Skip to main content

feagi_api/security/auth/
context.rs

1// Copyright 2025 Neuraville Inc.
2// SPDX-License-Identifier: Apache-2.0
3
4/// Authentication method (stub)
5#[derive(Debug, Clone)]
6pub enum AuthMethod {
7    /// Anonymous (no authentication) - default for now
8    Anonymous,
9    /// API key authentication (future)
10    ApiKey,
11    /// JWT authentication (future)
12    Jwt,
13    /// Mutual TLS (future)
14    MutualTls,
15}
16
17/// Authentication context (stub)
18#[derive(Debug, Clone)]
19pub struct AuthContext {
20    /// Principal ID (user/service identifier)
21    pub principal_id: String,
22
23    /// Authentication method used
24    pub auth_method: AuthMethod,
25
26    /// User roles (future RBAC)
27    pub roles: Vec<String>,
28
29    /// Whether the principal is authenticated
30    pub is_authenticated: bool,
31}
32
33impl AuthContext {
34    /// Create anonymous context (default - no authentication)
35    pub fn anonymous() -> Self {
36        Self {
37            principal_id: "anonymous".to_string(),
38            auth_method: AuthMethod::Anonymous,
39            roles: vec!["viewer".to_string()],
40            is_authenticated: false,
41        }
42    }
43
44    /// Create authenticated context (future)
45    #[allow(dead_code)]
46    pub fn authenticated(
47        principal_id: impl Into<String>,
48        method: AuthMethod,
49        roles: Vec<String>,
50    ) -> Self {
51        Self {
52            principal_id: principal_id.into(),
53            auth_method: method,
54            roles,
55            is_authenticated: true,
56        }
57    }
58
59    /// Check if user has role (stub - always returns true for now)
60    pub fn has_role(&self, _role: &str) -> bool {
61        true // Stub: always allow
62    }
63
64    /// Require authentication (stub - always succeeds for now)
65    pub fn require_auth(&self) -> Result<(), AuthError> {
66        Ok(()) // Stub: always allow
67    }
68
69    /// Require specific role (stub - always succeeds for now)
70    pub fn require_role(&self, _role: &str) -> Result<(), AuthError> {
71        Ok(()) // Stub: always allow
72    }
73}
74
75/// Authentication error (stub)
76#[derive(Debug, Clone)]
77pub struct AuthError {
78    pub message: String,
79}
80
81impl AuthError {
82    pub fn new(message: impl Into<String>) -> Self {
83        Self {
84            message: message.into(),
85        }
86    }
87}
88
89impl std::fmt::Display for AuthError {
90    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
91        write!(f, "{}", self.message)
92    }
93}
94
95impl std::error::Error for AuthError {}