nythos-core 0.2.0

Infrastructure-free Rust core library for Nythos authentication and authorization.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

use crate::{
    DisplayName, Email, NythosResult, PasswordHash, TenantId, User, UserId, UserStatus, Username,
};

/// Domain-facing input used when creating a new user inside a tenant.
///
/// This keeps repository contracts focused on core data rather than storage
/// payloads or transport DTOs.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct NewUser {
    email: Email,
    username: Option<Username>,
    display_name: Option<DisplayName>,
}

impl NewUser {
    pub fn new(email: Email) -> Self {
        Self {
            email,
            username: None,
            display_name: None,
        }
    }

    pub fn with_profile(
        email: Email,
        username: Option<Username>,
        display_name: Option<DisplayName>,
    ) -> Self {
        Self {
            email,
            username,
            display_name,
        }
    }

    pub fn email(&self) -> &Email {
        &self.email
    }

    pub fn username(&self) -> Option<&Username> {
        self.username.as_ref()
    }

    pub fn display_name(&self) -> Option<&DisplayName> {
        self.display_name.as_ref()
    }

    pub fn into_email(self) -> Email {
        self.email
    }

    pub fn into_parts(self) -> (Email, Option<Username>, Option<DisplayName>) {
        (self.email, self.username, self.display_name)
    }
}

/// User credentials payload returned by the user repository for login orchestration.
///
/// This keeps password-hash details out of the core service while still allowing
/// password verification to happen in the core layer, where it belongs.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct UserCredentials {
    user: User,
    password_hash: PasswordHash,
}

impl UserCredentials {
    pub fn new(user: User, password_hash: PasswordHash) -> Self {
        Self {
            user,
            password_hash,
        }
    }

    pub fn user(&self) -> &User {
        &self.user
    }

    pub fn password_hash(&self) -> &PasswordHash {
        &self.password_hash
    }

    pub fn into_parts(self) -> (User, PasswordHash) {
        (self.user, self.password_hash)
    }
}

/// Tenant-scoped user repository contract used by registration and login flows.
///
/// All lookup and mutation methods that depend on tenant context require an
/// explicit `TenantId`. Implementations must not perform cross-tenant lookups
/// behind the scenes.
///
/// Duplicate-user and not-found behavior should be expressed through the core
/// result model and return shapes, rather than leaking database-specific errors.
///
/// Username lookup methods are explicit on purpose. Services parse
/// `LoginIdentifier` and enforce tenant auth policy before choosing which
/// repository method to call. Repositories only resolve concrete lookup keys.
pub trait UserRepository {
    /// Finds a user by normalized email within a specific tenant.
    async fn find_by_email(&self, tenant_id: TenantId, email: &Email)
    -> NythosResult<Option<User>>;

    // Finds a user by normalized username within a specific tenant.
    async fn find_by_username(
        &self,
        tenant_id: TenantId,
        username: &Username,
    ) -> NythosResult<Option<User>>;

    /// Finds a user by ID within a specific tenant.
    async fn find_by_id(&self, tenant_id: TenantId, user_id: UserId) -> NythosResult<Option<User>>;

    /// Finds a user and stored password hash by normalized email within a specific tenant.
    ///
    /// This is used by login orchestration so password verification can stay in
    /// the core service while persistence details remain outside the core.
    async fn find_credentials_by_email(
        &self,
        tenant_id: TenantId,
        email: &Email,
    ) -> NythosResult<Option<UserCredentials>>;

    /// Finds a user and stored password hash by normalized username within a specific tenant.
    ///
    /// This is used only after a service has parsed `LoginIdentifier::Username`
    /// and enforced tenant username-login policy. This method must not make
    /// tenant auth policy decisions.
    async fn find_credentials_by_username(
        &self,
        tenant_id: TenantId,
        username: &Username,
    ) -> NythosResult<Option<UserCredentials>>;

    /// Creates a new user in the given tenant using an already-validated email
    /// and an already-produced password hash.
    ///
    /// Implementations should make duplicate handling explicit through the core
    /// error model.
    async fn create(
        &self,
        tenant_id: TenantId,
        new_user: NewUser,
        password_hash: PasswordHash,
    ) -> NythosResult<User>;

    /// Updates a user's status within a specific tenant boundary.
    async fn update_status(
        &self,
        tenant_id: TenantId,
        user_id: UserId,
        status: UserStatus,
    ) -> NythosResult<()>;
}