Expand description
Database-backed user authentication for Starpod.
This crate provides per-user API keys (argon2id-hashed), Telegram account
linking, role-based access control (admin/user), in-memory rate limiting,
and an audit log — all backed by a shared SQLite database (core.db).
§Key concepts
- Users are identified by UUID and can be admin or regular users.
- API keys follow the format
sp_live_+ 40 hex chars. Only the argon2id hash is stored; the plaintext is returned once at creation. - Telegram links map a Telegram user ID to a database user for bot authentication.
- Bootstrap creates the first admin user on an empty database and
optionally imports a legacy
STARPOD_API_KEYfor backward compatibility.
§Usage
use starpod_auth::{AuthStore, Role};
use starpod_db::CoreDb;
let db = CoreDb::new(std::path::Path::new(".starpod/db")).await?;
let store = AuthStore::from_pool(db.pool().clone());
let user = store.create_user(None, Some("Alice"), Role::User).await?;
let key = store.create_api_key(&user.id, Some("web")).await?;
// key.key is the plaintext — show it once, then discard
let authed = store.authenticate_api_key(&key.key).await?;
assert!(authed.is_some());Re-exports§
pub use rate_limit::RateLimiter;pub use types::*;
Modules§
- api_key
- API key generation, hashing, and verification.
- rate_
limit - In-memory sliding-window rate limiter.
- types
- Core types for the authentication system.
Structs§
- Auth
Store - Database-backed authentication store.