Skip to main content

edgebase_admin/
admin_auth.rs

1//! EdgeBase Rust SDK — AdminAuthClient (server-only)
2
3use crate::generated::admin_api_core::GeneratedAdminApi;
4use edgebase_core::{Error, http_client::HttpClient};
5use serde_json::{json, Value};
6use std::collections::HashMap;
7use std::sync::Arc;
8
9/// Server-side user management — requires Service Key.
10pub struct AdminAuthClient {
11    http: Arc<HttpClient>,
12}
13
14impl AdminAuthClient {
15    pub fn new(http: Arc<HttpClient>) -> Self { Self { http } }
16
17    fn core(&self) -> GeneratedAdminApi<'_> {
18        GeneratedAdminApi::new(&self.http)
19    }
20
21    pub async fn get_user(&self, user_id: &str) -> Result<HashMap<String, Value>, Error> {
22        let v = self.core().admin_auth_get_user(user_id).await?;
23        Ok(value_to_map(v))
24    }
25
26    /// List users with pagination. `cursor` is the ID of the last user from the previous page.
27    pub async fn list_users(&self, limit: u32, cursor: Option<&str>) -> Result<Value, Error> {
28        let mut query = HashMap::new();
29        query.insert("limit".to_string(), limit.to_string());
30        if let Some(c) = cursor {
31            query.insert("cursor".to_string(), c.to_string());
32        }
33        self.core().admin_auth_list_users(&query).await
34    }
35
36    pub async fn create_user(&self, email: &str, password: &str) -> Result<HashMap<String, Value>, Error> {
37        let body = json!({ "email": email, "password": password });
38        let v = self.core().admin_auth_create_user(&body).await?;
39        Ok(value_to_map(v))
40    }
41
42    pub async fn update_user(&self, user_id: &str, data: &Value) -> Result<HashMap<String, Value>, Error> {
43        let v = self.core().admin_auth_update_user(user_id, data).await?;
44        Ok(value_to_map(v))
45    }
46
47    pub async fn delete_user(&self, user_id: &str) -> Result<(), Error> {
48        self.core().admin_auth_delete_user(user_id).await?;
49        Ok(())
50    }
51
52    /// Set custom JWT claims for a user. Server uses PUT.
53    pub async fn set_custom_claims(&self, user_id: &str, claims: serde_json::Value) -> Result<(), Error> {
54        self.core().admin_auth_set_claims(user_id, &claims).await?;
55        Ok(())
56    }
57
58    /// Revoke all active sessions for a user, forcing re-authentication.
59    pub async fn revoke_all_sessions(&self, user_id: &str) -> Result<(), Error> {
60        self.core().admin_auth_revoke_user_sessions(user_id).await?;
61        Ok(())
62    }
63
64    /// Disable MFA for a user (admin operation via Service Key).
65    /// Removes all MFA factors, allowing the user to sign in without MFA.
66    pub async fn disable_mfa(&self, user_id: &str) -> Result<(), Error> {
67        self.core().admin_auth_delete_user_mfa(user_id).await?;
68        Ok(())
69    }
70}
71
72fn value_to_map(v: Value) -> HashMap<String, Value> {
73    match v {
74        Value::Object(mut m) => {
75            if let Some(Value::Object(user)) = m.remove("user") {
76                return user.into_iter().collect();
77            }
78            m.into_iter().collect()
79        }
80        _ => HashMap::new(),
81    }
82}