wae_authentication/jwt/
config.rs

1//! JWT 配置模块
2
3use std::time::Duration;
4
5/// JWT 签名算法
6#[derive(Debug, Clone, Copy, PartialEq, Eq)]
7pub enum JwtAlgorithm {
8    /// HMAC SHA-256
9    HS256,
10    /// HMAC SHA-384
11    HS384,
12    /// HMAC SHA-512
13    HS512,
14    /// RSASSA-PKCS1-v1_5 SHA-256
15    RS256,
16    /// RSASSA-PKCS1-v1_5 SHA-384
17    RS384,
18    /// RSASSA-PKCS1-v1_5 SHA-512
19    RS512,
20    /// ECDSA SHA-256
21    ES256,
22    /// ECDSA SHA-384
23    ES384,
24}
25
26impl Default for JwtAlgorithm {
27    fn default() -> Self {
28        Self::HS256
29    }
30}
31
32impl From<JwtAlgorithm> for jsonwebtoken::Algorithm {
33    fn from(alg: JwtAlgorithm) -> Self {
34        match alg {
35            JwtAlgorithm::HS256 => jsonwebtoken::Algorithm::HS256,
36            JwtAlgorithm::HS384 => jsonwebtoken::Algorithm::HS384,
37            JwtAlgorithm::HS512 => jsonwebtoken::Algorithm::HS512,
38            JwtAlgorithm::RS256 => jsonwebtoken::Algorithm::RS256,
39            JwtAlgorithm::RS384 => jsonwebtoken::Algorithm::RS384,
40            JwtAlgorithm::RS512 => jsonwebtoken::Algorithm::RS512,
41            JwtAlgorithm::ES256 => jsonwebtoken::Algorithm::ES256,
42            JwtAlgorithm::ES384 => jsonwebtoken::Algorithm::ES384,
43        }
44    }
45}
46
47/// JWT 配置
48#[derive(Debug, Clone)]
49pub struct JwtConfig {
50    /// 签名密钥（对称算法使用）或私钥（非对称算法）
51    pub secret: String,
52
53    /// 公钥（非对称算法使用）
54    pub public_key: Option<String>,
55
56    /// 签名算法
57    pub algorithm: JwtAlgorithm,
58
59    /// 签发者
60    pub issuer: Option<String>,
61
62    /// 受众
63    pub audience: Option<String>,
64
65    /// 访问令牌有效期
66    pub access_token_ttl: Duration,
67
68    /// 刷新令牌有效期
69    pub refresh_token_ttl: Duration,
70
71    /// 是否验证签发者
72    pub validate_issuer: bool,
73
74    /// 是否验证受众
75    pub validate_audience: bool,
76
77    /// 时钟偏移容忍度（秒）
78    pub leeway_seconds: i64,
79}
80
81impl JwtConfig {
82    /// 创建新的 JWT 配置
83    ///
84    /// # Arguments
85    /// * `secret` - 签名密钥
86    pub fn new(secret: impl Into<String>) -> Self {
87        Self {
88            secret: secret.into(),
89            public_key: None,
90            algorithm: JwtAlgorithm::HS256,
91            issuer: None,
92            audience: None,
93            access_token_ttl: Duration::from_secs(3600),
94            refresh_token_ttl: Duration::from_secs(86400 * 7),
95            validate_issuer: false,
96            validate_audience: false,
97            leeway_seconds: 60,
98        }
99    }
100
101    /// 设置签名算法
102    pub fn with_algorithm(mut self, algorithm: JwtAlgorithm) -> Self {
103        self.algorithm = algorithm;
104        self
105    }
106
107    /// 设置签发者
108    pub fn with_issuer(mut self, issuer: impl Into<String>) -> Self {
109        self.issuer = Some(issuer.into());
110        self.validate_issuer = true;
111        self
112    }
113
114    /// 设置受众
115    pub fn with_audience(mut self, audience: impl Into<String>) -> Self {
116        self.audience = Some(audience.into());
117        self.validate_audience = true;
118        self
119    }
120
121    /// 设置访问令牌有效期
122    pub fn with_access_token_ttl(mut self, ttl: Duration) -> Self {
123        self.access_token_ttl = ttl;
124        self
125    }
126
127    /// 设置刷新令牌有效期
128    pub fn with_refresh_token_ttl(mut self, ttl: Duration) -> Self {
129        self.refresh_token_ttl = ttl;
130        self
131    }
132
133    /// 设置公钥
134    pub fn with_public_key(mut self, public_key: impl Into<String>) -> Self {
135        self.public_key = Some(public_key.into());
136        self
137    }
138
139    /// 设置时钟偏移容忍度
140    pub fn with_leeway(mut self, seconds: i64) -> Self {
141        self.leeway_seconds = seconds;
142        self
143    }
144
145    /// 获取访问令牌过期时间（秒）
146    pub fn access_token_expires_in(&self) -> i64 {
147        self.access_token_ttl.as_secs() as i64
148    }
149
150    /// 获取刷新令牌过期时间（秒）
151    pub fn refresh_token_expires_in(&self) -> i64 {
152        self.refresh_token_ttl.as_secs() as i64
153    }
154}
155
156impl Default for JwtConfig {
157    fn default() -> Self {
158        Self::new("default-secret-key-please-change-in-production")
159    }
160}
161
162/// JWT 验证选项
163#[derive(Debug, Clone)]
164pub struct JwtValidation {
165    /// 是否验证签名
166    pub validate_signature: bool,
167
168    /// 是否验证过期时间
169    pub validate_exp: bool,
170
171    /// 是否验证生效时间
172    pub validate_nbf: bool,
173
174    /// 是否验证签发者
175    pub validate_iss: bool,
176
177    /// 是否验证受众
178    pub validate_aud: bool,
179
180    /// 时钟偏移容忍度
181    pub leeway: i64,
182}
183
184impl Default for JwtValidation {
185    fn default() -> Self {
186        Self {
187            validate_signature: true,
188            validate_exp: true,
189            validate_nbf: true,
190            validate_iss: false,
191            validate_aud: false,
192            leeway: 60,
193        }
194    }
195}
196
197impl JwtValidation {
198    /// 创建新的验证选项
199    pub fn new() -> Self {
200        Self::default()
201    }
202
203    /// 设置是否验证签发者
204    pub fn with_issuer_validation(mut self, validate: bool) -> Self {
205        self.validate_iss = validate;
206        self
207    }
208
209    /// 设置是否验证受众
210    pub fn with_audience_validation(mut self, validate: bool) -> Self {
211        self.validate_aud = validate;
212        self
213    }
214
215    /// 设置时钟偏移容忍度
216    pub fn with_leeway(mut self, seconds: i64) -> Self {
217        self.leeway = seconds;
218        self
219    }
220}
wae_authentication/jwt/config.rs

wae_authentication/jwt/
config.rs
