Native auth contracts for pocopine server functions.
The crate stays provider-neutral. Pocopine's generated server routes
build a host-only request context before decoding the server-function
body; host middleware can validate a session/JWT/provider token and
insert an [AuthUser] or [Principal] into request extensions.
Guards then inspect that context through ordinary Rust functions.
Module layout
- [
role] — [Role] and [Permission] (stringly-typed grant tokens) - [
user] — [AuthUser] (the canonical user payload + claim bag) - [
principal] — [Principal] (request identity) and [Session] - [
context] — [RequestContext] andensure_*/require_*guards (host-only) - [
provider] — [AuthProvider], [SessionStore], [AuthError] - [
predicate] — [Predicate] trait, [Decision] outcome, and combinators (any_of,all_of,require_auth,require_role,require_permission)