Skip to main content

koan_server/auth/
mod.rs

1//! Authentication layer for the koan server.
2//!
3//! When `auth_enabled = true`:
4//!   - All GraphQL/Subsonic requests must carry a valid JWT in `Authorization: Bearer <token>`
5//!   - Auth routes (/auth/login, /auth/refresh, /auth/logout) are always accessible
6//!
7//! When `auth_enabled = false` (default):
8//!   - All requests are treated as admin — no auth required. Same behavior as before this feature.
9
10pub mod middleware;
11pub mod routes;
12
13use koan_core::auth::Role;
14
15/// Authenticated user context injected into request extensions and GraphQL context.
16#[derive(Debug, Clone)]
17pub struct AuthUser {
18    pub user_id: i64,
19    pub username: String,
20    pub role: Role,
21}
22
23impl AuthUser {
24    /// Anonymous admin user for when auth is disabled.
25    pub fn anonymous_admin() -> Self {
26        Self {
27            user_id: 0,
28            username: "anonymous".into(),
29            role: Role::Admin,
30        }
31    }
32}