Skip to main content

modkit_auth/
types.rs

1/// Security requirement - defines required resource and action
2#[derive(Debug, Clone, PartialEq, Eq)]
3pub struct SecRequirement {
4    pub resource: String,
5    pub action: String,
6}
7
8impl SecRequirement {
9    pub fn new(resource: impl Into<String>, action: impl Into<String>) -> Self {
10        Self {
11            resource: resource.into(),
12            action: action.into(),
13        }
14    }
15}
16
17/// Route-level authentication requirement
18#[derive(Debug, Clone, PartialEq, Eq)]
19pub enum AuthRequirement {
20    /// No authentication required; route is public from auth perspective.
21    None,
22    /// Authentication required; `None` means no extra RBAC requirement,
23    /// `Some(SecRequirement)` means enforce this resource:action requirement.
24    Required(Option<SecRequirement>),
25    /// Optional authentication: if a valid token is present, use it;
26    /// otherwise proceed anonymously.
27    Optional,
28}
29
30#[async_trait::async_trait]
31impl RoutePolicy for AuthRequirement {
32    async fn resolve(&self, _method: &http::Method, _path: &str) -> AuthRequirement {
33        self.clone()
34    }
35}
36
37/// Route policy that determines authentication requirements for routes
38#[async_trait::async_trait]
39pub trait RoutePolicy: Send + Sync {
40    /// Resolve the authentication requirement for a given method and path
41    async fn resolve(&self, method: &http::Method, path: &str) -> AuthRequirement;
42}