codlet-core 0.15.0

Core authentication primitives for codlet: code policy, generation, normalization, keyed lookup derivation, lifecycle state machines, and storage traits.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

//! In-memory form-token store (RFC-011 ยง10.3). Non-production.

use std::sync::Mutex;

use crate::hashing::LookupKey;
use crate::state::{TokenConsumeOutcome, classify_token_consume};
use crate::store::error::StoreError;
use crate::store::token::{FormTokenRecord, FormTokenStore, TokenSubject};

#[derive(Debug, Clone)]
struct MemTokenRow {
    lookup_key: LookupKey,
    subject: TokenSubject,
    purpose: String,
    bound_resource: Option<String>,
    expires_at: u64,
    consumed_at: Option<u64>,
    result_ref: Option<String>,
}

/// **Non-production** in-memory form-token store.
#[derive(Debug, Default)]
pub struct MemFormTokenStore {
    rows: Mutex<Vec<MemTokenRow>>,
}

impl MemFormTokenStore {
    /// Construct an empty in-memory form-token store.
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }
}

impl FormTokenStore for MemFormTokenStore {
    async fn insert_form_token(&self, record: FormTokenRecord) -> Result<(), StoreError> {
        let mut rows = self
            .rows
            .lock()
            .map_err(|e| StoreError::Backend(e.to_string()))?;
        rows.push(MemTokenRow {
            lookup_key: record.lookup_key,
            subject: record.subject,
            purpose: record.purpose,
            bound_resource: record.bound_resource,
            expires_at: record.expires_at,
            consumed_at: None,
            result_ref: None,
        });
        Ok(())
    }

    async fn consume_form_token(
        &self,
        lookup_key: &LookupKey,
        subject: &TokenSubject,
        purpose: &str,
        bound_resource: Option<&str>,
        now: u64,
    ) -> Result<(TokenConsumeOutcome, Option<String>), StoreError> {
        let mut rows = self
            .rows
            .lock()
            .map_err(|e| StoreError::Backend(e.to_string()))?;

        // Atomic conditional update: set consumed_at if all conditions hold.
        let mut changed = 0usize;
        let mut found_row_idx: Option<usize> = None;

        for (i, row) in rows.iter_mut().enumerate() {
            // Binding checks: lookup key + subject + purpose + binding.
            if !row.lookup_key.ct_eq(lookup_key)
                || row.subject != *subject
                || row.purpose != purpose
            {
                continue;
            }
            // Remember the index for the follow-up classification SELECT.
            found_row_idx = Some(i);

            // Conditional consume: unconsumed AND not expired.
            if row.consumed_at.is_none() && row.expires_at > now {
                // Binding check on bound_resource.
                let br_ok = match (bound_resource, &row.bound_resource) {
                    (Some(expected), Some(stored)) => expected == stored.as_str(),
                    (None, _) => true,
                    (Some(_), None) => false,
                };
                if br_ok {
                    row.consumed_at = Some(now);
                    changed += 1;
                }
            }
        }

        if changed > 1 {
            return Err(StoreError::InvariantViolation(format!(
                "consume_form_token changed {changed} rows"
            )));
        }

        if changed == 1 {
            return Ok((TokenConsumeOutcome::Proceed, None));
        }

        // changed == 0: classify via follow-up read.
        match found_row_idx {
            None => Ok((TokenConsumeOutcome::Invalid, None)),
            Some(idx) => {
                let row = &rows[idx];
                let already_consumed = row.consumed_at.is_some();
                let binding_ok = match (bound_resource, &row.bound_resource) {
                    (Some(expected), Some(stored)) => expected == stored.as_str(),
                    (None, _) => true,
                    (Some(_), None) => false,
                };
                let outcome = classify_token_consume(0, true, already_consumed, binding_ok);
                let result_ref = if outcome == TokenConsumeOutcome::Replay {
                    row.result_ref.clone()
                } else {
                    None
                };
                Ok((outcome, result_ref))
            }
        }
    }

    async fn set_token_result(
        &self,
        lookup_key: &LookupKey,
        result_ref: &str,
    ) -> Result<(), StoreError> {
        let mut rows = self
            .rows
            .lock()
            .map_err(|e| StoreError::Backend(e.to_string()))?;
        for row in rows.iter_mut() {
            if row.lookup_key.ct_eq(lookup_key) && row.consumed_at.is_some() {
                row.result_ref = Some(result_ref.to_string());
            }
        }
        Ok(())
    }
}