Skip to main content

fraiseql_core/security/
mod.rs

1//! Security features
2//!
3//! This module provides core security infrastructure:
4//! - Security profiles (STANDARD, REGULATED)
5//! - Security headers configuration
6//! - Sensitive field masking for PII/regulated data
7//! - Field selection filtering for access control
8//! - Security error types
9//! - Authentication middleware (JWT, Auth0, Clerk)
10//! - OIDC/JWKS support for any OIDC-compliant provider
11//! - Query validation (depth, complexity)
12//! - Audit logging
13//! - TLS enforcement
14//! - Introspection control
15//! - Error formatting
16
17pub mod audit;
18#[cfg(feature = "audit-syslog")]
19pub mod audit_export_syslog;
20#[cfg(feature = "audit-webhook")]
21pub mod audit_export_webhook;
22pub mod auth_middleware;
23pub mod error_formatter;
24pub mod errors;
25pub mod field_filter;
26pub mod field_masking;
27pub mod headers;
28pub mod introspection_enforcer;
29pub mod kms;
30pub mod oidc;
31pub mod profiles;
32pub mod query_validator;
33pub mod rls_policy;
34pub mod security_context;
35pub mod tls_enforcer;
36pub mod validation_audit;
37
38// Re-export key types for convenience
39pub use audit::{
40    AuditEntry, AuditExportConfig, AuditExporter, AuditLevel, AuditLogger, AuditStats,
41    SyslogExportConfig, WebhookExportConfig,
42};
43#[cfg(feature = "audit-syslog")]
44pub use audit_export_syslog::SyslogAuditExporter;
45#[cfg(feature = "audit-webhook")]
46pub use audit_export_webhook::WebhookAuditExporter;
47pub use auth_middleware::{AuthConfig, AuthMiddleware, AuthRequest, AuthenticatedUser, SigningKey};
48pub use error_formatter::{DetailLevel, ErrorFormatter};
49pub use errors::SecurityError;
50pub use field_filter::{FieldAccessError, FieldFilter, FieldFilterBuilder, FieldFilterConfig};
51pub use field_masking::{FieldMasker, FieldSensitivity};
52pub use headers::SecurityHeaders;
53pub use introspection_enforcer::{IntrospectionEnforcer, IntrospectionPolicy};
54pub use kms::{
55    BaseKmsProvider, DataKeyPair, EncryptedData, KeyPurpose, KeyReference, KeyState, KmsError,
56    KmsResult, RotationPolicy, VaultConfig, VaultKmsProvider,
57};
58pub use oidc::{OidcConfig, OidcValidator};
59pub use profiles::SecurityProfile;
60pub use query_validator::{QueryValidator, QueryValidatorConfig};
61pub use rls_policy::{CompiledRLSPolicy, DefaultRLSPolicy, NoRLSPolicy, RLSPolicy, RlsWhereClause};
62pub use security_context::SecurityContext;
63pub use tls_enforcer::{TlsConfig, TlsConnection, TlsEnforcer, TlsVersion};
64pub use validation_audit::{
65    RedactionPolicy, ValidationAuditEntry, ValidationAuditLogger, ValidationAuditLoggerConfig,
66};
67
68pub use crate::graphql::complexity::QueryMetrics;