Skip to main content

helios_auth/
error.rs

1use std::fmt;
2
3/// Errors that can occur during authentication and authorization.
4#[derive(Debug, thiserror::Error)]
5pub enum AuthError {
6    /// No Authorization header present.
7    #[error("Missing Authorization header")]
8    MissingToken,
9
10    /// Authorization header is malformed.
11    #[error("Invalid token format: {0}")]
12    InvalidTokenFormat(String),
13
14    /// Token has expired.
15    #[error("Token expired")]
16    TokenExpired,
17
18    /// Token signature is invalid.
19    #[error("Invalid signature")]
20    InvalidSignature,
21
22    /// JWT algorithm is not in the allowed list.
23    #[error("Unsupported algorithm: {alg}")]
24    UnsupportedAlgorithm {
25        /// The algorithm that was rejected.
26        alg: String,
27    },
28
29    /// Key ID from JWT header not found in JWKS.
30    #[error("Unknown key ID: {kid}")]
31    UnknownKid {
32        /// The key ID that was not found.
33        kid: String,
34    },
35
36    /// Token with this JTI has already been used.
37    #[error("JTI replay detected: {jti}")]
38    ReplayDetected {
39        /// The replayed JWT ID.
40        jti: String,
41    },
42
43    /// Authenticated principal lacks required scopes.
44    #[error("Forbidden: insufficient scope for {operation} on {resource_type}")]
45    Forbidden {
46        /// The FHIR resource type.
47        resource_type: String,
48        /// The operation that was attempted.
49        operation: String,
50    },
51
52    /// Failed to fetch JWKS from the endpoint.
53    #[error("JWKS fetch error: {0}")]
54    JwksFetchError(String),
55
56    /// General token validation error.
57    #[error("Token validation error: {0}")]
58    ValidationError(String),
59
60    /// Internal error in the auth subsystem.
61    #[error("Internal auth error: {0}")]
62    InternalError(String),
63}
64
65/// The kind of FHIR operation being performed, used for scope checking.
66#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
67pub enum FhirOperation {
68    /// Read a resource by ID.
69    Read,
70    /// Search for resources.
71    Search,
72    /// Create a new resource.
73    Create,
74    /// Update an existing resource.
75    Update,
76    /// Delete a resource.
77    Delete,
78}
79
80impl fmt::Display for FhirOperation {
81    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
82        match self {
83            FhirOperation::Read => write!(f, "read"),
84            FhirOperation::Search => write!(f, "search"),
85            FhirOperation::Create => write!(f, "create"),
86            FhirOperation::Update => write!(f, "update"),
87            FhirOperation::Delete => write!(f, "delete"),
88        }
89    }
90}