ej_auth/lib.rs
1//! Authentication utilities for the EJ framework.
2//!
3//! Provides JWT tokens, password hashing, and content verification for EJ services.
4//!
5//! # Features
6//!
7//! - **JWT Tokens**: Create and validate JSON Web Tokens
8//! - **Password Hashing**: Secure Argon2-based password storage
9//! - **SHA-256**: Content hashing for integrity checks
10//! - **Auth Responses**: Standard Bearer token responses
11//!
12//! # Components
13//!
14//! ## JWT ([`jwt`])
15//!
16//! Create and validate JWT tokens for service authentication.
17//!
18//! ## Passwords ([`secret_hash`])
19//!
20//! Hash and verify passwords using Argon2.
21//!
22//! ## Hashing ([`sha256`])
23//!
24//! SHA-256 hashing for content integrity.
25//!
26//! ## Responses ([`auth_body`])
27//!
28//! Standard authentication response structures.
29//!
30//! # Examples
31//!
32//! ## JWT Tokens
33//!
34//! ```rust
35//! use ej_auth::jwt::{jwt_encode, jwt_decode};
36//! use serde::{Serialize, Deserialize};
37//! use std::env;
38//! unsafe { env::set_var("JWT_SECRET", "MySuperSecret"); }
39//!
40//! #[derive(Debug, PartialEq, Eq, Serialize, Deserialize)]
41//! struct Claims {
42//! sub: String,
43//! exp: usize,
44//! }
45//!
46//! let claims = Claims {
47//! sub: "user-123".to_string(),
48//! exp: 4118335200,
49//! };
50//!
51//! let token = jwt_encode(&claims).unwrap();
52//! let decoded = jwt_decode::<Claims>(&token).unwrap();
53//! assert_eq!(claims, decoded.claims);
54//! ```
55//!
56//! ## Password Hashing
57//!
58//! ```rust
59//! use ej_auth::secret_hash::{generate_secret_hash, is_secret_valid};
60//!
61//! let password = "my_password";
62//! let hash = generate_secret_hash(password).unwrap();
63//! let is_valid = is_secret_valid(password, &hash).unwrap();
64//! assert!(is_valid);
65//! ```
66//!
67//! ## Content Hashing
68//!
69//! ```rust
70//! use ej_auth::sha256::generate_hash;
71//!
72//! let content = "some data";
73//! let hash = generate_hash(content);
74//! assert_eq!(hash.len(), 64);
75//! ```
76//!
77//! # Security Notes
78//!
79//! - Keep JWT secrets secure and rotate regularly
80//! - Set appropriate token expiration times
81//! - Store passwords as hashes only
82//! - Use HTTPS for authentication
83//!
84//! # Configuration
85//!
86//! Set `JWT_SECRET` environment variable for token signing.
87
88pub mod auth_body;
89pub mod error;
90pub mod jwt;
91pub mod prelude;
92pub mod secret_hash;
93pub mod sha256;
94
95/// JWT issuer identifier.
96pub const ISS: &str = "EJ";
97
98/// HTTP Authorization header name.
99pub const AUTH_HEADER: &str = "Authorization";
100
101/// Bearer token prefix.
102pub const AUTH_HEADER_PREFIX: &str = "Bearer ";
103
104/// Token type for connection tokens.
105pub const CONNECTION_TOKEN_TYPE: &str = "Bearer";