systemprompt_models/profile/
security.rs1use std::path::PathBuf;
2
3use crate::auth::JwtAudience;
4use serde::{Deserialize, Serialize};
5
6const fn default_allow_registration() -> bool {
7 true
8}
9
10fn default_signing_key_path() -> PathBuf {
11 PathBuf::from("signing_key.pem")
12}
13
14#[derive(Debug, Clone, Serialize, Deserialize, schemars::JsonSchema)]
15#[serde(deny_unknown_fields)]
16pub struct SecurityConfig {
17 #[serde(rename = "jwt_issuer")]
18 pub issuer: String,
19
20 #[serde(rename = "jwt_access_token_expiration")]
21 pub access_token_expiration: i64,
22
23 #[serde(rename = "jwt_refresh_token_expiration")]
24 pub refresh_token_expiration: i64,
25
26 #[serde(rename = "jwt_audiences")]
27 pub audiences: Vec<JwtAudience>,
28
29 #[serde(default)]
30 pub allowed_resource_audiences: Vec<String>,
31
32 #[serde(default = "default_allow_registration")]
33 pub allow_registration: bool,
34
35 #[serde(default = "default_signing_key_path")]
36 pub signing_key_path: PathBuf,
37
38 #[serde(default, skip_serializing_if = "Vec::is_empty")]
39 pub trusted_issuers: Vec<TrustedIssuer>,
40}
41
42#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, schemars::JsonSchema)]
43#[serde(deny_unknown_fields)]
44pub struct TrustedIssuer {
45 pub issuer: String,
46 pub jwks_uri: String,
47 pub audience: String,
48}