Skip to main content

modo/auth/role/
traits.rs

1use crate::Result;
2
3/// Resolves the caller's role for the current HTTP request.
4///
5/// Implement this trait on a concrete type (for example a struct that wraps a
6/// [`Database`](crate::db::Database) handle or session helper) and pass an
7/// instance to [`super::middleware()`]. The `parts` argument is mutable so
8/// implementations can call axum extractors such as
9/// [`Session::from_request_parts`](crate::auth::session::Session) or
10/// [`Bearer`](crate::auth::Bearer) internally.
11///
12/// This trait uses return-position `impl Trait` in traits (RPITIT) and is
13/// **not** object-safe. Always use it as a generic parameter bound, never as
14/// `dyn RoleExtractor` or behind `Box<dyn ...>`.
15pub trait RoleExtractor: Send + Sync + 'static {
16    /// Extracts the role string for the current request.
17    ///
18    /// Return an [`Error`](crate::Error) (for example
19    /// [`Error::unauthorized`](crate::Error::unauthorized) or
20    /// [`Error::forbidden`](crate::Error::forbidden)) to short-circuit the
21    /// request. The middleware converts the error into an HTTP response
22    /// immediately and does not call the inner service.
23    fn extract(
24        &self,
25        parts: &mut http::request::Parts,
26    ) -> impl Future<Output = Result<String>> + Send;
27}