avl_auth/
models.rs

1//! Data models for AVL Auth
2
3use chrono::{DateTime, Utc};
4use serde::{Deserialize, Serialize};
5use std::collections::HashMap;
6use std::net::IpAddr;
7use uuid::Uuid;
8
9/// User credentials for authentication
10#[derive(Debug, Clone, Serialize, Deserialize)]
11pub struct Credentials {
12    pub email: String,
13    pub password: String,
14    pub device_id: Option<String>,
15    pub ip_address: Option<IpAddr>,
16}
17
18/// User account
19#[derive(Debug, Clone, Serialize, Deserialize)]
20pub struct User {
21    pub id: Uuid,
22    pub email: String,
23    pub email_verified: bool,
24    pub password_hash: String,
25    pub display_name: Option<String>,
26    pub avatar_url: Option<String>,
27    pub roles: Vec<String>,
28    pub permissions: Vec<String>,
29    pub metadata: HashMap<String, serde_json::Value>,
30    pub mfa_enabled: bool,
31    pub mfa_secret: Option<String>,
32    pub webauthn_credentials: Vec<WebAuthnCredential>,
33    pub created_at: DateTime<Utc>,
34    pub updated_at: DateTime<Utc>,
35    pub last_login_at: Option<DateTime<Utc>>,
36    pub login_count: u64,
37    pub failed_login_attempts: u32,
38    pub locked_until: Option<DateTime<Utc>>,
39    pub password_changed_at: DateTime<Utc>,
40    pub status: UserStatus,
41}
42
43#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
44#[serde(rename_all = "lowercase")]
45pub enum UserStatus {
46    Active,
47    Suspended,
48    Locked,
49    Deleted,
50}
51
52/// Authentication session
53#[derive(Debug, Clone, Serialize, Deserialize)]
54pub struct Session {
55    pub id: Uuid,
56    pub user_id: Uuid,
57    pub access_token: String,
58    pub refresh_token: String,
59    pub token_type: String,
60    pub expires_at: DateTime<Utc>,
61    pub refresh_expires_at: DateTime<Utc>,
62    pub device_id: Option<String>,
63    pub ip_address: Option<IpAddr>,
64    pub user_agent: Option<String>,
65    pub created_at: DateTime<Utc>,
66    pub last_active_at: DateTime<Utc>,
67    pub scopes: Vec<String>,
68}
69
70/// JWT claims
71#[derive(Debug, Clone, Serialize, Deserialize)]
72pub struct Claims {
73    pub sub: Uuid,
74    pub email: String,
75    pub roles: Vec<String>,
76    pub permissions: Vec<String>,
77    pub session_id: Uuid,
78    pub iat: i64,
79    pub exp: i64,
80    pub nbf: i64,
81    pub iss: String,
82    pub aud: String,
83    pub jti: String,
84    pub scopes: Vec<String>,
85    pub device_id: Option<String>,
86}
87
88/// Role definition
89#[derive(Debug, Clone, Serialize, Deserialize)]
90pub struct Role {
91    pub id: String,
92    pub name: String,
93    pub description: Option<String>,
94    pub permissions: Vec<String>,
95    pub inherits: Vec<String>,
96    pub created_at: DateTime<Utc>,
97    pub updated_at: DateTime<Utc>,
98}
99
100/// Permission definition
101#[derive(Debug, Clone, Serialize, Deserialize)]
102pub struct Permission {
103    pub id: String,
104    pub resource: String,
105    pub action: String,
106    pub description: Option<String>,
107    pub created_at: DateTime<Utc>,
108}
109
110/// Access policy (ABAC)
111#[derive(Debug, Clone, Serialize, Deserialize)]
112pub struct Policy {
113    pub id: Uuid,
114    pub name: String,
115    pub effect: PolicyEffect,
116    pub conditions: Vec<PolicyCondition>,
117    pub actions: Vec<String>,
118    pub resources: Vec<String>,
119    pub priority: i32,
120    pub enabled: bool,
121    pub created_at: DateTime<Utc>,
122    pub updated_at: DateTime<Utc>,
123}
124
