Skip to main content

ApiKeyStore

modo::auth::apikey

Struct ApiKeyStore 

Source 
pub struct ApiKeyStore(/* private fields */);
Expand description

Tenant-scoped API key store.

Handles key generation, SHA-256 hashing, constant-time verification, touch throttling, and delegates storage to the backend. Cheap to clone (wraps Arc).

§Example

use modo::auth::apikey::{ApiKeyConfig, ApiKeyStore};

let store = ApiKeyStore::new(db, ApiKeyConfig::default()).unwrap();

Implementations§

Source§

impl ApiKeyStore

Source

pub fn new(db: Database, config: ApiKeyConfig) -> Result<Self>

Create from the built-in SQLite backend.

Validates config at construction — fails fast on invalid prefix or secret length.

§Errors

Returns an error if ApiKeyConfig::validate fails.

Source

pub fn from_backend( backend: Arc<dyn ApiKeyBackend>, config: ApiKeyConfig, ) -> Result<Self>

Create from a custom backend.

Validates config at construction.

§Errors

Returns an error if ApiKeyConfig::validate fails.

Source

pub async fn create(&self, req: &CreateKeyRequest) -> Result<ApiKeyCreated>

Create a new API key. Returns the raw token (shown once).

§Errors

Returns bad_request if tenant_id or name is empty, or if expires_at is not a valid RFC 3339 timestamp. Propagates backend storage errors.

Source

pub async fn verify(&self, raw_token: &str) -> Result<ApiKeyMeta>

Verify a raw token. Returns metadata if valid.

All failure cases return the same generic unauthorized error to prevent enumeration.

§Errors

Returns unauthorized if the token is malformed, not found, revoked, expired, or the hash does not match. Propagates backend lookup errors.

Source

pub async fn revoke(&self, key_id: &str) -> Result<()>

Revoke a key by ID.

§Errors

Returns not_found if no key with the given ID exists. Propagates backend errors.

Source

pub async fn list(&self, tenant_id: &str) -> Result<Vec<ApiKeyMeta>>

List all active keys for a tenant (no secrets).

§Errors

Propagates backend errors.

Source

pub async fn refresh( &self, key_id: &str, expires_at: Option<&str>, ) -> Result<()>

Update expires_at (refresh/extend a key).

§Errors

Returns bad_request if expires_at is not a valid RFC 3339 timestamp. Returns not_found if no key with the given ID exists. Propagates backend errors.

Trait Implementations§

Source§

impl Clone for ApiKeyStore

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more