nythos-core 0.1.2

Infrastructure-free Rust core library for Nythos authentication and authorization.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

use crate::{NythosResult, RevocationChecker, SessionId, SessionStore, TenantId, UserId};

/// Input for revoking a single session.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct RevokeSessionInput {
    session_id: SessionId,
}

impl RevokeSessionInput {
    pub const fn new(session_id: SessionId) -> Self {
        Self { session_id }
    }

    pub const fn session_id(&self) -> SessionId {
        self.session_id
    }
}

/// Input for revoking all sessions for a user within a tenant.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct RevokeAllSessionsInput {
    tenant_id: TenantId,
    user_id: UserId,
}

impl RevokeAllSessionsInput {
    pub const fn new(tenant_id: TenantId, user_id: UserId) -> Self {
        Self { tenant_id, user_id }
    }

    pub const fn tenant_id(&self) -> TenantId {
        self.tenant_id
    }

    pub const fn user_id(&self) -> UserId {
        self.user_id
    }
}

/// Domain result for revoke operations.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct RevokeResult {
    revoked: bool,
}

impl RevokeResult {
    pub const fn new(revoked: bool) -> Self {
        Self { revoked }
    }

    pub const fn revoked(&self) -> bool {
        self.revoked
    }
}

/// Service for revoking a single session.
pub struct RevokeSessionService<'a, S, C> {
    session_store: &'a S,
    revocation_checker: &'a C,
}

impl<'a, S, C> RevokeSessionService<'a, S, C>
where
    S: SessionStore,
    C: RevocationChecker,
{
    pub fn new(session_store: &'a S, revocation_checker: &'a C) -> Self {
        Self {
            session_store,
            revocation_checker,
        }
    }

    pub async fn revoke(&self, input: RevokeSessionInput) -> NythosResult<RevokeResult> {
        if self
            .revocation_checker
            .is_revoked(input.session_id())
            .await?
        {
            return Ok(RevokeResult::new(false));
        }

        self.session_store
            .revoke_session(input.session_id())
            .await?;
        Ok(RevokeResult::new(true))
    }
}

/// Service for revoking all sessions for a user within a tenant.
pub struct RevokeAllSessionsService<'a, S> {
    session_store: &'a S,
}

impl<'a, S> RevokeAllSessionsService<'a, S>
where
    S: SessionStore,
{
    pub fn new(session_store: &'a S) -> Self {
        Self { session_store }
    }

    pub async fn revoke_all(&self, input: RevokeAllSessionsInput) -> NythosResult<RevokeResult> {
        self.session_store
            .revoke_all_for_user(input.tenant_id(), input.user_id())
            .await?;

        Ok(RevokeResult::new(true))
    }
}