wae_authentication/jwt/
claims.rs

1//! JWT Claims 定义
2
3use chrono::{DateTime, Utc};
4use serde::{Deserialize, Serialize};
5use std::collections::HashMap;
6
7/// 标准 JWT Claims
8#[derive(Debug, Clone, Serialize, Deserialize)]
9pub struct JwtClaims {
10    /// 签发者 (iss)
11    #[serde(skip_serializing_if = "Option::is_none")]
12    pub iss: Option<String>,
13
14    /// 受众 (aud)
15    #[serde(skip_serializing_if = "Option::is_none")]
16    pub aud: Option<String>,
17
18    /// 主题 (sub) - 通常是用户 ID
19    pub sub: String,
20
21    /// JWT ID (jti) - 唯一标识符
22    #[serde(skip_serializing_if = "Option::is_none")]
23    pub jti: Option<String>,
24
25    /// 签发时间 (iat)
26    pub iat: i64,
27
28    /// 过期时间 (exp)
29    pub exp: i64,
30
31    /// 生效时间 (nbf)
32    #[serde(skip_serializing_if = "Option::is_none")]
33    pub nbf: Option<i64>,
34
35    /// 自定义声明
36    #[serde(flatten)]
37    pub custom: HashMap<String, serde_json::Value>,
38}
39
40impl JwtClaims {
41    /// 创建新的 Claims
42    ///
43    /// # Arguments
44    /// * `subject` - 主题，通常是用户 ID
45    /// * `expires_in_seconds` - 过期时间（秒）
46    pub fn new(subject: impl Into<String>, expires_in_seconds: i64) -> Self {
47        let now = Utc::now().timestamp();
48        Self {
49            iss: None,
50            aud: None,
51            sub: subject.into(),
52            jti: Some(uuid::Uuid::new_v4().to_string()),
53            iat: now,
54            exp: now + expires_in_seconds,
55            nbf: None,
56            custom: HashMap::new(),
57        }
58    }
59
60    /// 设置签发者
61    pub fn with_issuer(mut self, issuer: impl Into<String>) -> Self {
62        self.iss = Some(issuer.into());
63        self
64    }
65
66    /// 设置受众
67    pub fn with_audience(mut self, audience: impl Into<String>) -> Self {
68        self.aud = Some(audience.into());
69        self
70    }
71
72    /// 设置生效时间
73    pub fn with_not_before(mut self, nbf: i64) -> Self {
74        self.nbf = Some(nbf);
75        self
76    }
77
78    /// 添加自定义声明
79    pub fn with_custom_claim(mut self, key: impl Into<String>, value: serde_json::Value) -> Self {
80        self.custom.insert(key.into(), value);
81        self
82    }
83
84    /// 检查令牌是否已过期
85    pub fn is_expired(&self) -> bool {
86        Utc::now().timestamp() > self.exp
87    }
88
89    /// 检查令牌是否已生效
90    pub fn is_valid_now(&self) -> bool {
91        let now = Utc::now().timestamp();
92        if self.is_expired() {
93            return false;
94        }
95        if let Some(nbf) = self.nbf {
96            if now < nbf {
97                return false;
98            }
99        }
100        true
101    }
102
103    /// 获取过期时间作为 DateTime
104    pub fn expires_at(&self) -> DateTime<Utc> {
105        DateTime::from_timestamp(self.exp, 0).unwrap_or_default()
106    }
107
108    /// 获取签发时间作为 DateTime
109    pub fn issued_at(&self) -> DateTime<Utc> {
110        DateTime::from_timestamp(self.iat, 0).unwrap_or_default()
111    }
112}
113
114/// 访问令牌 Claims
115#[derive(Debug, Clone, Serialize, Deserialize)]
116pub struct AccessTokenClaims {
117    /// 用户 ID
118    pub user_id: String,
119
120    /// 用户名
121    #[serde(skip_serializing_if = "Option::is_none")]
122    pub username: Option<String>,
123
124    /// 角色
125    #[serde(skip_serializing_if = "Vec::is_empty")]
126    pub roles: Vec<String>,
127
128    /// 权限
129    #[serde(skip_serializing_if = "Vec::is_empty")]
130    pub permissions: Vec<String>,
131
132    /// 会话 ID
133    #[serde(skip_serializing_if = "Option::is_none")]
134    pub session_id: Option<String>,
135}
136
137impl AccessTokenClaims {
138    /// 创建新的访问令牌 Claims
139    pub fn new(user_id: impl Into<String>) -> Self {
140        Self { user_id: user_id.into(), username: None, roles: Vec::new(), permissions: Vec::new(), session_id: None }
141    }
142
143    /// 设置用户名
144    pub fn with_username(mut self, username: impl Into<String>) -> Self {
145        self.username = Some(username.into());
146        self
147    }
148
149    /// 设置角色
150    pub fn with_roles(mut self, roles: Vec<String>) -> Self {
151        self.roles = roles;
152        self
153    }
154
155    /// 设置权限
156    pub fn with_permissions(mut self, permissions: Vec<String>) -> Self {
157        self.permissions = permissions;
158        self
159    }
160
161    /// 设置会话 ID
162    pub fn with_session_id(mut self, session_id: impl Into<String>) -> Self {
163        self.session_id = Some(session_id.into());
164        self
165    }
166}
167
168/// 刷新令牌 Claims
169#[derive(Debug, Clone, Serialize, Deserialize)]
170pub struct RefreshTokenClaims {
171    /// 用户 ID
172    pub user_id: String,
173
174    /// 会话 ID
175    pub session_id: String,
176
177    /// 令牌版本（用于撤销）
178    pub version: u32,
179}
180
181impl RefreshTokenClaims {
182    /// 创建新的刷新令牌 Claims
183    pub fn new(user_id: impl Into<String>, session_id: impl Into<String>) -> Self {
184        Self { user_id: user_id.into(), session_id: session_id.into(), version: 0 }
185    }
186
187    /// 设置版本
188    pub fn with_version(mut self, version: u32) -> Self {
189        self.version = version;
190        self
191    }
192}
wae_authentication/jwt/claims.rs

wae_authentication/jwt/
claims.rs
