Skip to main content

dsp_cli/render/
auth.rs

1//! Auth renderer-input shapes — typed values passed to `Renderer::auth_*` methods.
2//!
3//! These are render-layer types, not domain model types. They live here rather
4//! than in `src/model/` because they flow from the action layer into the
5//! renderer, not across the client→action boundary. See ADR-0008 for the
6//! layer split.
7
8use chrono::{DateTime, Utc};
9
10/// Outcome passed to `Renderer::auth_login` on a successful login.
11pub struct AuthLoginOutcome {
12    /// Resolved server URL (after `Config::resolve`).
13    pub server: String,
14    /// Authenticated user identifier (email, username, or IRI) — echoed from
15    /// the `--user` value the user supplied.
16    pub user: String,
17    /// Token expiry derived from the JWT `exp` claim, if present.
18    pub expires_at: Option<DateTime<Utc>>,
19}
20
21/// Outcome passed to `Renderer::auth_status` — either logged-in or not.
22pub enum AuthStatusOutcome {
23    /// A token for this server exists in the auth cache.
24    LoggedIn {
25        /// Resolved server URL.
26        server: String,
27        /// Username stored in the cache, if any.
28        user: Option<String>,
29        /// Token expiry stored in the cache, if any.
30        expires_at: Option<DateTime<Utc>>,
31        /// `true` when `expires_at` is set and is in the past.
32        expired: bool,
33    },
34    /// A token was supplied via the `DSP_TOKEN` environment variable, which
35    /// overrides the cached token (ADR-0007). No user is available (the cached
36    /// `user` comes from the login response body, not from the token itself).
37    /// Expiry is read via `client::jwt::extract_exp` for display only; if the
38    /// token is not a parseable JWT, `expires_at` is `None` ("expiry unknown").
39    AuthenticatedViaEnv {
40        /// Resolved server URL.
41        server: String,
42        /// Token expiry derived from the JWT `exp` claim, if parseable.
43        /// `None` means the token's `exp` was unreadable ("expiry unknown").
44        expires_at: Option<DateTime<Utc>>,
45        /// `true` when `expires_at` is `Some` and the timestamp is in the past.
46        expired: bool,
47    },
48    /// No token for this server in the auth cache (or no cache file).
49    NotLoggedIn {
50        /// Resolved server URL.
51        server: String,
52    },
53}
54
55/// Outcome passed to `Renderer::auth_logout`.
56pub struct AuthLogoutOutcome {
57    /// Resolved server URL.
58    pub server: String,
59    /// `true` when an entry was actually removed from the cache.
60    pub was_cached: bool,
61}
62
63/// Outcome passed to `Renderer::auth_set_token` after caching a stdin-provided token.
64pub struct AuthSetTokenOutcome {
65    /// Resolved server URL (after `Config::resolve`).
66    pub server: String,
67    /// User identifier from the JWT `sub` claim (a user IRI); `None` if the
68    /// claim is absent. This is display-only metadata — it is **not** verified
69    /// and must not be used as an access-control input.
70    pub user: Option<String>,
71    /// Token expiry derived from the JWT `exp` claim, if present.
72    pub expires_at: Option<DateTime<Utc>>,
73}