Skip to main content

wae_authentication/jwt/
config.rs

1//! JWT 配置模块
2
3use std::time::Duration;
4
5/// JWT 签名算法
6#[derive(Debug, Clone, Copy, PartialEq, Eq)]
7pub enum JwtAlgorithm {
8    /// HMAC SHA-256
9    HS256,
10    /// HMAC SHA-384
11    HS384,
12    /// HMAC SHA-512
13    HS512,
14    /// RSASSA-PKCS1-v1_5 SHA-256 (not implemented)
15    RS256,
16    /// RSASSA-PKCS1-v1_5 SHA-384 (not implemented)
17    RS384,
18    /// RSASSA-PKCS1-v1_5 SHA-512 (not implemented)
19    RS512,
20    /// ECDSA SHA-256 (not implemented)
21    ES256,
22    /// ECDSA SHA-384 (not implemented)
23    ES384,
24}
25
26impl Default for JwtAlgorithm {
27    fn default() -> Self {
28        Self::HS256
29    }
30}
31
32/// JWT 配置
33#[derive(Debug, Clone)]
34pub struct JwtConfig {
35    /// 签名密钥
36    pub secret: String,
37
38    /// 签名算法
39    pub algorithm: JwtAlgorithm,
40
41    /// 签发者
42    pub issuer: Option<String>,
43
44    /// 受众
45    pub audience: Option<String>,
46
47    /// 访问令牌有效期
48    pub access_token_ttl: Duration,
49
50    /// 刷新令牌有效期
51    pub refresh_token_ttl: Duration,
52
53    /// 是否验证签发者
54    pub validate_issuer: bool,
55
56    /// 是否验证受众
57    pub validate_audience: bool,
58
59    /// 时钟偏移容忍度(秒)
60    pub leeway_seconds: i64,
61}
62
63impl JwtConfig {
64    /// 创建新的 JWT 配置
65    ///
66    /// # Arguments
67    /// * `secret` - 签名密钥
68    pub fn new(secret: impl Into<String>) -> Self {
69        Self {
70            secret: secret.into(),
71            algorithm: JwtAlgorithm::HS256,
72            issuer: None,
73            audience: None,
74            access_token_ttl: Duration::from_secs(3600),
75            refresh_token_ttl: Duration::from_secs(86400 * 7),
76            validate_issuer: false,
77            validate_audience: false,
78            leeway_seconds: 60,
79        }
80    }
81
82    /// 设置签名算法
83    pub fn with_algorithm(mut self, algorithm: JwtAlgorithm) -> Self {
84        self.algorithm = algorithm;
85        self
86    }
87
88    /// 设置签发者
89    pub fn with_issuer(mut self, issuer: impl Into<String>) -> Self {
90        self.issuer = Some(issuer.into());
91        self.validate_issuer = true;
92        self
93    }
94
95    /// 设置受众
96    pub fn with_audience(mut self, audience: impl Into<String>) -> Self {
97        self.audience = Some(audience.into());
98        self.validate_audience = true;
99        self
100    }
101
102    /// 设置访问令牌有效期
103    pub fn with_access_token_ttl(mut self, ttl: Duration) -> Self {
104        self.access_token_ttl = ttl;
105        self
106    }
107
108    /// 设置刷新令牌有效期
109    pub fn with_refresh_token_ttl(mut self, ttl: Duration) -> Self {
110        self.refresh_token_ttl = ttl;
111        self
112    }
113
114    /// 设置时钟偏移容忍度
115    pub fn with_leeway(mut self, seconds: i64) -> Self {
116        self.leeway_seconds = seconds;
117        self
118    }
119
120    /// 获取访问令牌过期时间(秒)
121    pub fn access_token_expires_in(&self) -> i64 {
122        self.access_token_ttl.as_secs() as i64
123    }
124
125    /// 获取刷新令牌过期时间(秒)
126    pub fn refresh_token_expires_in(&self) -> i64 {
127        self.refresh_token_ttl.as_secs() as i64
128    }
129}
130
131impl Default for JwtConfig {
132    fn default() -> Self {
133        Self::new("default-secret-key-please-change-in-production")
134    }
135}
136
137/// JWT 验证选项
138#[derive(Debug, Clone)]
139pub struct JwtValidation {
140    /// 是否验证签名
141    pub validate_signature: bool,
142
143    /// 是否验证过期时间
144    pub validate_exp: bool,
145
146    /// 是否验证生效时间
147    pub validate_nbf: bool,
148
149    /// 是否验证签发者
150    pub validate_iss: bool,
151
152    /// 是否验证受众
153    pub validate_aud: bool,
154
155    /// 时钟偏移容忍度
156    pub leeway: i64,
157}
158
159impl Default for JwtValidation {
160    fn default() -> Self {
161        Self {
162            validate_signature: true,
163            validate_exp: true,
164            validate_nbf: true,
165            validate_iss: false,
166            validate_aud: false,
167            leeway: 60,
168        }
169    }
170}
171
172impl JwtValidation {
173    /// 创建新的验证选项
174    pub fn new() -> Self {
175        Self::default()
176    }
177
178    /// 设置是否验证签发者
179    pub fn with_issuer_validation(mut self, validate: bool) -> Self {
180        self.validate_iss = validate;
181        self
182    }
183
184    /// 设置是否验证受众
185    pub fn with_audience_validation(mut self, validate: bool) -> Self {
186        self.validate_aud = validate;
187        self
188    }
189
190    /// 设置时钟偏移容忍度
191    pub fn with_leeway(mut self, seconds: i64) -> Self {
192        self.leeway = seconds;
193        self
194    }
195}