koan_server/auth/mod.rs
1//! Authentication layer for the koan server.
2//!
3//! When `auth_enabled = true`:
4//! - All GraphQL/Subsonic requests must carry a valid JWT in `Authorization: Bearer <token>`
5//! - Auth routes (/auth/login, /auth/refresh, /auth/logout) are always accessible
6//!
7//! When `auth_enabled = false` (default):
8//! - All requests are treated as admin — no auth required. Same behavior as before this feature.
9
10pub mod middleware;
11pub mod routes;
12
13use koan_core::auth::Role;
14
15/// Authenticated user context injected into request extensions and GraphQL context.
16#[derive(Debug, Clone)]
17pub struct AuthUser {
18 pub user_id: i64,
19 pub username: String,
20 pub role: Role,
21}
22
23impl AuthUser {
24 /// Anonymous admin user for when auth is disabled.
25 pub fn anonymous_admin() -> Self {
26 Self {
27 user_id: 0,
28 username: "anonymous".into(),
29 role: Role::Admin,
30 }
31 }
32}