mockforge-http 0.3.116

HTTP/REST protocol support for MockForge
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

//! Risk assessment engine for authentication
//!
//! This module provides risk-based authentication challenges including
//! MFA prompts, device challenges, and blocked login simulation.

use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::sync::Arc;
use tokio::sync::RwLock;

/// Risk assessment result
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RiskAssessment {
    /// Overall risk score (0.0 - 1.0)
    pub risk_score: f64,
    /// Risk factors contributing to the score
    pub risk_factors: Vec<RiskFactor>,
    /// Recommended action based on risk
    pub recommended_action: RiskAction,
}

/// Individual risk factor
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RiskFactor {
    /// Factor name
    pub name: String,
    /// Factor weight
    pub weight: f64,
    /// Factor value (0.0 - 1.0)
    pub value: f64,
    /// Contribution to overall risk score
    pub contribution: f64,
}

/// Risk-based action
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum RiskAction {
    /// Allow normal authentication
    Allow,
    /// Require device challenge
    DeviceChallenge,
    /// Require MFA
    RequireMfa,
    /// Block login
    Block,
}

/// Risk engine configuration
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RiskEngineConfig {
    /// MFA threshold (0.0 - 1.0)
    pub mfa_threshold: f64,
    /// Device challenge threshold (0.0 - 1.0)
    pub device_challenge_threshold: f64,
    /// Blocked login threshold (0.0 - 1.0)
    pub blocked_login_threshold: f64,
    /// Risk factor weights
    pub risk_factors: HashMap<String, f64>,
    /// Risk rules (conditions -> actions)
    pub risk_rules: Vec<RiskRule>,
}

/// Risk rule
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RiskRule {
    /// Condition (e.g., "risk_score > 0.9")
    pub condition: String,
    /// Action to take
    pub action: RiskAction,
}

impl Default for RiskEngineConfig {
    fn default() -> Self {
        let mut risk_factors = HashMap::new();
        risk_factors.insert("new_device".to_string(), 0.3);
        risk_factors.insert("unusual_location".to_string(), 0.4);
        risk_factors.insert("suspicious_activity".to_string(), 0.5);

        let risk_rules = vec![
            RiskRule {
                condition: "risk_score > 0.9".to_string(),
                action: RiskAction::Block,
            },
            RiskRule {
                condition: "risk_score > 0.7".to_string(),
                action: RiskAction::RequireMfa,
            },
            RiskRule {
                condition: "risk_score > 0.5".to_string(),
                action: RiskAction::DeviceChallenge,
            },
        ];

        Self {
            mfa_threshold: 0.7,
            device_challenge_threshold: 0.5,
            blocked_login_threshold: 0.9,
            risk_factors,
            risk_rules,
        }
    }
}

/// Risk engine state
#[derive(Debug, Clone)]
pub struct RiskEngine {
    /// Configuration
    pub config: RiskEngineConfig,
    /// Simulated risk scores (user_id -> risk_score override)
    pub simulated_risks: Arc<RwLock<HashMap<String, Option<f64>>>>,
    /// Simulated risk factors (user_id -> risk_factors override)
    pub simulated_factors: Arc<RwLock<HashMap<String, HashMap<String, f64>>>>,
}

impl RiskEngine {
    /// Create new risk engine
    pub fn new(config: RiskEngineConfig) -> Self {
        Self {
            config,
            simulated_risks: Arc::new(RwLock::new(HashMap::new())),
            simulated_factors: Arc::new(RwLock::new(HashMap::new())),
        }
    }

    /// Assess risk for an authentication request
    pub async fn assess_risk(
        &self,
        user_id: &str,
        risk_factors: &HashMap<String, f64>,
    ) -> RiskAssessment {
        // Check for simulated risk score override
        let simulated_risk = {
            let risks = self.simulated_risks.read().await;
            risks.get(user_id).copied().flatten()
        };

        if let Some(risk_score) = simulated_risk {
            return self.create_assessment_from_score(risk_score);
        }

        // Check for simulated risk factors override
        let factors_to_use = {
            let simulated = self.simulated_factors.read().await;
            if let Some(simulated_factors) = simulated.get(user_id) {
                simulated_factors.clone()
            } else {
                risk_factors.clone()
            }
        };

