1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
//! AWS Signature Version 2 and 4 request authentication for Rustack.
//!
//! This crate provides SigV4 and SigV2 signature verification for incoming HTTP
//! requests to AWS-compatible services. It supports header-based authentication
//! (via the `Authorization` header), presigned URL authentication (via query
//! parameters), and legacy SigV2 authentication (HMAC-SHA1).
//!
//! # Overview
//!
//! AWS Signature Version 4 is the standard authentication mechanism for AWS API
//! requests. This crate implements the verification side: given an incoming HTTP
//! request and a credential store, it verifies that the request was signed by a
//! known access key with the correct secret key.
//!
//! # Usage
//!
//! ```rust
//! use rustack_auth::credentials::{CredentialProvider, StaticCredentialProvider};
//! use rustack_auth::sigv4::{hash_payload, verify_sigv4};
//!
//! // Set up credentials
//! let provider = StaticCredentialProvider::new(vec![
//! ("AKIAIOSFODNN7EXAMPLE".to_owned(), "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".to_owned()),
//! ]);
//!
//! // For header-based auth, call verify_sigv4 with the request parts and body hash.
//! // For presigned URLs, call verify_presigned with the request parts.
//! ```
//!
//! # Modules
//!
//! - [`canonical`] - Canonical request construction per the SigV4 specification
//! - [`credentials`] - Credential provider trait and in-memory implementation
//! - [`error`] - Authentication error types
//! - [`presigned`] - Presigned URL verification
//! - [`sigv2`] - Legacy SigV2 signature verification (HMAC-SHA1)
//! - [`sigv4`] - Main SigV4 signature verification logic
pub use ;
pub use AuthError;
pub use verify_presigned;
pub use ;
pub use ;