junobuild_auth/state/
types.rs

1pub mod state {
2    use crate::delegation::types::Timestamp;
3    use crate::openid::types::provider::{OpenIdCertificate, OpenIdProvider};
4    use crate::state::types::automation::AutomationConfig;
5    use crate::state::types::config::AuthenticationConfig;
6    use candid::CandidType;
7    use serde::{Deserialize, Serialize};
8    use std::collections::HashMap;
9
10    pub type Salt = [u8; 32];
11
12    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
13    pub struct AuthenticationHeapState {
14        /// Configuration for user authentication via delegation (Internet Identity, Google, GitHub).
15        /// Note: Field name kept as "config" for backward compatibility during upgrades.
16        pub config: AuthenticationConfig,
17        /// Configuration for CI/CD authentication.
18        pub automation: Option<AutomationConfig>,
19        pub salt: Option<Salt>,
20        pub openid: Option<OpenIdState>,
21    }
22
23    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
24    pub struct OpenIdState {
25        pub certificates: HashMap<OpenIdProvider, OpenIdCachedCertificate>,
26    }
27
28    #[derive(CandidType, Serialize, Deserialize, Clone)]
29    pub struct OpenIdCachedCertificate {
30        pub certificate: Option<OpenIdCertificate>,
31        pub last_fetch_attempt: OpenIdLastFetchAttempt,
32    }
33
34    #[derive(CandidType, Serialize, Deserialize, Clone)]
35    pub struct OpenIdLastFetchAttempt {
36        pub at: Timestamp,
37        pub streak_count: u8,
38    }
39}
40
41pub(crate) mod runtime_state {
42    use candid::Deserialize;
43    use ic_canister_sig_creation::signature_map::SignatureMap;
44    use serde::Serialize;
45
46    #[derive(Default, Serialize, Deserialize)]
47    pub struct State {
48        // Unstable state: State that resides only on the heap, that’s lost after an upgrade.
49        #[serde(skip, default)]
50        pub runtime: RuntimeState,
51    }
52
53    #[derive(Default)]
54    pub struct RuntimeState {
55        pub sigs: SignatureMap,
56    }
57}
58
59pub mod config {
60    use crate::delegation::types::DelegationTargets;
61    use crate::openid::types::provider::OpenIdDelegationProvider;
62    use candid::{CandidType, Deserialize, Principal};
63    use junobuild_shared::types::core::DomainName;
64    use junobuild_shared::types::state::{Timestamp, Version};
65    use serde::Serialize;
66    use std::collections::BTreeMap;
67
68    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
69    pub struct AuthenticationConfig {
70        pub internet_identity: Option<AuthenticationConfigInternetIdentity>,
71        pub openid: Option<AuthenticationConfigOpenId>,
72        pub rules: Option<AuthenticationRules>,
73        pub version: Option<Version>,
74        pub created_at: Option<Timestamp>,
75        pub updated_at: Option<Timestamp>,
76    }
77
78    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
79    pub struct AuthenticationConfigOpenId {
80        pub providers: OpenIdAuthProviders,
81        pub observatory_id: Option<Principal>,
82    }
83
84    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
85    pub struct AuthenticationConfigInternetIdentity {
86        pub derivation_origin: Option<DomainName>,
87        pub external_alternative_origins: Option<Vec<DomainName>>,
88    }
89
90    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
91    pub struct AuthenticationRules {
92        pub allowed_callers: Vec<Principal>,
93    }
94
95    pub type OpenIdAuthProviders = BTreeMap<OpenIdDelegationProvider, OpenIdAuthProviderConfig>;
96
97    pub type OpenIdAuthProviderClientId = String;
98
99    #[derive(Default, CandidType, Serialize, Deserialize, Clone, Debug)]
100    pub struct OpenIdAuthProviderConfig {
101        pub client_id: OpenIdAuthProviderClientId,
