Skip to main content

Module auth

Module auth 

Source
Expand description

Authentication primitives: Ed25519 JWT signing, Argon2id password hashing.

Ed25519 keypair is generated once and stored in the config directory. JWTs use EdDSA (Ed25519) for signing — 128-bit security, tiny keys, fast.

Structs§

Claims

Enums§

AuthError
Role

Functions§

generate_keypair
Generate a new Ed25519 keypair and write PEM files to the config dir. Returns (private_pem, public_pem).
hash_password
Hash a password using Argon2id with a random salt.
keypair_dir
load_keypair
Load the Ed25519 keypair from disk. Returns (private_pem, public_pem).
load_or_generate_keypair
Load or generate the keypair. Generates if missing.
mint_access_token
Mint a new access token.
now_unix
parse_duration_secs
Parse a duration string like “15m”, “7d”, “24h”, “3600s” into seconds.
validate_access_token
Validate an access token and return its claims.
verify_password
Verify a password against an Argon2id hash.