Skip to main content

trellis_auth/
models.rs

1use serde::{Deserialize, Serialize};
2use serde_json::Value;
3use tokio::sync::oneshot;
4
5use trellis_client::SessionAuth;
6use trellis_sdk_auth::{AuthenticatedUser, SentinelCredsRecord};
7
8/// Persisted admin session details for the CLI.
9#[derive(Debug, Clone, Serialize, Deserialize)]
10pub struct AdminSessionState {
11    pub auth_url: String,
12    pub nats_servers: String,
13    pub session_seed: String,
14    pub session_key: String,
15    pub binding_token: String,
16    pub sentinel_jwt: String,
17    pub sentinel_seed: String,
18    pub expires: String,
19}
20
21/// A successfully bound user session.
22#[derive(Debug, Clone, Deserialize, Serialize)]
23pub struct BoundSession {
24    #[serde(rename = "bindingToken")]
25    pub binding_token: String,
26    #[serde(rename = "inboxPrefix")]
27    pub inbox_prefix: String,
28    pub expires: String,
29    pub sentinel: SentinelCredsRecord,
30}
31
32#[derive(Debug, Clone, Deserialize)]
33pub(crate) struct BindResponseBound {
34    #[serde(rename = "bindingToken")]
35    pub binding_token: String,
36    #[serde(rename = "inboxPrefix")]
37    pub inbox_prefix: String,
38    pub expires: String,
39    pub sentinel: SentinelCredsRecord,
40}
41
42#[derive(Debug, Clone, Deserialize)]
43#[serde(tag = "status", rename_all = "snake_case")]
44pub(crate) enum BindResponse {
45    Bound(BindResponseBound),
46    ApprovalRequired {
47        approval: Value,
48    },
49    ApprovalDenied {
50        approval: Value,
51    },
52    InsufficientCapabilities {
53        approval: Value,
54        #[serde(rename = "missingCapabilities")]
55        missing_capabilities: Vec<String>,
56    },
57}
58
59#[derive(Debug, Clone, Deserialize)]
60pub(crate) struct CallbackTokenRequest {
61    #[serde(rename = "authToken")]
62    pub auth_token: Option<String>,
63    #[serde(rename = "authError")]
64    pub auth_error: Option<String>,
65}
66
67#[derive(Debug)]
68pub(crate) enum CallbackOutcome {
69    AuthToken(String),
70    AuthError(String),
71}
72
73/// An in-progress browser login flow waiting for the auth callback.
74pub struct BrowserLoginChallenge {
75    pub(crate) login_url: String,
76    pub(crate) session_seed: String,
77    pub(crate) auth: SessionAuth,
78    pub(crate) receiver: oneshot::Receiver<CallbackOutcome>,
79    pub(crate) server_handle: tokio::task::JoinHandle<()>,
80}
81
82/// Options for starting a browser-based admin login flow.
83pub struct StartBrowserLoginOpts<'a> {
84    pub auth_url: &'a str,
85    pub provider: &'a str,
86    pub listen: &'a str,
87    pub contract_json: &'a str,
88}
89
90/// Successful browser-login result after the admin user has been verified.
91pub struct AdminLoginOutcome {
92    pub state: AdminSessionState,
93    pub user: AuthenticatedUser,
94}