road-runner-common 0.8.0

Shared Rust utilities for exchange ecosystem backend services.
Documentation
//! Canonical permission (scope) strings shared across services.
//!
//! These are the fixed, Bybit-style API-key permissions. Services reference these constants
//! instead of hardcoding strings so the wire values never drift. `road-runner-common` stays
//! domain-agnostic: it only declares the names; ownership/validation lives in the identity
//! service, enforcement happens per-endpoint via [`crate::UserContext::require_scope`].

/// Read-only access (account, balances, orders, positions).
pub const READ: &str = "read";
/// Spot trading.
pub const SPOT: &str = "spot";
/// Derivatives (futures / perpetuals) trading.
pub const DERIVATIVES: &str = "derivatives";
/// Internal wallet transfers.
pub const WALLET_TRANSFER: &str = "wallet_transfer";
/// Withdrawals (requires an IP allowlist on the key).
pub const WITHDRAW: &str = "withdraw";

/// The full Core catalog, in canonical order.
pub const ALL: &[&str] = &[READ, SPOT, DERIVATIVES, WALLET_TRANSFER, WITHDRAW];

/// True when `scope` is a recognized permission.
pub fn is_valid(scope: &str) -> bool {
    ALL.contains(&scope)
}

/// True when a permission grants more than read access (anything other than [`READ`]).
pub fn is_write(scope: &str) -> bool {
    scope != READ
}