1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
//! The authentication seam.
//!
//! cli-forge holds the *seam*, not the logic. A command marked
//! [`requires_auth`](crate::Command::requires_auth) runs only if the app's auth
//! hook authorizes it; the hook — supplied by the consumer or a sibling
//! `cli-auth` crate — is where login/logout state actually lives. The core just
//! asks. This module is compiled only with the `auth` feature; without it,
//! `requires_auth` is inert.
//!
//! The hook is `Fn(&`[`AuthRequest`]`) -> bool`. It is consulted before an
//! auth-gated command's handler runs (returning `false` refuses the command with
//! [`ParseError::Unauthorized`](crate::ParseError::Unauthorized)) and again when
//! generating help (an unauthorized command is omitted from the listing). If no
//! hook is set, auth-gated commands are never authorized — the seam fails closed.
//!
//! Because it also runs during help generation, the hook should be pure and
//! cheap: check already-loaded session state rather than doing I/O or printing.
/// The boxed authorization hook stored on an [`App`](crate::App).
pub type AuthHook = ;
/// The context passed to the auth hook: which command is being authorized.
///
/// Marked `#[non_exhaustive]` so future context (roles, the parsed arguments,
/// …) can be added without a breaking change.
///
/// # Examples
///
/// ```
/// # #[cfg(feature = "auth")]
/// # {
/// use cli_forge::{App, Command};
///
/// let mut app = App::new("demo").auth(|req| {
/// // Only authorize `publish` when some session check passes.
/// req.command() != "publish" || session_is_valid()
/// });
/// app.register(Command::new("publish").requires_auth(true).run(|_| { /* ... */ }));
///
/// fn session_is_valid() -> bool { true }
/// # let _ = app.try_parse_from(["publish"]);
/// # }
/// ```