        // Calculate risk score from factors
        let mut risk_factors_vec = Vec::new();
        let mut total_score = 0.0;

        for (name, value) in factors_to_use {
            let weight = self.config.risk_factors.get(&name).copied().unwrap_or(0.0);
            let contribution = weight * value;
            total_score += contribution;

            risk_factors_vec.push(RiskFactor {
                name: name.clone(),
                weight,
                value,
                contribution,
            });
        }

        // Clamp score to 0.0 - 1.0
        let risk_score = total_score.clamp(0.0, 1.0);

        // Determine recommended action
        let recommended_action = self.determine_action(risk_score);

        RiskAssessment {
            risk_score,
            risk_factors: risk_factors_vec,
            recommended_action,
        }
    }

    /// Create assessment from a risk score (for simulation)
    fn create_assessment_from_score(&self, risk_score: f64) -> RiskAssessment {
        let recommended_action = self.determine_action(risk_score);

        RiskAssessment {
            risk_score,
            risk_factors: vec![],
            recommended_action,
        }
    }

    /// Determine action based on risk score
    fn determine_action(&self, risk_score: f64) -> RiskAction {
        // Check risk rules first
        for rule in &self.config.risk_rules {
            if self.evaluate_condition(&rule.condition, risk_score) {
                return rule.action.clone();
            }
        }

        // Fallback to threshold-based logic
        if risk_score >= self.config.blocked_login_threshold {
            RiskAction::Block
        } else if risk_score >= self.config.mfa_threshold {
            RiskAction::RequireMfa
        } else if risk_score >= self.config.device_challenge_threshold {
            RiskAction::DeviceChallenge
        } else {
            RiskAction::Allow
        }
    }

    /// Evaluate a risk condition
    fn evaluate_condition(&self, condition: &str, risk_score: f64) -> bool {
        // Check multi-character operators before single-character ones
        // to avoid `>=` being incorrectly matched by `>`.
        if condition.contains(">=") {
            let parts: Vec<&str> = condition.split(">=").collect();
            if parts.len() == 2 {
                if let Ok(threshold) = parts[1].trim().parse::<f64>() {
                    return risk_score >= threshold;
                }
            }
        } else if condition.contains("<=") {
            let parts: Vec<&str> = condition.split("<=").collect();
            if parts.len() == 2 {
                if let Ok(threshold) = parts[1].trim().parse::<f64>() {
                    return risk_score <= threshold;
                }
            }
        } else if condition.contains("==") {
            let parts: Vec<&str> = condition.split("==").collect();
            if parts.len() == 2 {
                if let Ok(threshold) = parts[1].trim().parse::<f64>() {
                    return (risk_score - threshold).abs() < 0.001;
                }
            }
        } else if condition.contains('>') {
            let parts: Vec<&str> = condition.split('>').collect();
            if parts.len() == 2 {
                if let Ok(threshold) = parts[1].trim().parse::<f64>() {
                    return risk_score > threshold;
                }
            }
        } else if condition.contains('<') {
            let parts: Vec<&str> = condition.split('<').collect();
            if parts.len() == 2 {
                if let Ok(threshold) = parts[1].trim().parse::<f64>() {
                    return risk_score < threshold;
                }
            }
        }

        false
    }

    /// Set simulated risk score for a user
    pub async fn set_simulated_risk(&self, user_id: String, risk_score: Option<f64>) {
        let mut risks = self.simulated_risks.write().await;
        if let Some(score) = risk_score {
            risks.insert(user_id, Some(score));
        } else {
            risks.remove(&user_id);
        }
    }

    /// Set simulated risk factors for a user
    pub async fn set_simulated_factors(&self, user_id: String, factors: HashMap<String, f64>) {
        let mut simulated = self.simulated_factors.write().await;
        simulated.insert(user_id, factors);
    }

    /// Clear simulated risk for a user
    pub async fn clear_simulated_risk(&self, user_id: &str) {
        let mut risks = self.simulated_risks.write().await;
        risks.remove(user_id);
        let mut factors = self.simulated_factors.write().await;
        factors.remove(user_id);
    }
}

impl Default for RiskEngine {
    fn default() -> Self {
        Self::new(RiskEngineConfig::default())
    }
}