1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
use redactedsecret::SecretString; use serde::{Deserialize, Serialize}; use std::time::{Duration, SystemTime}; use tai64::TAI64N; /// ### A an expiry date to lease a secret /// #### Example /// ``` /// use schemeguardian::global::Lease; /// let foo = Lease::Lifetime; /// assert_eq!(foo, Lease::Lifetime); /// ``` #[derive(Debug, Serialize, Deserialize, PartialEq, PartialOrd, Clone, Eq)] pub enum Lease { /// Has an expiry date of DateTime<Utc> DateExpiryTAI(TAI64N), /// This is a lease to a secret that will never expire Lifetime, /// This is a lease to a secret that will expire after the download is completed OnDownload, /// This is a lease to a secret that will expire after the upload is completed OnUpload, /// This is a lease to a secret that will expire after the network is disconnected OnDisconnection, /// The lease time has not been specified by the user UnSpecified, } impl Default for Lease { fn default() -> Self { Lease::DateExpiryTAI(TAI64N::from_system_time( &(SystemTime::now() + Duration::from_secs(timelite::LiteDuration::hours(24))), )) } } /// `Role` of the user #[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)] pub enum GenericRole<R> { /// The user with all access rights SuperUser, /// A user with administrative rights Admin, /// A user with some administrative rights SubAdmin, /// A normal user User, /// A custom role for the user CustomRole(R), /// Role is not specified hence the user has no rights Unspecified, } impl<R> Default for GenericRole<R> { fn default() -> Self { GenericRole::Unspecified } } /// A fixed set of unchangable roles #[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)] pub enum ImmutableRole { /// The user with all access rights SuperUser, /// A user with administrative rights Admin, /// A user with some administrative rights SubAdmin, /// A normal user User, /// Role is not specified hence the user has no rights Unspecified, } impl Default for ImmutableRole { fn default() -> Self { ImmutableRole::Unspecified } } /// `Target` is the resource being requested or route being accessed #[derive(Debug, Serialize, Deserialize, PartialEq)] pub enum Target { /// `Guardian` Target for accounts that have a cloud manager and a user Guardian, /// `Global` Target has access to administration and user routes or permissions Global, /// A custom role for the user CustomTarget(SecretString), /// An unspefified target Unspecified, } impl Default for Target { fn default() -> Self { Self::Unspecified } } /// A return value to an of the operation. It contains the payload of the AuthPayload /// /// `(user, role)` /// ## Example /// ```no_run /// use schemeguardian::Payload; /// use schemeguardian::ImmutableRole; /// enum MyUserEnum {Foo, Bar} /// fn fetch_from_db() -> Payload { /// // some code here /// (Default::default(), ImmutableRole::Unspecified) /// } /// ``` pub type Payload = (SecretString, ImmutableRole); /// A return value to an of the operation. It contains the payload of the AuthPayload /// /// `(user, role, target)` /// ## Example /// ```no_run /// use schemeguardian::GenericPayload; /// use schemeguardian::GenericRole; /// enum MyUserEnum {Foo, Bar} /// fn fetch_from_db<R>() -> GenericPayload<R> { /// // some code here /// (Default::default(), GenericRole::Unspecified, Default::default()) /// } /// ``` pub type GenericPayload<R> = (SecretString, GenericRole<R>, Option<SecretString>);