cedros-login-server 0.0.45

Authentication server for cedros-login with email/password, Google OAuth, and Solana wallet sign-in
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

//! Business logic services
//!
//! # Metrics Recommendations (S-14)
//!
//! For production observability, consider adding metrics to these key services:
//!
//! ## Authentication Metrics (jwt_service, password_service, totp_service)
//! - `auth_login_total{method=email|google|wallet|mfa}` - Login attempts counter
//! - `auth_login_duration_seconds` - Login latency histogram
//! - `auth_token_refresh_total` - Token refresh counter
//! - `auth_mfa_verification_total{success=true|false}` - MFA verification counter
//! - `auth_password_hash_duration_seconds` - Argon2 hashing latency
//!
//! ## Authorization Metrics (authorization_service, policy_service)
//! - `authz_permission_check_total{permission, allowed=true|false}` - Permission checks
//! - `authz_policy_evaluation_total{policy, result}` - Policy evaluation counter
//! - `authz_role_assignment_total{role}` - Role assignment counter
//!
//! ## External Service Metrics (google_service, solana_service, email providers)
//! - `external_request_total{service, status}` - External API call counter
//! - `external_request_duration_seconds{service}` - External API latency
//! - `google_jwks_cache_hit_total` / `google_jwks_cache_miss_total` - JWKS cache efficiency
//!
//! ## Email/Notification Metrics (comms_service, notification_service)
//! - `email_sent_total{type, provider, status}` - Email sending counter
//! - `notification_sent_total{channel, severity}` - Admin notification counter
//! - `outbox_queue_size` - Pending outbox messages gauge
//!
//! ## Recommended Libraries
//! - `metrics` + `metrics-exporter-prometheus` for Prometheus-compatible metrics
//! - Use `metrics::describe_*` for metric documentation
//! - Add `/metrics` endpoint in router for scraping

mod accreditation_service;
mod account_deletion_service;
#[cfg(test)]
mod account_deletion_service_tests;
mod apple_oauth_service;
mod apple_service;
mod audit_service;
mod authorization_service;
mod circuit_breaker;
mod comms_service;
mod credit_service;
mod credit_types;
mod deposit_credit_service;
mod deposit_fee_service;
mod deposit_service;
mod deposit_tiered_service;
mod email;
mod encrypted_payload;
mod encryption_service;
mod google_service;
mod hold_expiration_worker;
mod image_storage;
mod jupiter_swap_service;
mod jwt_service;
mod kyc_service;
pub(crate) mod kyc_stripe;
mod logging_service;
mod metrics_service;
mod mfa_attempt_service;
mod micro_batch_worker;
mod note_encryption_service;
mod notification_service;
pub mod oidc_service;
mod outbox_worker;
mod password_service;
pub mod payout_transfer;
mod policy_service;
mod privacy_sidecar_client;
mod referral_payout_worker;
pub(crate) mod referral_reward_service;
mod sanctions_service;
mod settings_service;
mod sidecar_types;
mod signup_gating_service;
mod sol_price_service;
mod solana_service;
mod step_up_service;
mod token_gating_service;
mod totp_service;
mod wallet_signing_service;
mod wallet_unlock_cache;
pub mod webauthn_service;
mod withdrawal_worker;

