use std::fmt;
use serde::{Deserialize, Serialize};
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, Default)]
#[non_exhaustive]
pub enum SecurityProfile {
#[default]
Standard,
Regulated,
}
impl SecurityProfile {
#[must_use]
pub const fn standard() -> Self {
Self::Standard
}
#[must_use]
pub const fn regulated() -> Self {
Self::Regulated
}
#[must_use]
pub const fn is_standard(&self) -> bool {
matches!(self, Self::Standard)
}
#[must_use]
pub const fn is_regulated(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn name(&self) -> &'static str {
match self {
Self::Standard => "STANDARD",
Self::Regulated => "REGULATED",
}
}
#[must_use]
pub const fn rate_limit_enabled(&self) -> bool {
true
}
#[must_use]
pub const fn audit_logging_enabled(&self) -> bool {
true
}
#[must_use]
pub const fn audit_field_access(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn sensitive_field_masking(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn error_detail_reduction(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn query_logging_for_compliance(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn response_size_limits(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn field_filtering_strict(&self) -> bool {
matches!(self, Self::Regulated)
}
#[must_use]
pub const fn max_response_size_bytes(&self) -> usize {
match self {
Self::Standard => usize::MAX, Self::Regulated => 1_000_000, }
}
#[must_use]
pub const fn max_query_complexity(&self) -> usize {
match self {
Self::Standard => 100_000,
Self::Regulated => 50_000, }
}
#[must_use]
pub const fn max_query_depth(&self) -> usize {
match self {
Self::Standard => 20,
Self::Regulated => 10, }
}
#[must_use]
pub const fn rate_limit_rps(&self) -> u32 {
match self {
Self::Standard => 100,
Self::Regulated => 10, }
}
#[must_use]
pub const fn description(&self) -> &'static str {
match self {
Self::Standard => "Basic security with rate limiting and audit logging",
Self::Regulated => {
"Full compliance with field masking, error redaction, and strict limits"
},
}
}
#[must_use]
pub fn enforced_features(&self) -> Vec<&'static str> {
let mut features = vec!["Rate Limiting", "Audit Logging"];
if self.is_regulated() {
features.extend(vec![
"Field-Level Audit",
"Sensitive Field Masking",
"Error Detail Reduction",
"Query Logging for Compliance",
"Response Size Limits",
"Strict Field Filtering",
]);
}
features
}
}
impl fmt::Display for SecurityProfile {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "{}", self.name())
}
}