Skip to main content

fraiseql_core/security/
mod.rs

1//! Security features
2//!
3//! This module provides core security infrastructure:
4//! - Security profiles (STANDARD, REGULATED)
5//! - Security headers configuration
6//! - Sensitive field masking for PII/regulated data
7//! - Field selection filtering for access control
8//! - Security error types
9//! - Authentication middleware (JWT, Auth0, Clerk)
10//! - OIDC/JWKS support for any OIDC-compliant provider
11//! - Query validation (depth, complexity)
12//! - Audit logging
13//! - TLS enforcement
14//! - Introspection control
15//! - Error formatting
16
17pub mod audit;
18pub mod auth_middleware;
19pub mod error_formatter;
20pub mod errors;
21pub mod field_filter;
22pub mod field_masking;
23pub mod headers;
24pub mod introspection_enforcer;
25pub mod kms;
26pub mod oidc;
27pub mod profiles;
28pub mod query_validator;
29pub mod rls_policy;
30pub mod security_context;
31pub mod tls_enforcer;
32pub mod validation_audit;
33
34// Re-export key types for convenience
35pub use audit::{AuditEntry, AuditLevel, AuditLogger, AuditStats};
36pub use auth_middleware::{AuthConfig, AuthMiddleware, AuthRequest, AuthenticatedUser, SigningKey};
37pub use error_formatter::{DetailLevel, ErrorFormatter};
38pub use errors::{Result, SecurityError};
39pub use field_filter::{FieldAccessError, FieldFilter, FieldFilterBuilder, FieldFilterConfig};
40pub use field_masking::{FieldMasker, FieldSensitivity};
41pub use headers::SecurityHeaders;
42pub use introspection_enforcer::{IntrospectionEnforcer, IntrospectionPolicy};
43pub use kms::{
44    BaseKmsProvider, DataKeyPair, EncryptedData, KeyPurpose, KeyReference, KeyState, KmsError,
45    KmsResult, RotationPolicy, VaultConfig, VaultKmsProvider,
46};
47pub use oidc::{OidcConfig, OidcValidator};
48pub use profiles::SecurityProfile;
49pub use query_validator::{QueryMetrics, QueryValidator, QueryValidatorConfig};
50pub use rls_policy::{CompiledRLSPolicy, DefaultRLSPolicy, NoRLSPolicy, RLSPolicy};
51pub use security_context::SecurityContext;
52pub use tls_enforcer::{TlsConfig, TlsConnection, TlsEnforcer, TlsVersion};
53pub use validation_audit::{
54    RedactionPolicy, ValidationAuditEntry, ValidationAuditLogger, ValidationAuditLoggerConfig,
55};