dbrest-core 0.8.6

Database-agnostic core for the dbrest REST API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

//! JWT authentication module
//!
//! Handles the full JWT authentication lifecycle for every HTTP request:
//!
//! 1. **Token extraction** — parses the `Authorization: Bearer <token>` header.
//! 2. **Validation** — verifies the signature and standard claims (`exp`,
//!    `nbf`, `iat`, `aud`) with a 30-second clock-skew tolerance.
//! 3. **Role resolution** — extracts the database role from the JWT claims
//!    using the configured JSPath, falling back to the anonymous role.
//! 4. **Caching** — stores validated results in a lock-free Moka cache
//!    keyed by the raw token string. Cache size is bounded and entries
//!    expire based on the token's `exp` claim (capped at 1 hour).
//!
//! # Supported Algorithms
//!
//! HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384.
//!
//! # Secret Formats
//!
//! - Plain UTF-8 string
//! - Base64-encoded string (`jwt_secret_is_base64 = true`)
//! - JWKS (JSON Web Key Set) — automatically detected when the secret
//!   starts with `{`.
//!
//! # Error Codes
//!
//! | Code | Meaning |
//! |------|---------|
//! | DBRST300 | Server lacks JWT secret |
//! | DBRST301 | Token decode / signature error |
//! | DBRST302 | Token required (no anonymous role) |
//! | DBRST303 | Claims validation failed |

pub mod cache;
pub mod error;
pub mod jwt;
pub mod middleware;
pub mod types;

// Re-exports for convenience
pub use cache::JwtCache;
pub use error::JwtError;
pub use middleware::{AuthState, auth_middleware};
pub use types::AuthResult;