Skip to main content

AuthManager

haystack_server::auth

Struct AuthManager

pub struct AuthManager { /* private fields */ }

Expand description

Server-side authentication manager.

Holds user credentials, in-flight SCRAM handshakes, and active bearer tokens.

Implementations§

impl AuthManager

pub fn new(users: HashMap<String, UserRecord>, token_ttl: Duration) -> Self

Create a new AuthManager with the given user records and token TTL.

pub fn empty() -> Self

Create an AuthManager with no users (auth effectively disabled).

pub fn with_token_ttl(self, duration: Duration) -> Self

Builder method to configure the token TTL.

pub fn from_toml(path: &str) -> Result<Self, String>

Create an AuthManager from a TOML file.

pub fn from_toml_str(content: &str) -> Result<Self, String>

Create an AuthManager from TOML content string.

pub fn is_enabled(&self) -> bool

Returns true if authentication is enabled (there are registered users).

pub fn handle_hello( &self, username: &str, client_first_b64: Option<&str>, ) -> Result<String, String>

Handle a HELLO request: look up user, create SCRAM handshake.

client_first_b64 is the optional base64-encoded client-first-message containing the client nonce. If absent, the server generates a nonce (but the handshake will fail if the client expects its own nonce).

Returns the WWW-Authenticate header value for the 401 response. Unknown users receive a fake but plausible challenge to prevent username enumeration.

pub fn handle_scram( &self, handshake_token: &str, data: &str, ) -> Result<(String, String), String>

Handle a SCRAM request: verify client proof, issue auth token.

Returns (auth_token, authentication_info_header_value).

pub fn validate_token(&self, token: &str) -> Option<AuthUser>

Validate a bearer token and return the associated user.

Returns None if the token is unknown or has expired. Expired tokens are automatically removed under a single write lock to avoid TOCTOU races.

pub fn revoke_token(&self, token: &str) -> bool

Remove a bearer token (logout / close).

pub fn check_permission(user: &AuthUser, required: &str) -> bool

Check whether a user has a required permission.

Trait Implementations§

impl Drop for AuthManager

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

impl !Freeze for AuthManager

impl !RefUnwindSafe for AuthManager

impl Send for AuthManager

impl Sync for AuthManager

impl Unpin for AuthManager

impl UnsafeUnpin for AuthManager

impl UnwindSafe for AuthManager

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,