102        pub delegation: Option<OpenIdAuthProviderDelegationConfig>,
103    }
104
105    #[derive(Default, CandidType, Serialize, Deserialize, Clone, Debug)]
106    pub struct OpenIdAuthProviderDelegationConfig {
107        pub targets: Option<DelegationTargets>,
108        pub max_time_to_live: Option<u64>,
109    }
110}
111
112pub mod automation {
113    use crate::automation::types::AutomationScope;
114    use crate::openid::types::provider::OpenIdAutomationProvider;
115    use candid::{CandidType, Deserialize, Principal};
116    use junobuild_shared::types::state::{Timestamp, Version};
117    use serde::Serialize;
118    use std::collections::{BTreeMap, HashMap};
119
120    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
121    pub struct AutomationConfig {
122        pub openid: Option<AutomationConfigOpenId>,
123        pub version: Option<Version>,
124        pub created_at: Option<Timestamp>,
125        pub updated_at: Option<Timestamp>,
126    }
127
128    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
129    pub struct AutomationConfigOpenId {
130        pub providers: OpenIdAutomationProviders,
131        pub observatory_id: Option<Principal>,
132    }
133
134    pub type OpenIdAutomationProviders =
135        BTreeMap<OpenIdAutomationProvider, OpenIdAutomationProviderConfig>;
136
137    // Repository identifier for GitHub automation.
138    // Corresponds to the `repository` claim in GitHub OIDC tokens (e.g., "octo-org/octo-repo").
139    // See: https://docs.github.com/en/actions/concepts/security/openid-connect#understanding-the-oidc-token
140    #[derive(CandidType, Serialize, Deserialize, Clone, Debug, Hash, Eq, PartialEq)]
141    pub struct RepositoryKey {
142        // Repository owner (e.g. "octo-org")
143        pub owner: String,
144        // Repository name (e.g. "octo-repo")
145        pub name: String,
146    }
147
148    pub type OpenIdAutomationRepositories =
149        HashMap<RepositoryKey, OpenIdAutomationRepositoryConfig>;
150
151    #[derive(Default, CandidType, Serialize, Deserialize, Clone, Debug)]
152    pub struct OpenIdAutomationProviderConfig {
153        pub repositories: OpenIdAutomationRepositories,
154        pub controller: Option<OpenIdAutomationProviderControllerConfig>,
155    }
156
157    #[derive(CandidType, Serialize, Deserialize, Clone, Debug)]
158    pub struct OpenIdAutomationRepositoryConfig {
159        // Optionally restrict to specific references / branches (e.g. ["refs/heads/main", "refs/pull/74/merge"])
160        pub refs: Option<Vec<String>>,
161    }
162
163    #[derive(CandidType, Serialize, Deserialize, Clone, Debug)]
164    pub struct OpenIdAutomationProviderControllerConfig {
165        pub scope: Option<AutomationScope>,
166        pub max_time_to_live: Option<u64>,
167    }
168}
169
170pub mod interface {
171    use crate::state::types::automation::AutomationConfigOpenId;
172    use crate::state::types::config::{
173        AuthenticationConfigInternetIdentity, AuthenticationConfigOpenId, AuthenticationRules,
174    };
175    use candid::{CandidType, Deserialize};
176    use junobuild_shared::types::state::Version;
177    use serde::Serialize;
178
179    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
180    pub struct SetAuthenticationConfig {
181        pub internet_identity: Option<AuthenticationConfigInternetIdentity>,
182        pub openid: Option<AuthenticationConfigOpenId>,
183        pub rules: Option<AuthenticationRules>,
184        pub version: Option<Version>,
185    }
186
187    #[derive(Default, CandidType, Serialize, Deserialize, Clone)]
188    pub struct SetAutomationConfig {
189        pub openid: Option<AutomationConfigOpenId>,
190        pub version: Option<Version>,
191    }
192}
junobuild_auth/state/types.rs

junobuild_auth/state/
types.rs
