_in: Duration,
ip_address: Option<String>,
user_agent: Option<String>,
) -> Result<String>
pub async fn create_session( &self, user_id: &str, expires_in: Duration, ip_address: Option<String>, user_agent: Option<String>, ) -> Result<String>
Create a new session.
Sourcepub async fn get_session(&self, session_id: &str) -> Result<Option<SessionData>>
pub async fn get_session(&self, session_id: &str) -> Result<Option<SessionData>>
Get session information.
Sourcepub async fn delete_session(&self, session_id: &str) -> Result<()>
pub async fn delete_session(&self, session_id: &str) -> Result<()>
Delete a session.
Sourcepub async fn list_user_tokens(&self, user_id: &str) -> Result<Vec<AuthToken>>
pub async fn list_user_tokens(&self, user_id: &str) -> Result<Vec<AuthToken>>
Get all tokens for a user.
Sourcepub async fn cleanup_expired_data(&self) -> Result<()>
pub async fn cleanup_expired_data(&self) -> Result<()>
Clean up expired data.
Sourcepub fn token_manager(&self) -> &TokenManager
pub fn token_manager(&self) -> &TokenManager
Get the token manager.
Sourcepub async fn validate_username(&self, username: &str) -> Result<bool>
pub async fn validate_username(&self, username: &str) -> Result<bool>
Validate username format.
Sourcepub async fn validate_display_name(&self, display_name: &str) -> Result<bool>
pub async fn validate_display_name(&self, display_name: &str) -> Result<bool>
Validate display name format.
Sourcepub async fn validate_password_strength(&self, password: &str) -> Result<bool>
pub async fn validate_password_strength(&self, password: &str) -> Result<bool>
Validate password strength using security policy.
For enterprise security, this enforces Strong passwords by default. The minimum password strength can be configured in the security policy.
Sourcepub async fn validate_user_input(&self, input: &str) -> Result<bool>
pub async fn validate_user_input(&self, input: &str) -> Result<bool>
Validate user input.
Sourcepub async fn create_auth_token(
&self,
user_id: impl Into<String>,
scopes: Vec<String>,
method_name: impl Into<String>,
lifetime: Option<Duration>,
) -> Result<AuthToken>
pub async fn create_auth_token( &self, user_id: impl Into<String>, scopes: Vec<String>, method_name: impl Into<String>, lifetime: Option<Duration>, ) -> Result<AuthToken>
Create an authentication token directly (useful for testing and demos).
Note: In production, tokens should be created through the authenticate
method.
Sourcepub async fn initiate_sms_challenge(&self, user_id: &str) -> Result<String>
pub async fn initiate_sms_challenge(&self, user_id: &str) -> Result<String>
Initiate SMS challenge for MFA.
Sourcepub async fn verify_sms_code(
&self,
challenge_id: &str,
code: &str,
) -> Result<bool>
pub async fn verify_sms_code( &self, challenge_id: &str, code: &str, ) -> Result<bool>
Verify SMS challenge code.
Sourcepub async fn register_email(&self, user_id: &str, email: &str) -> Result<()>
pub async fn register_email(&self, user_id: &str, email: &str) -> Result<()>
Register email for a user.
Sourcepub async fn generate_totp_secret(&self, user_id: &str) -> Result<String>
pub async fn generate_totp_secret(&self, user_id: &str) -> Result<String>
Generate TOTP secret for a user.
Sourcepub async fn generate_totp_qr_code(
&self,
user_id: &str,
app_name: &str,
secret: &str,
) -> Result<String>
pub async fn generate_totp_qr_code( &self, user_id: &str, app_name: &str, secret: &str, ) -> Result<String>
Generate TOTP QR code URL.
Sourcepub async fn generate_totp_code(&self, secret: &str) -> Result<String>
pub async fn generate_totp_code(&self, secret: &str) -> Result<String>
Generate current TOTP code using provided secret.
Sourcepub async fn generate_totp_code_for_window(
&self,
secret: &str,
time_window: Option<u64>,
) -> Result<String>
pub async fn generate_totp_code_for_window( &self, secret: &str, time_window: Option<u64>, ) -> Result<String>
Generate TOTP code for given secret and optional specific time window
Sourcepub async fn verify_totp_code(&self, user_id: &str, code: &str) -> Result<bool>
pub async fn verify_totp_code(&self, user_id: &str, code: &str) -> Result<bool>
Verify TOTP code.
