mellon 0.1.0

Library for adding contemporary authentication to rust-based websites.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

use poem_openapi::{
    ApiResponse, Object,
    payload::{Json, PlainText},
};

#[derive(ApiResponse)]
pub enum CreateUser {
    /// A new user was successfully created
    #[oai(status = 200)]
    Bearer(PlainText<String>),
    /// The name is too complex (longer than 32 characters and contains non-alphanumeric characters)
    #[oai(status = 400)]
    NameIsTooComplex,
    /// The name is already taken
    #[oai(status = 409)]
    NameAlreadyTaken,
    /// Other error
    #[oai(status = 500)]
    Other,
}

#[derive(Default, Object)]
pub struct LoginChallenges {
    pub password: bool,
    pub totp: bool,
    pub webauthn: Option<serde_json::Value>,
}

/// Request login challenge
#[derive(ApiResponse)]
pub enum PrepareLogin {
    /// Information on what data to provide to proceed with login
    #[oai(status = 200)]
    Challenges(Json<LoginChallenges>),
    /// The name is too complex (longer than 32 characters and contains non-alphanumeric characters)
    #[oai(status = 400)]
    NameIsTooComplex,
    /// Username not found
    #[oai(status = 404)]
    UsernameNotFound,
    /// Other error. Details might be deliberately omitted
    #[oai(status = 500)]
    Other,
}

#[derive(ApiResponse)]
pub enum FinishLogin {
    /// Login successful
    #[oai(status = 200)]
    Bearer(PlainText<String>),
    #[oai(status = 400)]
    InvalidDataFormat,
    #[oai(status = 401)]
    WrongUsername,
    #[oai(status = 403)]
    Unauthorized,
    #[oai(status = 500)]
    Other,
}

#[derive(Object)]
pub struct CurrentCredentialsList {
    pub password: bool,
    pub totp: bool,
    pub webauthn_keys: usize,
}

#[derive(ApiResponse)]
pub enum CurrentCredentials {
    #[oai(status = 200)]
    List(Json<CurrentCredentialsList>),
    #[oai(status = 500)]
    Other,
}

#[derive(ApiResponse)]
pub enum CurrentWebauthnCredentials {
    #[oai(status = 200)]
    List(Json<Vec<WebAuthnCredential>>),
    #[oai(status = 500)]
    Other,
}

#[derive(Object)]
pub struct WebAuthnCredential {
    pub name: String,
}

#[derive(ApiResponse)]
pub enum SimpleTask {
    #[oai(status = 204)]
    Done,
    #[oai(status = 400)]
    BadInput,
    #[oai(status = 403)]
    InsufficientPermissions,
    #[oai(status = 500)]
    Failed,
}

#[derive(Object)]
pub struct NewTotpSetup {
    pub seed_base32: String,
    pub authenticator_url: String,
}

#[derive(ApiResponse)]
pub enum NewTotp {
    #[oai(status = 200)]
    Setup(Json<NewTotpSetup>),
    #[oai(status = 403)]
    InsufficientPermissions,
    #[oai(status = 500)]
    Other,
}

#[derive(ApiResponse)]
pub enum NewWebauthnCredential {
    /// Type-erased value of `webauthn_rs::prelude::CreationChallengeResponse`
    #[oai(status = 200)]
    Setup(Json<serde_json::Value>),
    #[oai(status = 403)]
    InsufficientPermissions,
    #[oai(status = 500)]
    Other,
}

#[derive(ApiResponse)]
pub enum ConfirmNewWebauthnCredential {
    /// The new webauthn credential has been successfully installed
    #[oai(status = 204)]
    Done,
    /// The name for the key uses characters that are not allowed or it is longer than 32 characters
    #[oai(status = 400)]
    KeyNameIsTooComplex,
    /// Authentication parameters are not correct
    #[oai(status = 401)]
    AuthFailed,
    /// Authentication token does not have the `upd` priviledge
    #[oai(status = 403)]
    InsufficientPermissions,
    /// Data does not confirm to schema
    #[oai(status = 422)]
    BadWebauthnPayload,
    /// Something else went wrong
    #[oai(status = 500)]
    Other,
}