libauth_rs/

types.rs

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

pub type Token = String;

/// Client enum that wraps different HTTP/SDK client types
/// This allows each provider to expose its native client while maintaining trait object safety
#[derive(Clone)]
pub enum Client {
    /// Standard reqwest HTTP client (used by Clerk, MSAL, etc.)
    Reqwest(reqwest::Client),
    /// Stytch SDK client for advanced Stytch operations
    #[cfg(feature = "stytch")]
    Stytch(std::sync::Arc<stytch::client::Client>),
}

impl Client {
    /// Try to get the reqwest::Client if this is a Reqwest variant
    pub fn as_reqwest(&self) -> Option<&reqwest::Client> {
        match self {
            Client::Reqwest(client) => Some(client),
            #[cfg(feature = "stytch")]
            _ => None,
        }
    }

    /// Try to get the Stytch client if this is a Stytch variant
    #[cfg(feature = "stytch")]
    pub fn as_stytch(&self) -> Option<&stytch::client::Client> {
        match self {
            Client::Stytch(client) => Some(client.as_ref()),
            _ => None,
        }
    }
}

impl std::fmt::Debug for Client {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Client::Reqwest(_) => f.debug_tuple("Client::Reqwest").finish(),
            #[cfg(feature = "stytch")]
            Client::Stytch(_) => f.debug_tuple("Client::Stytch").finish(),
        }
    }
}

/// Authentication provider types
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum AuthProvider {
    #[cfg(feature = "clerk")]
    Clerk,
    #[cfg(feature = "stytch")]
    Stytch,
    #[cfg(feature = "msal")]
    Msal,
    Anonymous,
}

impl std::fmt::Display for AuthProvider {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            #[cfg(feature = "clerk")]
            AuthProvider::Clerk => write!(f, "clerk"),
            #[cfg(feature = "stytch")]
            AuthProvider::Stytch => write!(f, "stytch"),
            #[cfg(feature = "msal")]
            AuthProvider::Msal => write!(f, "msal"),
            AuthProvider::Anonymous => write!(f, "anonymous"),
        }
    }
}

/// Token type enumeration
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum TokenType {
    /// Bearer tokens (typically JWTs for OAuth, M2M, etc.)
    Bearer,
    /// Session tokens (opaque tokens like stytch_session_*)
    Session,
    /// Custom token type
    Custom(String),
}

/// Authentication token wrapper
#[derive(Debug, Clone)]
pub struct AuthToken {
    pub token: String,
    pub token_type: TokenType,
}

impl AuthToken {
    /// Create a new Bearer token
    pub fn bearer(token: impl Into<String>) -> Self {
        Self {
            token: token.into(),
            token_type: TokenType::Bearer,
        }
    }

    /// Create a new Session token
    pub fn session(token: impl Into<String>) -> Self {
        Self {
            token: token.into(),
            token_type: TokenType::Session,
        }
    }

    /// Create a new Custom token
    pub fn custom(token: impl Into<String>, custom_type: impl Into<String>) -> Self {
        Self {
            token: token.into(),
            token_type: TokenType::Custom(custom_type.into()),
        }
    }

    /// Parse from Authorization header value
    pub fn from_auth_header(header: &str) -> Option<Self> {
        let parts: Vec<&str> = header.splitn(2, ' ').collect();
        if parts.len() != 2 {
            return None;
        }

        let token_type = match parts[0].to_lowercase().as_str() {
            "bearer" => TokenType::Bearer,
            "session" => TokenType::Session,
            other => TokenType::Custom(other.to_string()),
        };

        Some(Self {
            token: parts[1].to_string(),
            token_type,
        })
    }
}

/// User context containing authentication and profile information
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UserContext {
    pub user_id: String,
    pub email: Option<String>,
    pub name: Option<String>,
    pub provider: AuthProvider,
    pub session_id: Option<String>,
    pub expires_at: Option<DateTime<Utc>>,
    pub metadata: HashMap<String, serde_json::Value>,
}

impl UserContext {
    /// Create a new user context
    pub fn new(user_id: impl Into<String>, provider: AuthProvider) -> Self {
        Self {
            user_id: user_id.into(),
            email: None,
            name: None,
            provider,
            session_id: None,
            expires_at: None,
            metadata: HashMap::new(),
        }
    }

    /// Create an anonymous user context
    pub fn anonymous() -> Self {
        Self::new("anonymous", AuthProvider::Anonymous)
    }

    /// Check if the user is authenticated (not anonymous)
    pub fn is_authenticated(&self) -> bool {
        self.provider != AuthProvider::Anonymous
            && !self.user_id.is_empty()
            && self.user_id != "anonymous"
    }

    /// Check if the session has expired
    pub fn is_expired(&self) -> bool {
        if let Some(expires_at) = self.expires_at {
            expires_at < Utc::now()
        } else {
            false
        }
    }

