pulseengine_mcp_auth/
lib.rs

1//! Authentication and authorization framework for MCP servers
2//!
3//! This crate provides secure authentication mechanisms for MCP servers including:
4//! - API key management with roles and permissions
5//! - Token-based authentication with expiration
6//! - IP whitelisting and rate limiting
7//! - Multiple storage backends (file, environment, database)
8//!
9//! # Quick Start
10//!
11//! ```rust,no_run
12//! use pulseengine_mcp_auth::{AuthenticationManager, AuthConfig, Role};
13//!
14//! #[tokio::main]
15//! async fn main() -> Result<(), Box<dyn std::error::Error>> {
16//!     // Create authentication manager
17//!     let config = AuthConfig::default();
18//!     let mut auth_manager = AuthenticationManager::new(config).await?;
19//!
20//!     // Create API key for admin user
21//!     let api_key = auth_manager.create_api_key(
22//!         "admin-key".to_string(),
23//!         Role::Admin,
24//!         None, // No expiration
25//!         Some(vec!["192.168.1.0/24".to_string()]) // IP whitelist
26//!     ).await?;
27//!
28//!     println!("Created API key: {}", api_key.key);
29//!
30//!     // Validate API key in request handler
31//!     let is_valid = auth_manager.validate_api_key(&api_key.key).await?;
32//!     println!("Key is valid: {}", is_valid.is_some());
33//!
34//!     Ok(())
35//! }
36//! ```
37//!
38//! # Features
39//!
40//! - **Role-based access control**: Admin, Operator, ReadOnly roles
41//! - **Secure key generation**: Cryptographically secure random keys
42//! - **Flexible storage**: File-based, environment variables, or custom backends
43//! - **IP restrictions**: Optional IP whitelisting per key
44//! - **Audit logging**: Track key usage and authentication events
45//! - **Production ready**: Used in real-world deployments
46
47pub mod config;
48pub mod manager;
49pub mod models;
50pub mod storage;
51
52// Re-export main types
53pub use config::AuthConfig;
54pub use manager::AuthenticationManager;
55pub use models::{ApiKey, AuthContext, AuthResult, Role};
56pub use storage::{EnvironmentStorage, FileStorage, StorageBackend};
57
58/// Initialize default authentication configuration
59pub fn default_config() -> AuthConfig {
60    AuthConfig::default()
61}
62
63/// Create an authentication manager with default configuration
64pub async fn create_auth_manager() -> Result<AuthenticationManager, crate::manager::AuthError> {
65    AuthenticationManager::new(default_config()).await
66}