amaters-server 0.2.0

AmateRS server binary
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188

//! Integration tests for authentication and authorization
//!
//! These tests verify that the auth system works correctly end-to-end.

use std::env;
use std::fs;
use std::path::PathBuf;
use uuid::Uuid;

// Note: These integration tests cannot run until amaters-core compiles successfully.
// They are provided here to demonstrate the intended auth flow and for future use.

#[cfg(test)]
mod integration_tests {
    use super::*;

    // Helper function to create a temporary directory
    fn temp_dir() -> PathBuf {
        env::temp_dir().join(format!("amaters_auth_test_{}", Uuid::new_v4()))
    }

    // Helper function to cleanup temporary directory
    fn cleanup_dir(path: &PathBuf) {
        if path.exists() {
            fs::remove_dir_all(path).ok();
        }
    }

    #[test]
    #[ignore] // Ignore until amaters-core builds
    fn test_end_to_end_jwt_auth() {
        // This test would:
        // 1. Create an Authenticator with JWT enabled
        // 2. Generate a test JWT token
        // 3. Authenticate using the token
        // 4. Verify the principal is correct
        // 5. Use Authorizer to check permissions
        // 6. Log the auth events with AuditLogger

        // Example:
        // let auth_config = AuthSettings { ... };
        // let authenticator = Authenticator::new(auth_config).unwrap();
        // let principal = authenticator.authenticate_jwt(&token).unwrap();
        // assert_eq!(principal.name, "test_user");

        // let authz_config = AuthorizationSettings { ... };
        // let authorizer = Authorizer::new(authz_config).unwrap();
        // let result = authorizer.authorize(&principal, &Action::Read, &Resource::Collection("test".into()));
        // assert!(result.is_ok());

        // let audit_logger = AuditLogger::new(Some(log_path)).unwrap();
        // audit_logger.log_auth_success(&principal, None);
    }

    #[test]
    #[ignore] // Ignore until amaters-core builds
    fn test_end_to_end_api_key_auth() {
        // This test would:
        // 1. Create API key configuration file
        // 2. Create Authenticator with API key enabled
        // 3. Authenticate using an API key
        // 4. Verify the principal is correct
        // 5. Check authorization
        // 6. Verify audit logs
    }

    #[test]
    #[ignore] // Ignore until amaters-core builds
    fn test_authorization_with_roles() {
        // This test would:
        // 1. Create custom roles configuration
        // 2. Create Authorizer with the roles
        // 3. Test different principals with different roles
        // 4. Verify admin has all permissions
        // 5. Verify user has limited permissions
        // 6. Verify reader has read-only permissions
    }

    #[test]
    #[ignore] // Ignore until amaters-core builds
    fn test_audit_logging_complete_flow() {
        // This test would:
        // 1. Setup audit logger with file
        // 2. Perform authentication (success and failure)
        // 3. Perform authorization (success and denial)
        // 4. Read audit log file
        // 5. Verify all events were logged correctly
        // 6. Parse JSON and verify structure
    }

    #[test]
    #[ignore] // Ignore until amaters-core builds
    fn test_config_validation() {
        // This test would:
        // 1. Create various ServerConfig instances with auth settings
        // 2. Test validation logic
        // 3. Verify invalid configs are rejected
        // 4. Verify valid configs are accepted
    }

    #[test]
    #[ignore] // Ignore until amaters-core builds
    fn test_role_inheritance() {
        // This test would:
        // 1. Create roles with inheritance
        // 2. Verify permissions are inherited correctly
        // 3. Verify circular inheritance is handled
    }
}

// Example: How to setup authentication and authorization in the server
//
// ```no_run
// use amaters_server::auth::{Authenticator, Principal};
// use amaters_server::authz::{Authorizer, Action, Resource};
// use amaters_server::audit::AuditLogger;
// use amaters_server::config::{AuthSettings, AuthorizationSettings};
//
// async fn setup_auth_example() {
//     // 1. Load configuration
//     let auth_config = AuthSettings {
//         enabled: true,
//         methods: vec!["jwt".to_string()],
//         jwt: JwtSettings {
//             enabled: true,
//             secret: Some("my-secret-key".to_string()),
//             algorithm: "HS256".to_string(),
//             // ... other JWT settings
//         },
//         // ... other auth settings
//     };
//
//     // 2. Create authenticator
//     let authenticator = Authenticator::new(auth_config)
//         .expect("Failed to create authenticator");
//
//     // 3. Create authorizer
//     let authz_config = AuthorizationSettings {
//         enabled: true,
//         default_role: "user".to_string(),
//         // ... other authz settings
//     };
//
//     let authorizer = Authorizer::new(authz_config)
//         .expect("Failed to create authorizer");
//
//     // 4. Create audit logger
//     let audit_logger = AuditLogger::new(Some("/var/log/amaters/audit.jsonl".into()))
//         .expect("Failed to create audit logger");
//
//     // 5. Authenticate a request (example with JWT)
//     let token = "eyJhbGc..."; // JWT token from client
//     match authenticator.authenticate_jwt(token) {
//         Ok(principal) => {
//             audit_logger.log_auth_success(&principal, Some("192.168.1.1".to_string()));
//
//             // 6. Authorize an action
//             let action = Action::Read;
//             let resource = Resource::Collection("users".to_string());
//
//             match authorizer.authorize(&principal, &action, &resource) {
//                 Ok(()) => {
//                     audit_logger.log_authz_success(&principal, &action, &resource, None);
//                     // Proceed with the operation
//                 }
//                 Err(e) => {
//                     audit_logger.log_authz_denied(
//                         &principal,
//                         &action,
//                         &resource,
//                         &e.to_string(),
//                         Some("192.168.1.1".to_string())
//                     );
//                     // Return authorization error to client
//                 }
//             }
//         }
//         Err(e) => {
//             audit_logger.log_auth_failure(
//                 AuthMethod::Jwt,
//                 &e.to_string(),
//                 Some("192.168.1.1".to_string())
//             );
//             // Return authentication error to client
//         }
//     }
// }
// ```