    /// Add metadata to the user context
    pub fn with_metadata(mut self, key: impl Into<String>, value: serde_json::Value) -> Self {
        self.metadata.insert(key.into(), value);
        self
    }

    /// Get metadata value
    pub fn get_metadata(&self, key: &str) -> Option<&serde_json::Value> {
        self.metadata.get(key)
    }

    /// Set email
    pub fn with_email(mut self, email: impl Into<String>) -> Self {
        self.email = Some(email.into());
        self
    }

    /// Set name
    pub fn with_name(mut self, name: impl Into<String>) -> Self {
        self.name = Some(name.into());
        self
    }

    /// Set session ID
    pub fn with_session_id(mut self, session_id: impl Into<String>) -> Self {
        self.session_id = Some(session_id.into());
        self
    }

    /// Set expiration time
    pub fn with_expiration(mut self, expires_at: DateTime<Utc>) -> Self {
        self.expires_at = Some(expires_at);
        self
    }

    /// Check if user has a specific role
    pub fn has_role(&self, role: &str) -> bool {
        self.metadata
            .get(&format!("role_{}", role))
            .and_then(|v| v.as_bool())
            .unwrap_or(false)
    }

    /// Get all user roles
    pub fn get_roles(&self) -> Vec<String> {
        self.metadata
            .iter()
            .filter_map(|(key, value)| {
                if key.starts_with("role_") && value.as_bool().unwrap_or(false) {
                    Some(key[5..].to_string()) // Remove "role_" prefix
                } else {
                    None
                }
            })
            .collect()
    }

    /// Add a role to the user
    pub fn add_role(&mut self, role: &str) {
        self.metadata
            .insert(format!("role_{}", role), serde_json::Value::Bool(true));
    }

    /// Remove a role from the user
    pub fn remove_role(&mut self, role: &str) {
        self.metadata.remove(&format!("role_{}", role));
    }

    /// Check if user has a specific permission
    pub fn has_permission(&self, permission: &str) -> bool {
        self.metadata
            .get(&format!("permission_{}", permission))
            .and_then(|v| v.as_bool())
            .unwrap_or(false)
    }

    /// Add a permission to the user
    pub fn add_permission(&mut self, permission: &str) {
        self.metadata.insert(
            format!("permission_{}", permission),
            serde_json::Value::Bool(true),
        );
    }

    /// Remove a permission from the user
    pub fn remove_permission(&mut self, permission: &str) {
        self.metadata.remove(&format!("permission_{}", permission));
    }

    /// Get organization/tenant ID if available
    pub fn organization_id(&self) -> Option<&str> {
        self.metadata
            .get("organization_id")
            .or_else(|| self.metadata.get("org_id"))
            .or_else(|| self.metadata.get("tenant_id"))
            .and_then(|v| v.as_str())
    }

    /// Set organization/tenant ID
    pub fn with_organization_id(mut self, org_id: impl Into<String>) -> Self {
        self.metadata.insert(
            "organization_id".to_string(),
            serde_json::Value::String(org_id.into()),
        );
        self
    }
}

/// Token information extracted from JWT without verification
#[cfg(feature = "authentication")]
#[derive(Debug, Clone)]
pub struct TokenInfo {
    pub header: serde_json::Value,
    pub payload: serde_json::Value,
    pub provider: Option<AuthProvider>,
}

#[cfg(feature = "authentication")]
impl TokenInfo {
    /// Get issuer from token payload
    pub fn issuer(&self) -> Option<&str> {
        self.payload.get("iss").and_then(|v| v.as_str())
    }

    /// Get audience from token payload
    pub fn audience(&self) -> Option<&str> {
        self.payload.get("aud").and_then(|v| v.as_str())
    }

    /// Get subject (user ID) from token payload
    pub fn subject(&self) -> Option<&str> {
        self.payload.get("sub").and_then(|v| v.as_str())
    }

    /// Get expiration timestamp from token payload
    pub fn expires_at(&self) -> Option<i64> {
        self.payload.get("exp").and_then(|v| v.as_i64())
    }

    /// Check if token has expired (based on exp claim)
    pub fn is_expired(&self) -> bool {
        if let Some(exp) = self.expires_at() {
            let now = std::time::SystemTime::now()
                .duration_since(std::time::UNIX_EPOCH)
                .unwrap()
                .as_secs() as i64;
            exp < now
        } else {
            false
        }
    }

    /// Get algorithm from token header
    pub fn algorithm(&self) -> Option<&str> {
        self.header.get("alg").and_then(|v| v.as_str())
    }

    /// Get token type from header
    pub fn token_type(&self) -> Option<&str> {
        self.header.get("typ").and_then(|v| v.as_str())
    }
}