rustio_admin/auth/
mod.rs

1//! Authentication & authorization.
2//!
3//! Three pieces:
4//! - `users.rs`       — user records, password hashing, login
5//! - `sessions.rs`    — DB-backed sessions with expiry cleanup
6//! - `permissions.rs` — granular permissions + groups
7//!
8//! A user belongs to zero or more groups. Permissions come from two
9//! sources: (a) direct assignments on the user, (b) inherited from
10//! the user's groups. The permission string is
11//! `<app>.<action>_<model>` — e.g. `posts.change_post`.
12
13mod permissions;
14mod role;
15mod sessions;
16mod users;
17
18pub(crate) use permissions::invalidate_user_cache;
19pub use permissions::{
20    add_user_to_group, check_permission, create_group, grant_to_group, grant_to_user,
21    init_permission_tables, permissions_for_user, register_model_permissions,
22    remove_user_from_group, Permission, PermissionError, Superuser,
23};
24pub use role::Role;
25pub use sessions::{
26    create_session, delete_session, identity_from_session, init_session_tables,
27    purge_expired_sessions, session_token_from_cookie, SESSION_COOKIE,
28};
29pub use users::{
30    create_user, find_user_by_email, hash_password, init_user_tables, load_user_profile, login,
31    migrate_user_schema, set_password, update_user_role, verify_password, would_orphan_developers,
32    Identity, StoredUser, UserProfile,
33};
34
35use crate::error::Result;
36use crate::orm::Db;
37
38/// Initialise every auth-related table. Safe to call on every boot.
39pub async fn init_tables(db: &Db) -> Result<()> {
40    init_user_tables(db).await?;
41    migrate_user_schema(db).await?;
42    init_session_tables(db).await?;
43    sessions::migrate_session_schema(db).await?;
44    init_permission_tables(db).await?;
45    Ok(())
46}
rustio_admin/auth/mod.rs

rustio_admin/auth/
mod.rs
