cloudillo-core 0.8.13

Core infrastructure for the Cloudillo platform: middleware, extractors, scheduler, rate limiting, and access control
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

// SPDX-FileCopyrightText: Szilárd Hajba
// SPDX-License-Identifier: LGPL-3.0-or-later

//! Core infrastructure for the Cloudillo platform.
//!
//! This crate contains shared infrastructure modules that are used by the server
//! crate and potentially by future feature crates. Extracting these into a separate
//! crate enables better build parallelism and clearer module boundaries.

pub mod abac;
pub mod acme;
pub mod app;
pub mod bootstrap_types;
pub mod core_settings;
pub mod create_perm;
pub mod dns;
pub mod extensions;
pub mod extract;
pub mod file_access;
pub mod log;
pub mod middleware;
pub mod prelude;
pub mod profile_visibility;
pub mod proxy_token_cache;
pub mod rate_limit;
pub mod request;
pub mod roles;
pub mod scheduler;
pub mod settings;
pub mod ws_broadcast;
pub mod ws_bus;

use std::net::IpAddr;
use std::pin::Pin;

// Re-export commonly used types
pub use app::{App, AppBuilderOpts, AppState, ServerMode};
pub use extract::{Auth, IdTag, OptionalAuth};
pub use middleware::{PermissionCheckFactory, PermissionCheckInput, PermissionCheckOutput};
pub use profile_visibility::{CommunityRole, RequesterTier, SectionVisibility};
pub use proxy_token_cache::ProxyTokenCache;
pub use ws_broadcast::BroadcastManager;

/// Type-erased function for verifying action tokens.
/// Registered as an extension by the server's action module.
/// Used by auth module for the token exchange flow.
pub type ActionVerifyFn = Box<
	dyn for<'a> Fn(
			&'a app::App,
			cloudillo_types::types::TnId,
			&'a str,
			Option<&'a IpAddr>,
		) -> Pin<
			Box<
				dyn Future<
						Output = cloudillo_types::error::ClResult<
							cloudillo_types::auth_adapter::ActionToken,
						>,
					> + Send
					+ 'a,
			>,
		> + Send
		+ Sync,
>;

/// Type-erased function for creating a complete tenant (bootstrap).
/// Registered as an extension by the server's bootstrap module.
/// Used by profile crate for registration and community creation.
pub type CreateCompleteTenantFn = Box<
	dyn for<'a> Fn(
			&'a app::App,
			bootstrap_types::CreateCompleteTenantOptions<'a>,
		) -> Pin<
			Box<
				dyn Future<Output = cloudillo_types::error::ClResult<cloudillo_types::types::TnId>>
					+ Send
					+ 'a,
			>,
		> + Send
		+ Sync,
>;

/// Type-erased function for creating an action.
/// Registered as an extension by the server's action module.
/// Used by profile crate for community CONN creation.
pub type CreateActionFn = Box<
	dyn for<'a> Fn(
			&'a app::App,
			cloudillo_types::types::TnId,
			&'a str,
			cloudillo_types::action_types::CreateAction,
		) -> Pin<
			Box<dyn Future<Output = cloudillo_types::error::ClResult<Box<str>>> + Send + 'a>,
		> + Send
		+ Sync,
>;

/// Parameters passed to a `ScheduleEmailFn` invocation. Mirrors
/// `cloudillo_email::EmailTaskParams` but lives in core so the ACME renewal
/// task (and other core-side tasks) can schedule emails without a cyclic
/// dependency on the email crate.
pub struct ScheduleEmailParams {
	pub to: String,
	pub template_name: String,
	pub template_vars: serde_json::Value,
	pub lang: Option<String>,
	pub custom_key: Option<String>,
	pub from_name_override: Option<String>,
}

/// Type-erased function for scheduling a templated email via the scheduler.
/// Registered as an extension by the server's app module (delegates to
/// `cloudillo_email::EmailModule::schedule_email_task`).
pub type ScheduleEmailFn = Box<
	dyn for<'a> Fn(
			&'a app::App,
			cloudillo_types::types::TnId,
			ScheduleEmailParams,
		) -> Pin<
			Box<dyn Future<Output = cloudillo_types::error::ClResult<()>> + Send + 'a>,
		> + Send
		+ Sync,
>;

/// Type-erased function invoked once the very first ACME certificate for a
/// tenant has been successfully issued. Registered by the profile crate so
/// it can flush deferred work (e.g. queueing a welcome email that requires
/// HTTPS to be usable). Called from `acme::handle_renewal_success` only when
/// the renewal row's pre-renewal `expires_at` was `None`.
///
/// **Implementations MUST be idempotent.** The hook may fire multiple times
/// for the same `tn_id`: the bootstrap path (`bootstrap.rs`) and the
/// early-retry task (`acme.rs::AcmeEarlyRetryTask`) can both observe the
/// first successful issuance after a process restart, both with
/// `is_first_issuance: true`. Implementations must dedupe — e.g. by using a
/// scheduler dedup key or a marker setting cleared after first run.
pub type OnFirstCertIssuedFn = Box<
	dyn for<'a> Fn(
			&'a app::App,
			cloudillo_types::types::TnId,
			&'a str,
		) -> Pin<
			Box<dyn Future<Output = cloudillo_types::error::ClResult<()>> + Send + 'a>,
		> + Send
		+ Sync,
>;

/// Type-erased function for ensuring a remote profile exists locally.
/// Registered as an extension by the server's app module.
/// Used by action hooks for profile sync.
pub type EnsureProfileFn = Box<
	dyn for<'a> Fn(
			&'a app::App,
			cloudillo_types::types::TnId,
			&'a str,
		) -> Pin<
			Box<dyn Future<Output = cloudillo_types::error::ClResult<bool>> + Send + 'a>,
		> + Send
		+ Sync,
>;

pub fn register_settings(
	registry: &mut settings::SettingsRegistry,
) -> cloudillo_types::error::ClResult<()> {
	core_settings::register_settings(registry)
}

// vim: ts=4