Skip to main content

ap_client/
lib.rs

1//! Noise Protocol Clients for access-protocol
2//!
3//! This crate provides both remote and user client implementations for
4//! connecting through a proxy using the Noise Protocol.
5//!
6//! ## Features
7//!
8//! - PSK-based authentication using pairing codes
9//! - Noise Protocol NNpsk2 pattern for secure 2-message handshake
10//! - Connection caching for reconnection without re-pairing
11//! - Supports both classical (Curve25519) and post-quantum (Kyber768) cryptography
12//!
13//! ## Remote Client Usage (untrusted device)
14//!
15//! ```ignore
16//! use ap_client::{RemoteClient, RemoteClientHandle, DefaultProxyClient, IdentityProvider, ConnectionStore};
17//!
18//! // Create proxy client — identity is wired internally by connect()
19//! let proxy_client = Box::new(DefaultProxyClient::from_url("ws://localhost:8080".to_string()));
20//!
21//! // Connect — spawns event loop internally, returns handle with channels
22//! let RemoteClientHandle { client, mut notifications, mut requests } =
23//!     RemoteClient::connect(identity_provider, connection_store, proxy_client).await?;
24//!
25//! // Pair with rendezvous code
26//! client.pair_with_handshake("ABCDEF123".to_string(), false).await?;
27//!
28//! let query = ap_client::CredentialQuery::Domain("example.com".to_string());
29//! let credential = client.request_credential(&query).await?;
30//! ```
31//!
32//! ## User Client Usage (trusted device)
33//!
34//! ```ignore
35//! use ap_client::{DefaultProxyClient, IdentityProvider, UserClient, UserClientHandle};
36//!
37//! // Create proxy client — identity is wired internally by connect()
38//! let proxy_client = Box::new(DefaultProxyClient::from_url("ws://localhost:8080".to_string()));
39//!
40//! // Connect — spawns event loop internally, returns handle with channels
41//! let UserClientHandle { client, mut notifications, mut requests } =
42//!     UserClient::connect(identity_provider, connection_store, proxy_client, None).await?;
43//!
44//! // Already listening. Just use it.
45//! let token = client.get_psk_token(None).await?;
46//! // Or: let code = client.get_rendezvous_token(None).await?;
47//! ```
48
49/// Error types
50pub mod error;
51/// Proxy client trait and default implementation
52pub mod proxy;
53/// Traits for storage implementations
54pub mod traits;
55/// Protocol types and events
56pub mod types;
57
58mod clients;
59pub(crate) mod compat;
60mod memory_connection_store;
61
62pub use clients::remote_client::{
63    RemoteClient, RemoteClientFingerprintReply, RemoteClientHandle, RemoteClientNotification,
64    RemoteClientRequest,
65};
66pub use clients::user_client::{
67    CredentialRequestReply, FingerprintVerificationReply, UserClient, UserClientHandle,
68    UserClientNotification, UserClientRequest,
69};
70pub use error::ClientError;
71pub use memory_connection_store::MemoryConnectionStore;
72#[cfg(feature = "native-websocket")]
73pub use proxy::DefaultProxyClient;
74pub use proxy::ProxyClient;
75pub use traits::{
76    AuditConnectionType, AuditEvent, AuditLog, ConnectionInfo, ConnectionStore, ConnectionUpdate,
77    CredentialFieldSet, IdentityProvider, MemoryIdentityProvider, NoOpAuditLog,
78};
79pub use types::{ConnectionMode, CredentialData, CredentialQuery, PskId, PskToken};
80
81// Re-export ap-proxy-protocol types
82pub use ap_proxy_protocol::{IdentityFingerprint, RendezvousCode};
83// Re-export PSK type from noise protocol
84pub use ap_noise::{MultiDeviceTransport, Psk};