1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

//! # JWT Vault
//! ## Features
//! * Manages & Orchestrates JWT for user login, logout & renew
//! * Easy start
//! * Async ready
//! * No un-safe code
//! * Runs on stable rust
//! * Library approach (Requires no runtime)
//! * Supports plugable components (Store & Hasher)
//! * Invalidates old refresh upon new refresh token renewal
//! * Invalidates old authentication upon new authentication token renewal
//! * Handles Thundering herd problem upon authentication token expiry
//!
//! ## Prerequisite
//!
//! ```toml
//!  [dependencies]
//!  jwtvault = "*"
//!```
//!
//! ```shell script
//! $ curl https://raw.githubusercontent.com/sgrust01/jwtvault/master/generate_certificates.sh > ./generate_certificates.sh
//!```
//!
//!```shell script
//! $ chmod 700 generate_certificates.sh && ./generate_certificates.sh
//!```
//!
//!
//! ## Quickstart
//!
//!
//! ```rust
//! use jwtvault::prelude::*;
//! use std::collections::HashMap;
//! use std::collections::hash_map::DefaultHasher;
//!
//! fn main() {
//!     let mut users = HashMap::new();
//!
//!     // User: John Doe
//!    let user_john = "john_doe";
//!    let password_for_john = "john";
//!
//!    // User: Jane Doe
//!    let user_jane = "jane_doe";
//!    let password_for_jane = "jane";
//!
//!    // load users and their password from database/somewhere
//!    users.insert(user_john.to_string(), password_for_john.to_string());
//!    users.insert(user_jane.to_string(), password_for_jane.to_string());
//!
//!    let loader = CertificateManger::default();
//!
//!    // Initialize vault
//!    let mut vault = DefaultVault::new(loader, users);
//!
//!    // John needs to login now
//!    let token = block_on(vault.login(
//!        user_john,
//!        password_for_john,
//!        None,
//!        None,
//!    ));
//!    let token = token.ok().unwrap();
//!    // When John presents authentication token, it can be used to restore John's session info
//!    let server_refresh_token = block_on(resolve_session_from_client_authentication_token(
//!        &mut vault,
//!        user_john,
//!        token.authentication(),
//!    ));
//!    let server_refresh_token = server_refresh_token.ok().unwrap();
//!
//!    // server_refresh_token (variable) contains server method which captures client private info
//!    // which never leaves the server
//!    let private_info_about_john = server_refresh_token.server().unwrap();
//!    let key = digest::<_, DefaultHasher>(user_john.as_bytes());
//!    let data_on_server_side = private_info_about_john.get(&key).unwrap();
//!
//!    // server_refresh_token (variable) contains client method which captures client public info
//!    // which is also send back to client
//!    assert!(server_refresh_token.client().is_none());
//!
//!    // Check out the data on client and server which are public and private respectively
//!    println!("[Private] John Info: {}",
//!             String::from_utf8_lossy(data_on_server_side.as_slice()).to_string());
//!
//!    // lets renew authentication token
//!    let new_token = block_on(vault.renew(
//!        user_john,
//!        token.refresh(),
//!        None,
//!    ));
//!    let new_token = new_token.ok().unwrap();
//!
//!    // When John presents new authentication token it can be used to restore session info
//!    let result = block_on(resolve_session_from_client_authentication_token(
//!        &mut vault,
//!        user_john,
//!        new_token.as_str(),
//!    ));
//!    let _ = result.ok().unwrap();
//!
//!}
//! ```
//!
//!
//! # Workflows
//!
//! * To begin use login with ___***user***___ and ___***password***___
//!
//!     * Upon successful login is provides user will be provided with JWT pair (authentication/refresh)
//!
//!     * Authentication token is then provided to access any resources
//!
//!     * Refresh token is used to renew an authentication token upon expiry
//!
//! * Use resolve_session_from_client_authentication_token with ___***user***___ and ___***authentication_token***___ to restore user session
//!
//! * Use renew with ___***user***___ and ___***refresh_token***___ to generate new authentication token
//!
//! * logout with ___***user***___ and ___***authentication_token***___ will remove all tokens associated with the user
//!
//!

pub mod prelude;
pub mod api;
pub mod utils;
pub mod errors;
pub mod constants;

#[macro_use]
extern crate serde;

#[cfg(test)]
mod tests {
    #[test]
    fn it_works() {
        assert_eq!(2 + 2, 4);
    }
}