Expand description
Security features
This module provides core security infrastructure:
- Security profiles (STANDARD, REGULATED)
- Security headers configuration
- Sensitive field masking for PII/regulated data
- Field selection filtering for access control
- Security error types
- Authentication middleware (JWT, Auth0, Clerk)
- OIDC/JWKS support for any OIDC-compliant provider
- Query validation (depth, complexity)
- Audit logging
- TLS enforcement
- Introspection control
- Error formatting
Re-exports§
pub use audit::AuditEntry;pub use audit::AuditLevel;pub use audit::AuditLogger;pub use audit::AuditStats;pub use auth_middleware::AuthConfig;pub use auth_middleware::AuthMiddleware;pub use auth_middleware::AuthRequest;pub use auth_middleware::AuthenticatedUser;pub use auth_middleware::SigningKey;pub use error_formatter::DetailLevel;pub use error_formatter::ErrorFormatter;pub use errors::Result;pub use errors::SecurityError;pub use field_filter::FieldAccessError;pub use field_filter::FieldFilter;pub use field_filter::FieldFilterBuilder;pub use field_filter::FieldFilterConfig;pub use field_masking::FieldMasker;pub use field_masking::FieldSensitivity;pub use headers::SecurityHeaders;pub use introspection_enforcer::IntrospectionEnforcer;pub use introspection_enforcer::IntrospectionPolicy;pub use kms::BaseKmsProvider;pub use kms::DataKeyPair;pub use kms::EncryptedData;pub use kms::KeyPurpose;pub use kms::KeyReference;pub use kms::KeyState;pub use kms::KmsError;pub use kms::KmsResult;pub use kms::RotationPolicy;pub use kms::VaultConfig;pub use kms::VaultKmsProvider;pub use oidc::OidcConfig;pub use oidc::OidcValidator;pub use profiles::SecurityProfile;pub use query_validator::QueryMetrics;pub use query_validator::QueryValidator;pub use query_validator::QueryValidatorConfig;pub use rls_policy::CompiledRLSPolicy;pub use rls_policy::DefaultRLSPolicy;pub use rls_policy::NoRLSPolicy;pub use rls_policy::RLSPolicy;pub use security_context::SecurityContext;pub use tls_enforcer::TlsConfig;pub use tls_enforcer::TlsConnection;pub use tls_enforcer::TlsEnforcer;pub use tls_enforcer::TlsVersion;pub use validation_audit::RedactionPolicy;pub use validation_audit::ValidationAuditEntry;pub use validation_audit::ValidationAuditLogger;pub use validation_audit::ValidationAuditLoggerConfig;
Modules§
- audit
- Audit logging for GraphQL operations
- auth_
middleware - Authentication Middleware
- error_
formatter - Error Formatter
- errors
- Security-specific error types for comprehensive error handling.
- field_
filter - Field selection filtering for GraphQL queries
- field_
masking - Sensitive field masking for compliance profiles
- headers
- Security header enforcement.
- introspection_
enforcer - Introspection Enforcer
- kms
- Key Management System (KMS) for encryption and secrets management.
- oidc
- OIDC Discovery and JWKS Support
- profiles
- Security Profiles - v1.9.6 enforcement levels
- query_
validator - Query Validator
- rls_
policy - Row-Level Security (RLS) Policy Evaluation
- security_
context - Security context for runtime authorization
- tls_
enforcer - TLS Security Enforcement
- validation_
audit - Validation-specific audit logging with tenant isolation and PII redaction.