khive-gate 0.2.11

Pluggable authorization gate trait + default AllowAllGate impl for khive verb dispatch.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

use serde::{Deserialize, Serialize};

use crate::GateValidationError;

// ---------- Actor ----------

/// Caller identity. `kind` distinguishes user vs agent vs lambda etc.
///
/// Invariant: both `kind` and `id` must be non-empty. Enforced at construction
/// and deserialization via `serde(try_from)`.
#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
pub struct ActorRef {
    pub kind: String,
    pub id: String,
}

/// Raw deserialization target for [`ActorRef`] — validated via `TryFrom`.
#[derive(Deserialize)]
struct RawActorRef {
    kind: String,
    id: String,
}

impl TryFrom<RawActorRef> for ActorRef {
    type Error = GateValidationError;

    fn try_from(raw: RawActorRef) -> Result<Self, Self::Error> {
        Self::try_new(raw.kind, raw.id)
    }
}

impl<'de> Deserialize<'de> for ActorRef {
    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
    where
        D: serde::Deserializer<'de>,
    {
        let raw = RawActorRef::deserialize(deserializer)?;
        ActorRef::try_from(raw).map_err(serde::de::Error::custom)
    }
}

impl ActorRef {
    /// Create a validated `ActorRef`. Returns `Err` if `kind` or `id` is empty.
    pub fn try_new(
        kind: impl Into<String>,
        id: impl Into<String>,
    ) -> Result<Self, GateValidationError> {
        let kind = kind.into();
        let id = id.into();
        if kind.is_empty() {
            return Err(GateValidationError::EmptyActorKind);
        }
        if id.is_empty() {
            return Err(GateValidationError::EmptyActorId);
        }
        Ok(Self { kind, id })
    }

    /// Create a validated `ActorRef`. Panics if `kind` or `id` is empty.
    pub fn new(kind: impl Into<String>, id: impl Into<String>) -> Self {
        Self::try_new(kind, id).expect("ActorRef::new: kind and id must not be empty")
    }

    /// The implicit caller for unauthenticated local usage.
    pub fn anonymous() -> Self {
        Self {
            kind: "anonymous".into(),
            id: "local".into(),
        }
    }
}