auth_kit/lib.rs
1//! # Toolkit for Authentication and Authorization in Rust
2//!
3//! A flexible and extensible authentication and authorization library in Rust,
4//! designed to support multiple strategies including **ABAC** (Attribute-Based Access Control),
5//! **RBAC** (Role-Based Access Control), and **SBA** (Scope-Based Authorization)
6//!
7//! This crate is suitable for use in both API servers and embedded authorization layers.
8//!
9//! ---
10//!
11//! ## ✨ Features
12//!
13//! - **Authentication (auth_n)**: Handles register, login, and reset_password.
14//! - **Authorization (auth_z)**: Supports **ABAC** (Attribute-Based Access Control),
15//! **RBAC** (Role-Based Access Control), and **SBA** (Scope-Based Authorization)
16//! - **Scope matching**: Flexible support for OAuth2-style scopes with customizable formats.
17//!
18//!---
19//!
20//! ## 🚀 Quick Start
21//!
22//!
23//! ### 🏢 ABAC (Attribute-Based Access Control)
24//!
25//!```rust
26//! use auth_kit::auth::auth_z::Authorization;
27//! use auth_kit::model::{AuthContext, AuthStrategy, Resource, Role, User};
28//!
29//! fn main() -> Result<(), Box<dyn std::error::Error>> {
30//! let user = User {
31//! email: "abac@example.com".to_string(),
32//! password_hash: "".to_string(),
33//! role: Role {
34//! name: "employee".to_string(),
35//! permissions: vec![],
36//! },
37//! department: "engineering".to_string(),
38//! clearance_level: 5,
39//! };
40//!
41//! let resource = Resource {
42//! department: "engineering".to_string(),
43//! required_level: 3,
44//! };
45//!
46//! let context = AuthContext {
47//! user: Some(user),
48//! claims: None,
49//! resource: Some(resource),
50//! };
51//!
52//! let authorized = Authorization::new("ABAC");
53//! match authorized {
54//! Ok(mut authz) => {
55//! let result = authz.authorize(&context, "docs", "read", None);
56//! match result {
57//! Ok(_) => println!("Access granted via ABAC."),
58//! Err(e) => println!("ABAC check failed: {}", e),
59//! }
60//!
61//! },
62//! Err(e) => {
63//! println!("Error initializing Authorization: {}", e);
64//! }
65//! }
66//!
67//! Ok(())
68//! }
69//! ```
70//!
71//!
72//! ### 🔐 RBAC (Role-Based Access Control)
73//!
74//!```rust
75//! use bcrypt::{hash, DEFAULT_COST};
76//! use auth_kit::error::AuthError;
77//! use auth_kit::auth::auth_n::Authentication;
78//! use auth_kit::auth::auth_z::Authorization;
79//! use auth_kit::model::{AuthContext, AuthStrategy, Permission};
80//!
81//! fn main() -> Result<(), AuthError> {
82//!
83//! let mut authn = Authentication::new();
84//!
85//! let password_hash = hash("secret123", DEFAULT_COST)
86//! .map_err(|e| AuthError::PasswordHashingFailed(e.to_string()))?;
87//!
88//! match authn.register("admin@example.com", &password_hash) {
89//! Ok(()) => println!("User registered"),
90//! Err(AuthError::EmailAlreadyRegistered) => println!("Email already in use"),
91//! Err(e) => eprintln!("Registration failed: {:?}", e),
92//! }
93//!
94//! let mut user = authn.users.get("admin@example.com").cloned().expect("User must exist");
95//! user.role.permissions.push(Permission::Create);
96//!
97//! let authorized = Authorization::new("RBAC");
98//! match authorized {
99//! Ok(mut authz) => {
100//! let context = AuthContext {
101//! user: Some(user),
102//! claims: None,
103//! resource: None,
104//! };
105//! let result = authz.authorize(&context, "service", "create", None);
106//! match result {
107//! Ok(_) => println!("Access granted via RBAC."),
108//! Err(e) => println!("Access denied: {:?}", e),
109//! }
110//! },
111//! Err(e) => {
112//! println!("Error initializing Authorization: {}", e);
113//! }
114//! }
115//! Ok(())
116//! }
117//! ```
118//!
119//! ### 🪪 SBA (Scope-Based Authorization)
120//!
121//! ```rust
122//! use auth_kit::auth::auth_z::Authorization;
123//! use auth_kit::model::{AuthContext, AuthStrategy, Claims};
124//!
125//! fn main() -> Result<(), Box<dyn std::error::Error>> {
126//! let claims = Claims {
127//! email: "jwt@example.com".to_string(),
128//! service: "admin_service".to_string(),
129//! scopes: vec!["admin_service:create".to_string()],
130//! };
131//!
132//! let context = AuthContext {
133//! user: None,
134//! claims: Some(claims),
135//! resource: None,
136//! };
137//!
138//! let authorized = Authorization::new("SBA");
139//! match authorized {
140//! Ok(mut authz) => {
141//! let result = authz.authorize(&context, "admin_service", "create", Some(":"));
142//! match result {
143//! Ok(_) => println!("Access granted via SBA."),
144//! Err(e) => println!("Access denied via SBA: {}", e),
145//! }
146//! },
147//! Err(e) => {
148//! println!("Error initializing Authorization: {}", e);
149//! }
150//! }
151//! Ok(())
152//! }
153//! ```
154//!
155//! ---
156//!
157//! ## 📜 License
158//!
159//! Licensed under:
160//! - Apache License, Version 2.0 [LICENSE](http://www.apache.org/licenses/LICENSE-2.0.txt)
161//!
162//! ---
163//!
164//! ## 🧑💻 Author
165//!
166//! Created and maintained by [Jerry Maheswara](https://github.com/jerry-maheswara-github)
167//!
168//! Feel free to reach out for suggestions, issues, or improvements!
169//!
170//! ---
171//!
172//! ## ❤️ Built with Love in Rust
173//!
174//! This project is built with ❤️ using **Rust** — a systems programming language that is safe, fast, and concurrent. Rust is the perfect choice for building reliable and efficient applications.
175//!
176//! ---
177//!
178//! ## 👋 Contributing
179//!
180//! Pull requests, issues, and feedback are welcome!
181//! If you find this crate useful, give it a ⭐ and share it with others in the Rust community.
182//!
183//! ---
184
185/// Error definitions and shared error types.
186pub mod error;
187
188/// Authentication and authorization logic.
189pub mod auth;
190
191/// Common data types used in authentication and policy evaluation.
192pub mod model;