Skip to main content

Module tenant_auth

Module tenant_auth 

Source
Expand description

Multi-tenant API-key authentication (ADR 0004 §D1) — the hosted plane’s front door.

EXPERIMENTAL / pre-external-review (ADR 0004 §D7). This is the foundation for tenant isolation; it has NOT yet had the independent, non-author security review the ADR requires. Do not rely on it as a hard isolation boundary for real, mutually-distrusting tenants until that review lands. It is default-OFF (FIRSTPASS_REQUIRE_AUTH=false): with auth disabled the single-operator path is unchanged and this module only stamps the static default tenant.

Keys are verified against Argon2id password hashes via the crate’s own constant-time PasswordVerifier path (ADR 0004 §D1) — we never roll our own comparison. A missing or invalid key returns 401 with an opaque body, so there is no “unknown tenant” oracle.

Structs§

TenantId
A resolved tenant identity, injected into request extensions by auth_middleware.
TenantKeys
Argon2id-hashed per-tenant API keys, keyed by tenant id.

Enums§

AuthConfigError
Errors building TenantKeys or hashing a key.

Functions§

auth_middleware
Axum middleware: resolve the tenant for a request and inject a TenantId into extensions.