Skip to main content

astrid_capabilities/
error.rs

1//! Capability-related error types.
2
3use thiserror::Error;
4
5/// Errors that can occur with capability tokens.
6#[derive(Debug, Error)]
7pub enum CapabilityError {
8    /// Token has expired.
9    #[error("capability token expired: {token_id}")]
10    TokenExpired {
11        /// The expired token ID.
12        token_id: String,
13    },
14
15    /// Token has been revoked.
16    #[error("capability token revoked: {token_id}")]
17    TokenRevoked {
18        /// The revoked token ID.
19        token_id: String,
20    },
21
22    /// Token not found.
23    #[error("capability token not found: {token_id}")]
24    TokenNotFound {
25        /// The token ID that was not found.
26        token_id: String,
27    },
28
29    /// Single-use token has already been used (replay attempt).
30    #[error("single-use token already used: {token_id}")]
31    TokenAlreadyUsed {
32        /// The token ID that was already used.
33        token_id: String,
34    },
35
36    /// Insufficient permissions.
37    #[error("insufficient capability: required {required} for {resource}")]
38    InsufficientPermission {
39        /// The required permission.
40        required: String,
41        /// The resource being accessed.
42        resource: String,
43    },
44
45    /// Invalid token signature.
46    #[error("invalid token signature")]
47    InvalidSignature,
48
49    /// Invalid resource pattern.
50    #[error("invalid resource pattern: {pattern} - {reason}")]
51    InvalidPattern {
52        /// The invalid pattern.
53        pattern: String,
54        /// Why it's invalid.
55        reason: String,
56    },
57
58    /// Storage error.
59    #[error("storage error: {0}")]
60    StorageError(String),
61
62    /// Crypto error.
63    #[error("crypto error: {0}")]
64    CryptoError(#[from] astrid_crypto::CryptoError),
65
66    /// Serialization error.
67    #[error("serialization error: {0}")]
68    SerializationError(String),
69}
70
71/// Result type for capability operations.
72pub type CapabilityResult<T> = Result<T, CapabilityError>;