pub use accreditation_service::{
    AccreditationService, AccreditationStatusResponse, SubmitAccreditationData,
    SubmitAccreditationResponse,
};
pub use account_deletion_service::{delete_account, AccountDeletionOutcome};
pub use apple_oauth_service::{
    exchange_and_encrypt_refresh_token, extract_apple_refresh_token_metadata,
    revoke_encrypted_refresh_token, sync_apple_credential,
    verify_apple_id_token_for_allowed_clients,
    VerifiedAppleToken,
};
pub use apple_service::{AppleService, AppleTokenClaims};
pub use audit_service::AuditService;
pub use authorization_service::{
    AuthContext, AuthorizationResult, AuthorizationService, Permission,
};
pub use comms_service::CommsService;
pub use credit_service::{
    AdjustResult, CreditBalance, CreditHistory, CreditHistoryItem, CreditService, HoldResult,
    SpendResult,
};
pub use deposit_credit_service::{CreditParams, CreditResult, DepositCreditService};
pub use deposit_fee_service::{CalculatedFees, DepositFeeService, FeeConfig, FeePolicy};
pub use deposit_service::{DepositResult, DepositService};
pub use deposit_tiered_service::{
    execute_admin_withdrawal, MicroDepositResult, PublicDepositResult, TieredDepositService,
};
pub use email::{
    AccountDeletionEmailData, Email, EmailService, EmailType, InstantLinkEmailData,
    InviteEmailData, LogEmailService, NoopEmailService, PasswordResetEmailData,
    PostmarkEmailService, SecurityAlertEmailData, VerificationEmailData,
};
pub(crate) use encrypted_payload::decrypt_base64_payload;
pub use encryption_service::EncryptionService;
pub use google_service::{GoogleService, GoogleTokenClaims};
pub use hold_expiration_worker::{HoldExpirationConfig, HoldExpirationWorker};
pub use image_storage::{ImageStorageService, S3ImageStorageConfig, S3ImageStorageService};
pub use jupiter_swap_service::{
    ExecuteResult as JupiterExecuteResult, JupiterSwapService, OrderParams as JupiterOrderParams,
    SwapOrder as JupiterSwapOrder,
};
pub use jwt_service::{AccessTokenClaims, JwtService, TokenContext};
pub use kyc_service::{KycService, KycStartResponse, KycStatusResponse};
pub use logging_service::{init_logging, LogLevel, LoggingService};
pub use metrics_service::{
    get_prometheus_handle, init_metrics, record_auth_duration, record_auth_failure,
    record_auth_success, record_credits_spent, record_deposit, record_error, record_http_request,
    record_rate_limit_hit, record_session_created, record_session_revoked, record_user_registered,
    record_withdrawal, render_metrics, set_active_sessions, set_total_users,
};
pub use mfa_attempt_service::MfaAttemptService;
pub use micro_batch_worker::MicroBatchWorker;
pub use note_encryption_service::{
    EncryptedNote, NoteEncryptionService, NONCE_SIZE as NOTE_NONCE_SIZE,
};
pub use notification_service::{
    AdminNotification, DiscordNotificationService, LogNotificationService, NoopNotificationService,
    NotificationService, NotificationSeverity, TelegramNotificationService,
};
pub use oidc_service::OidcService;
pub use outbox_worker::{OutboxWorker, OutboxWorkerConfig};
pub use password_service::{PasswordRules, PasswordService};
pub use policy_service::{PolicyContext, PolicyEvaluationResult, PolicyService};
pub use privacy_sidecar_client::{
    BalanceResponse as SidecarBalanceResponse, DepositResponse as SidecarDepositResponse,
    PrivacySidecarClient, SidecarClientConfig, WithdrawResponse as SidecarWithdrawResponse,
};
pub use referral_payout_worker::ReferralPayoutWorker;
pub use sanctions_service::{SanctionsService, SanctionsStats};
pub use settings_service::SettingsService;
pub(crate) use signup_gating_service::period_start;
pub use signup_gating_service::{SignupGateResult, SignupGatingService};
pub use sol_price_service::SolPriceService;
pub use solana_service::SolanaService;
pub use step_up_service::{StepUpService, DEFAULT_STEP_UP_MAX_AGE_SECS};
pub use token_gating_service::{TokenGateRule, TokenGatingService};
pub use totp_service::TotpService;
pub(crate) use wallet_signing_service::derive_pubkey_from_seed;
pub use wallet_signing_service::{
    derive_child_seed_from_bytes, derive_pubkey_at_index,
    UnlockCredential as WalletUnlockCredential, WalletSigningService,
};
pub use wallet_unlock_cache::{
    create_wallet_unlock_cache, WalletUnlockCache, WalletUnlockCacheConfig,
};
pub use webauthn_service::WebAuthnService;
pub use withdrawal_worker::{WithdrawalWorker, WithdrawalWorkerConfig};