125#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
126#[serde(rename_all = "lowercase")]
127pub enum PolicyEffect {
128    Allow,
129    Deny,
130}
131
132#[derive(Debug, Clone, Serialize, Deserialize)]
133#[serde(tag = "type")]
134pub enum PolicyCondition {
135    IpRange { cidrs: Vec<String> },
136    TimeWindow { start: String, end: String },
137    UserAttribute { key: String, value: serde_json::Value },
138    RiskScore { max: u8 },
139}
140
141/// API Key
142#[derive(Debug, Clone, Serialize, Deserialize)]
143pub struct ApiKey {
144    pub id: Uuid,
145    pub key_hash: String,
146    pub prefix: String,
147    pub user_id: Uuid,
148    pub name: String,
149    pub description: Option<String>,
150    pub scopes: Vec<String>,
151    pub rate_limit: Option<u32>,
152    pub expires_at: Option<DateTime<Utc>>,
153    pub last_used_at: Option<DateTime<Utc>>,
154    pub created_at: DateTime<Utc>,
155    pub revoked: bool,
156}
157
158/// MFA TOTP configuration
159#[derive(Debug, Clone, Serialize, Deserialize)]
160pub struct TotpConfig {
161    pub secret: String,
162    pub algorithm: TotpAlgorithm,
163    pub digits: u32,
164    pub period: u32,
165    pub issuer: String,
166    pub account_name: String,
167}
168
169#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
170pub enum TotpAlgorithm {
171    SHA1,
172    SHA256,
173    SHA512,
174}
175
176/// WebAuthn credential
177#[derive(Debug, Clone, Serialize, Deserialize)]
178pub struct WebAuthnCredential {
179    pub id: String,
180    pub public_key: Vec<u8>,
181    pub counter: u32,
182    pub name: String,
183    pub created_at: DateTime<Utc>,
184    pub last_used_at: Option<DateTime<Utc>>,
185}
186
187/// OAuth2 provider configuration
188#[derive(Debug, Clone, Serialize, Deserialize)]
189pub struct OAuth2Provider {
190    pub name: String,
191    pub client_id: String,
192    pub client_secret: String,
193    pub auth_url: String,
194    pub token_url: String,
195    pub redirect_url: String,
196    pub scopes: Vec<String>,
197}
198
199/// Audit log entry
200#[derive(Debug, Clone, Serialize, Deserialize)]
201pub struct AuditLog {
202    pub id: Uuid,
203    pub user_id: Option<Uuid>,
204    pub session_id: Option<Uuid>,
205    pub action: String,
206    pub resource: String,
207    pub result: AuditResult,
208    pub ip_address: Option<IpAddr>,
209    pub user_agent: Option<String>,
210    pub metadata: HashMap<String, serde_json::Value>,
211    pub risk_score: u8,
212    pub timestamp: DateTime<Utc>,
213}
214
215#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
216#[serde(rename_all = "lowercase")]
217pub enum AuditResult {
218    Success,
219    Failure,
220    Blocked,
221}
222
223/// Risk assessment
224#[derive(Debug, Clone, Serialize, Deserialize)]
225pub struct RiskAssessment {
226    pub score: u8,
227    pub level: RiskLevel,
228    pub factors: Vec<RiskFactor>,
229    pub recommended_action: RiskAction,
230}
231
232#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
233#[serde(rename_all = "lowercase")]
234pub enum RiskLevel {
235    Low,
236    Medium,
237    High,
238    Critical,
239}
240
241#[derive(Debug, Clone, Serialize, Deserialize)]
242pub struct RiskFactor {
243    pub name: String,
244    pub score: u8,
245    pub reason: String,
246}
247
248#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
249#[serde(rename_all = "lowercase")]
250pub enum RiskAction {
251    Allow,
252    Challenge,
253    Deny,
254    RequireMfa,
255}
avl_auth/models.rs

avl_auth/
models.rs
