pas-external 3.0.0

Ppoppo Accounts System (PAS) external SDK -- OAuth2 PKCE, PASETO verification, Axum middleware, session liveness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

use axum::http::StatusCode;
use axum::response::{IntoResponse, Response};

/// Authentication errors for the middleware layer.
#[derive(Debug, thiserror::Error)]
#[non_exhaustive]
pub enum AuthError {
    /// No valid session found.
    #[error("Not authenticated")]
    Unauthenticated,

    /// Session exists but is no longer valid.
    #[error("Session expired")]
    SessionExpired,

    /// OAuth2 flow error (state mismatch, token exchange failure, etc.)
    #[error("OAuth error: {0}")]
    OAuth(String),

    /// Session store operation failed.
    #[error("Session store error: {0}")]
    Store(String),

    /// Missing or invalid configuration.
    #[error("Configuration error: {0}")]
    Config(String),
}

impl IntoResponse for AuthError {
    fn into_response(self) -> Response {
        match self {
            Self::Unauthenticated | Self::SessionExpired => {
                (StatusCode::UNAUTHORIZED, self.to_string()).into_response()
            }
            Self::OAuth(_) => (StatusCode::BAD_REQUEST, self.to_string()).into_response(),
            Self::Store(_) | Self::Config(_) => {
                tracing::error!(error = %self, "Auth internal error");
                (StatusCode::INTERNAL_SERVER_ERROR, "Internal error").into_response()
            }
        }
    }
}

impl From<crate::error::Error> for AuthError {
    fn from(e: crate::error::Error) -> Self {
        Self::OAuth(e.to_string())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use static_assertions::assert_impl_all;

    assert_impl_all!(AuthError: Send, Sync);
}