oauth2-passkey 0.6.0

OAuth2 and Passkey authentication library for Rust web applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

/// Session management components for authentication and user state persistence.
///
/// This module provides session handling capabilities, including creation, validation,
/// and management of user sessions for web applications. It implements secure session
/// cookies with CSRF protection.
///
/// ## Key components:
///
/// - Session cookies: Secure, HTTP-only session cookies
/// - CSRF protection: Token-based cross-site request forgery prevention
/// - User session data: Storing authenticated user information
/// - Session validation: Authentication status verification
/// - Session expiration: Time-based session invalidation
/// - Page session tokens: Additional protection for sensitive operations
///
/// ## Security features:
///
/// - Signed, HTTP-only, secure cookies
/// - Required CSRF tokens for state-changing operations
/// - Session timeouts for both inactivity and absolute duration
/// - Protection against session fixation attacks
mod config;
mod errors;
mod main;
mod types;

pub use config::SESSION_COOKIE_NAME; // Required for cookie configuration
pub use errors::SessionError;
pub use types::{
    AuthenticationStatus, CsrfHeaderVerified, CsrfToken, SessionCookie, SessionId, User, UserId,
}; // Required for session data

pub use main::{
    generate_page_session_token, get_csrf_token_from_session, get_user_and_csrf_token_from_session,
    get_user_from_session, is_authenticated_basic, is_authenticated_basic_then_csrf,
    is_authenticated_basic_then_user_and_csrf, is_authenticated_strict,
    is_authenticated_strict_then_csrf, prepare_logout_response, verify_page_session_token,
};

#[cfg(test)]
pub(crate) use main::test_utils::{insert_test_session, insert_test_user};

pub(crate) use main::user_sessions::cleanup_stale_sessions;
pub(crate) use main::{
    delete_session_from_store_by_session_id, get_session_id_from_headers, new_session_header,
};

pub(crate) fn init() {
    let _ = *config::SESSION_COOKIE_NAME;
    let _ = *config::SESSION_COOKIE_MAX_AGE;
    let _ = *config::SESSION_CONFLICT_POLICY;
}