Sourcepub async fn check_ip_rate_limit(&self, ip: &str) -> Result<bool>
pub async fn check_ip_rate_limit(&self, ip: &str) -> Result<bool>
Check IP rate limit.
Sourcepub async fn register_phone_number(
&self,
user_id: &str,
phone_number: &str,
) -> Result<()>
pub async fn register_phone_number( &self, user_id: &str, phone_number: &str, ) -> Result<()>
Register phone number for SMS MFA.
Sourcepub async fn generate_backup_codes(
&self,
user_id: &str,
count: usize,
) -> Result<Vec<String>>
pub async fn generate_backup_codes( &self, user_id: &str, count: usize, ) -> Result<Vec<String>>
Generate backup codes.
Sourcepub async fn grant_permission(
&self,
user_id: &str,
action: &str,
resource: &str,
) -> Result<()>
pub async fn grant_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>
Grant permission to a user.
Sourcepub async fn initiate_email_challenge(&self, user_id: &str) -> Result<String>
pub async fn initiate_email_challenge(&self, user_id: &str) -> Result<String>
Initiate email challenge.
Sourcepub async fn coordinate_distributed_sessions(
&self,
) -> Result<SessionCoordinationStats>
pub async fn coordinate_distributed_sessions( &self, ) -> Result<SessionCoordinationStats>
Advanced session management coordination across distributed instances
Sourcepub async fn synchronize_session(&self, session_id: &str) -> Result<()>
pub async fn synchronize_session(&self, session_id: &str) -> Result<()>
Synchronize session with remote instances
Sourcepub fn get_monitoring_manager(&self) -> Arc<MonitoringManager>
pub fn get_monitoring_manager(&self) -> Arc<MonitoringManager>
Retrieves the monitoring manager for accessing metrics and health check functionality.
The monitoring manager provides access to comprehensive metrics collection, health monitoring, and performance analytics for the authentication framework. This is essential for production monitoring and observability.
§Returns
An Arc<MonitoringManager>
that can be used to:
- Collect performance metrics
- Monitor system health
- Track authentication events
- Generate monitoring reports
§Thread Safety
The returned monitoring manager is thread-safe and can be shared across multiple threads or async tasks safely.
§Example
let monitoring = auth_framework.get_monitoring_manager();
// Use for health checks
let health_status = monitoring.get_health_status().await;
// Use for metrics collection
let metrics = monitoring.get_performance_metrics().await;
Sourcepub async fn get_performance_metrics(&self) -> HashMap<String, u64>
pub async fn get_performance_metrics(&self) -> HashMap<String, u64>
Get current performance metrics
Sourcepub async fn health_check(&self) -> Result<HashMap<String, HealthCheckResult>>
pub async fn health_check(&self) -> Result<HashMap<String, HealthCheckResult>>
Perform comprehensive health check
Sourcepub async fn export_prometheus_metrics(&self) -> String
pub async fn export_prometheus_metrics(&self) -> String
Export metrics in Prometheus format
Sourcepub async fn create_role(&self, role: Role) -> Result<()>
pub async fn create_role(&self, role: Role) -> Result<()>
Create a new role.
Sourcepub async fn assign_role(&self, user_id: &str, role_name: &str) -> Result<()>
pub async fn assign_role(&self, user_id: &str, role_name: &str) -> Result<()>
Assign a role to a user.
Sourcepub async fn set_role_inheritance(
&self,
child_role: &str,
parent_role: &str,
) -> Result<()>
pub async fn set_role_inheritance( &self, child_role: &str, parent_role: &str, ) -> Result<()>
Set role inheritance.
Sourcepub async fn revoke_permission(
&self,
user_id: &str,
action: &str,
resource: &str,
) -> Result<()>
pub async fn revoke_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>
Revoke permission from a user.
Sourcepub async fn user_has_role(
&self,
user_id: &str,
role_name: &str,
) -> Result<bool>
pub async fn user_has_role( &self, user_id: &str, role_name: &str, ) -> Result<bool>
Check if user has a role.
