axum-gate 1.1.0

Flexible authentication and authorization for Axum with JWT cookies or bearer tokens, optional OAuth2, and role/group/permission RBAC. Suitable for single-node and distributed systems.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

//! Authorization system for role-based, group-based, and permission-based access control.
//!
//! This module provides the core authorization framework for axum-gate, including:
//! - [`AccessPolicy`] - Define who can access protected resources
//! - [`AccessHierarchy`] - Support for hierarchical role systems
//! - [`AuthorizationService`] - Evaluate access policies against user accounts
//!
//! # Quick Start
//!
//! ```rust
//! use axum_gate::authz::{AccessPolicy, AuthorizationService};
//! use axum_gate::accounts::Account;
//! use axum_gate::prelude::{Role, Group};
//! use axum_gate::permissions::PermissionId;
//!
//! // Create access policies
//! let admin_policy = AccessPolicy::<Role, Group>::require_role(Role::Admin);
//! let staff_policy = AccessPolicy::<Role, Group>::require_role(Role::Admin)
//!     .or_require_role(Role::Moderator);
//! let group_policy = AccessPolicy::<Role, Group>::require_group(Group::new("engineering"));
//! let permission_policy = AccessPolicy::<Role, Group>::require_permission(
//!     PermissionId::from("read:api")
//! );
//!
//! // Create user account
//! let account = Account::new("user@example.com", &[Role::User], &[Group::new("engineering")]);
//!
//! // Check authorization
//! let auth_service = AuthorizationService::new(admin_policy.clone());
//! let result = auth_service.is_authorized(&account);
//! ```
//!
//! # Policy Combinations
//!
//! Access policies can be combined using `or_*` methods to create flexible access rules:
//!
//! ```rust
//! use axum_gate::authz::AccessPolicy;
//! use axum_gate::prelude::{Role, Group};
//! use axum_gate::permissions::PermissionId;
//!
//! let complex_policy = AccessPolicy::<Role, Group>::require_role(Role::Admin)
//!     .or_require_group(Group::new("security-team"))
//!     .or_require_permission(PermissionId::from("emergency:access"));
//! ```
//!
//! # Hierarchical Roles
//!
//! Use `require_role_or_supervisor` for hierarchical access where higher roles
//! inherit access from lower roles:
//!
//! ```rust
//! use axum_gate::authz::AccessPolicy;
//! use axum_gate::prelude::{Role, Group};
//!
//! // Allows User role and all supervisor roles (Reporter, Moderator, Admin)
//! let hierarchical_policy = AccessPolicy::<Role, Group>::require_role_or_supervisor(Role::User);
//! ```

#[cfg(feature = "server")]
mod server_impl {
    pub use super::access_policy::AccessPolicy;
    pub use super::access_scope::AccessScope;
    pub use super::authorization_service::AuthorizationService;
    pub use super::errors::AuthzError;
}

#[cfg(feature = "server")]
pub use server_impl::*;

pub use access_hierarchy::AccessHierarchy;

mod access_hierarchy;
#[cfg(feature = "server")]
mod access_policy;
#[cfg(feature = "server")]
mod access_scope;
#[cfg(feature = "server")]
mod authorization_service;
#[cfg(feature = "server")]
pub mod errors;