Expand description
Signed-cookie session primitives — HMAC-SHA256 key wrapper +
sign(secret, msg) helper. Shared by every layer that ships a
signed cookie ([tenancy::session], admin::session) so the
crypto lives in one place. See session::SessionSecret.
Compiled when either the admin or tenancy feature is on —
both bring in the underlying HMAC + base64 crates as transitive
deps. Bare-ORM builds (default-features = false without admin
/ tenancy) skip the module entirely.
Signed-cookie session primitives — HMAC-SHA256 key wrapper, sign,
and verify helpers shared across the framework.
This module deliberately holds only the crypto primitive + key
management, never payload shape. Layers above (tenancy::session
for operator/tenant cookies, admin::session for the bare-admin
session cookie, …) define their own payload structs and call into
[sign] to produce the MAC. That way two layers can share one
signing key safely — they just need distinct cookie names + payload
shapes so neither layer accidentally decodes the other’s cookie.
Lives at the crate root (not under any feature flag) so the bare
admin module can use the same primitives even when the tenancy
feature is off — closes the duplication concern raised in #253.
Structs§
- Session
Secret - Server-held signing key. Wrap
Vec<u8>so callers can’t accidentally print it.Cloneis opt-in so the same secret can be shared across layers that use distinct cookie names + payload shapes (e.g. tenancy operator + tenancy tenant + bare admin — three layers, one key, three independent cookies).
Enums§
- Session
Secret Error - Error returned by
SessionSecret::try_from_envwhen theRUSTANGO_SESSION_SECRETenv var is set but the value isn’t a valid signing key. Used by production boot paths that prefer to fail loudly over silently downgrading to an ephemeral random key.
Functions§
- sign
- HMAC-SHA256(secret, msg), truncated to 32 bytes. The shared MAC primitive every signed-cookie layer in the framework calls into.