Sourcepub async fn get_effective_permissions(
&self,
user_id: &str,
) -> Result<Vec<String>>
pub async fn get_effective_permissions( &self, user_id: &str, ) -> Result<Vec<String>>
Get effective permissions for a user.
Sourcepub async fn create_abac_policy(
&self,
name: &str,
description: &str,
) -> Result<()>
pub async fn create_abac_policy( &self, name: &str, description: &str, ) -> Result<()>
Create ABAC policy.
Sourcepub async fn map_user_attribute(
&self,
user_id: &str,
attribute: &str,
value: &str,
) -> Result<()>
pub async fn map_user_attribute( &self, user_id: &str, attribute: &str, value: &str, ) -> Result<()>
Map user attribute for ABAC evaluation.
Sourcepub async fn get_user_attribute(
&self,
user_id: &str,
attribute: &str,
) -> Result<Option<String>>
pub async fn get_user_attribute( &self, user_id: &str, attribute: &str, ) -> Result<Option<String>>
Get user attribute for ABAC evaluation.
Sourcepub async fn check_dynamic_permission(
&self,
user_id: &str,
action: &str,
resource: &str,
context: HashMap<String, String>,
) -> Result<bool>
pub async fn check_dynamic_permission( &self, user_id: &str, action: &str, resource: &str, context: HashMap<String, String>, ) -> Result<bool>
Check dynamic permission with context evaluation (ABAC).
Sourcepub async fn create_resource(&self, resource: &str) -> Result<()>
pub async fn create_resource(&self, resource: &str) -> Result<()>
Create resource for permission management.
Sourcepub async fn delegate_permission(
&self,
delegator_id: &str,
delegatee_id: &str,
action: &str,
resource: &str,
duration: Duration,
) -> Result<()>
pub async fn delegate_permission( &self, delegator_id: &str, delegatee_id: &str, action: &str, resource: &str, duration: Duration, ) -> Result<()>
Delegate permission from one user to another.
Sourcepub async fn get_active_delegations(&self, user_id: &str) -> Result<Vec<String>>
pub async fn get_active_delegations(&self, user_id: &str) -> Result<Vec<String>>
Get active delegations for a user.
Sourcepub async fn get_permission_audit_logs(
&self,
user_id: Option<&str>,
action: Option<&str>,
resource: Option<&str>,
limit: Option<usize>,
) -> Result<Vec<String>>
pub async fn get_permission_audit_logs( &self, user_id: Option<&str>, action: Option<&str>, resource: Option<&str>, limit: Option<usize>, ) -> Result<Vec<String>>
Get permission audit logs with filtering.
Sourcepub async fn get_permission_metrics(
&self,
) -> Result<HashMap<String, u64>, AuthError>
pub async fn get_permission_metrics( &self, ) -> Result<HashMap<String, u64>, AuthError>
Get permission metrics for monitoring.
Sourcepub async fn get_security_audit_stats(&self) -> Result<SecurityAuditStats>
pub async fn get_security_audit_stats(&self) -> Result<SecurityAuditStats>
Collect comprehensive security audit statistics This aggregates critical security metrics for monitoring and incident response
Sourcepub async fn get_user_profile(&self, user_id: &str) -> Result<UserProfile>
pub async fn get_user_profile(&self, user_id: &str) -> Result<UserProfile>
Get user profile information
Source§impl AuthFramework
impl AuthFramework
Sourcepub fn builder() -> AuthBuilder
pub fn builder() -> AuthBuilder
Create a new builder for the authentication framework
Sourcepub fn quick_start() -> QuickStartBuilder
pub fn quick_start() -> QuickStartBuilder
Quick start builder for common setups
Sourcepub fn for_use_case(use_case: UseCasePreset) -> AuthBuilder
pub fn for_use_case(use_case: UseCasePreset) -> AuthBuilder
Create a builder for a specific use case
Sourcepub fn preset(preset: SecurityPreset) -> AuthBuilder
pub fn preset(preset: SecurityPreset) -> AuthBuilder
Create an authentication framework with preset configuration
Auto Trait Implementations§
impl Freeze for AuthFramework
impl !RefUnwindSafe for AuthFramework
impl Send for AuthFramework
impl Sync for AuthFramework
impl Unpin for AuthFramework
impl !UnwindSafe for AuthFramework
Blanket Implementations§
Source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
Source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more