securitydept-token-set-context 0.2.0-beta.2

Token Set Context of SecurityDept, a layered authentication and authorization toolkit built as reusable Rust crates.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

// ---------------------------------------------------------------------------
// Propagation forwarder trait boundary
// ---------------------------------------------------------------------------
//
// These traits define the formal contract between the access-token substrate
// and any concrete forwarder implementation. The substrate does not own the
// forwarder directly — it only provides `build_forwarder` using these traits.
//
// Traits and the shared error type are unconditionally available. Concrete
// forwarder implementations (e.g. the axum reverse-proxy forwarder) are
// feature-gated.

use std::fmt;

mod error;

pub use error::{PropagationForwarderError, PropagationForwarderResult};

use super::propagation::{PropagatedBearer, PropagationRequestTarget, TokenPropagator};

/// Config-source trait for a propagation forwarder.
///
/// Implementors carry the configuration needed to construct a concrete
/// [`PropagationForwarder`]. The associated types bind the config shape to
/// the forwarder and error types, so
/// `AccessTokenSubstrateRuntime::build_forwarder` can be generic over any
/// forwarder implementation.
pub trait PropagationForwarderConfigSource: fmt::Debug {
    /// The concrete forwarder type produced by this config.
    type Forwarder: PropagationForwarder;
    /// The error type that may occur during forwarder construction.
    type Error: std::error::Error;

    /// Build a forwarder from this configuration.
    fn build_forwarder(&self) -> Result<Self::Forwarder, Self::Error>;
}

/// Runtime trait for a propagation forwarder.
///
/// Concrete implementations (e.g. `AxumReverseProxyPropagationForwarder`)
/// implement `forward` to handle the transport-level forwarding of a
/// validated bearer token to a downstream target.
pub trait PropagationForwarder: fmt::Debug + Clone + Send + Sync + 'static {
    /// The HTTP body type used for both request and response.
    type Body: Send + 'static;

    /// Validate and forward a bearer token to a downstream propagation target.
    ///
    /// The `propagator` handles destination-policy validation and
    /// authorization header construction. The concrete implementation is
    /// responsible for the actual HTTP transport.
    fn forward(
        &self,
        propagator: &TokenPropagator,
        bearer: &PropagatedBearer<'_>,
        target: &PropagationRequestTarget,
        request: http::Request<Self::Body>,
    ) -> impl Future<Output = Result<http::Response<Self::Body>, PropagationForwarderError>> + Send;
}

// ---------------------------------------------------------------------------
// Concrete forwarder implementations (feature-gated)
// ---------------------------------------------------------------------------

#[cfg(feature = "axum-reverse-proxy-propagation-forwarder")]
mod axum_reverse_proxy;

#[cfg(feature = "axum-reverse-proxy-propagation-forwarder")]
pub use axum_reverse_proxy::{
    AxumReverseProxyPropagationForwarder, AxumReverseProxyPropagationForwarderConfig,
};