systemprompt-traits 0.1.21

Minimal shared traits and contracts for systemprompt.io
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

use std::sync::Arc;
use systemprompt_identifiers::SessionId;

pub type JwtResult<T> = Result<T, JwtProviderError>;

#[derive(Debug, thiserror::Error)]
#[non_exhaustive]
pub enum JwtProviderError {
    #[error("Invalid token")]
    InvalidToken,

    #[error("Token expired")]
    TokenExpired,

    #[error("Missing audience: {0}")]
    MissingAudience(String),

    #[error("Configuration error: {0}")]
    ConfigurationError(String),

    #[error("Internal error: {0}")]
    Internal(String),
}

impl From<anyhow::Error> for JwtProviderError {
    fn from(err: anyhow::Error) -> Self {
        Self::Internal(err.to_string())
    }
}

#[derive(Debug, Clone)]
pub struct AgentJwtClaims {
    pub subject: String,
    pub username: String,
    pub user_type: String,
    pub audiences: Vec<String>,
    pub permissions: Vec<String>,
    pub is_admin: bool,
    pub expires_at: i64,
    pub issued_at: i64,
}

impl AgentJwtClaims {
    #[must_use]
    pub fn has_audience(&self, audience: &str) -> bool {
        self.audiences.iter().any(|a| a == audience)
    }

    #[must_use]
    pub fn has_permission(&self, permission: &str) -> bool {
        self.permissions.iter().any(|p| p == permission)
    }
}

#[derive(Debug, Clone)]
pub struct GenerateTokenParams {
    pub user_id: String,
    pub username: String,
    pub user_type: String,
    pub permissions: Vec<String>,
    pub audiences: Vec<String>,
    pub session_id: SessionId,
    pub expires_in_hours: Option<u32>,
}

impl GenerateTokenParams {
    #[must_use]
    pub fn new(
        user_id: impl Into<String>,
        username: impl Into<String>,
        session_id: SessionId,
    ) -> Self {
        Self {
            user_id: user_id.into(),
            username: username.into(),
            user_type: "user".to_string(),
            permissions: Vec::new(),
            audiences: Vec::new(),
            session_id,
            expires_in_hours: None,
        }
    }

    #[must_use]
    pub fn with_user_type(mut self, user_type: impl Into<String>) -> Self {
        self.user_type = user_type.into();
        self
    }

    #[must_use]
    pub fn with_permissions(mut self, permissions: Vec<String>) -> Self {
        self.permissions = permissions;
        self
    }

    #[must_use]
    pub fn with_audiences(mut self, audiences: Vec<String>) -> Self {
        self.audiences = audiences;
        self
    }

    #[must_use]
    pub const fn with_expires_in_hours(mut self, hours: u32) -> Self {
        self.expires_in_hours = Some(hours);
        self
    }
}

pub trait JwtValidationProvider: Send + Sync {
    fn validate_token(&self, token: &str) -> JwtResult<AgentJwtClaims>;

    fn generate_token(&self, params: GenerateTokenParams) -> JwtResult<String>;

    fn generate_secure_token(&self, prefix: &str) -> String;
}

pub type DynJwtValidationProvider = Arc<dyn JwtValidationProvider>;