SecurityService

kotoba_security

Struct SecurityService 

Source 
pub struct SecurityService { /* private fields */ }
Expand description

Main security service combining all components

Implementations§

Source§

impl SecurityService

Source

pub async fn new(config: SecurityConfig) -> Result<Self>

Create a new security service with the given configuration

Source

pub async fn authenticate_local( &self, identifier: &str, password: &str, ) -> Result<AuthResult>

Authenticate a user with username/email and password

Source

pub async fn start_oauth2_flow( &self, provider: OAuth2Provider, ) -> Result<String>

Start OAuth2 authentication flow

Source

pub async fn complete_oauth2_flow( &self, provider: OAuth2Provider, code: &str, state: &str, ) -> Result<AuthResult>

Complete OAuth2 authentication flow

Source

pub fn setup_mfa(&self, user_id: &str) -> Result<(String, String)>

Generate MFA secret and QR code for user

Source

pub fn verify_mfa(&self, secret: &str, code: &str) -> Result<bool>

Verify MFA code

Source

pub fn validate_token(&self, token: &str) -> Result<JwtClaims>

Validate JWT token

Source

pub fn generate_tokens( &self, user_id: &str, roles: Vec<String>, ) -> Result<TokenPair>

Generate new token pair

Source

pub fn refresh_token(&self, refresh_token: &str) -> Result<TokenPair>

Refresh access token

Source

pub fn check_authorization( &self, principal: &Principal, resource: &Resource, ) -> AuthzResult

Check authorization for principal on resource using capabilities

Source

pub fn hash_password(&self, password: &str) -> Result<PasswordHash>

Hash password

Source

pub fn verify_password( &self, password: &str, hash: &PasswordHash, ) -> Result<bool>

Verify password against hash

Source

pub fn grant_capabilities( &self, principal_caps: &CapabilitySet, new_caps: Vec<Capability>, ) -> CapabilitySet

Grant capabilities to a principal

Source

pub fn revoke_capabilities( &self, principal_caps: &CapabilitySet, caps_to_revoke: Vec<Capability>, ) -> CapabilitySet

Revoke capabilities from a principal

Source

pub fn attenuate_capabilities( &self, cap_set: &CapabilitySet, restrictions: Vec<Capability>, ) -> CapabilitySet

Create an attenuated capability set for safer operations

Source

pub fn create_principal_with_capabilities( &self, user_id: String, capabilities: CapabilitySet, roles: Vec<String>, permissions: Vec<String>, attributes: HashMap<String, Value>, ) -> Principal

Create a principal with specific capabilities

Source

pub fn create_resource( &self, resource_type: ResourceType, action: Action, resource_id: Option<String>, attributes: HashMap<String, Value>, ) -> Resource

Create a resource for authorization checks

Source

pub async fn log_audit_event(&self, event: AuditEvent) -> Result<()>

Log an audit event

Source

pub async fn log_authentication( &self, user_id: Option<&str>, ip_address: Option<&str>, user_agent: Option<&str>, result: AuditResult, message: &str, ) -> Result<()>

Log authentication event

Source

pub async fn log_authorization( &self, user_id: &str, resource: &str, action: &str, result: AuditResult, ip_address: Option<&str>, ) -> Result<()>

Log authorization event

Source

pub async fn log_data_access( &self, user_id: &str, resource: &str, action: &str, result: AuditResult, metadata: HashMap<String, Value>, ) -> Result<()>

Log data access event

Source

pub async fn get_audit_events( &self, start_time: Option<DateTime<Utc>>, end_time: Option<DateTime<Utc>>, event_type: Option<&AuditEventType>, user_id: Option<&str>, limit: Option<usize>, ) -> Result<Vec<AuditEvent>>

Get audit events

Source

pub async fn get_audit_statistics(&self) -> Result<AuditStatistics>

Get audit statistics

Source

pub async fn cleanup_audit_events(&self) -> Result<usize>

Clean up old audit events

Source

pub fn setup_policy_service(&mut self, config: PolicyEngineConfig) -> Result<()>

Set up policy service with RBAC and ABAC

Source

pub fn set_policy_service(&mut self, policy_service: PolicyService)

Set policy service directly

Source

pub async fn check_access_policy( &self, principal_id: &str, resource_type: &ResourceType, resource_id: Option<&str>, action: &Action, ) -> Result<bool>

Check access permission using unified RBAC/ABAC policy engine

Source

pub async fn authorize_action( &self, principal_id: &str, resource_type: &ResourceType, resource_id: Option<&str>, action: &Action, ) -> Result<UnifiedPolicyDecision>

Authorize action with detailed policy decision

Source

pub fn add_role(&mut self, role: Role) -> Result<()>

Add RBAC role

Source

pub fn assign_role(&mut self, assignment: RoleAssignment) -> Result<()>

Assign role to principal

Source

pub fn add_policy(&mut self, policy: Policy) -> Result<()>

Add ABAC policy

Source

pub fn setup_common_policies(&mut self) -> Result<()>

Setup common roles and policies

Source

pub fn policy_service(&self) -> Option<&PolicyService>

Get policy service for advanced operations

Source

pub fn policy_service_mut(&mut self) -> Option<&mut PolicyService>

Get mutable policy service

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,