writium_auth/auth.rs
1use writium::prelude::*;
2
3/// An authority is who recognizes a remote and decides whether it is capable of
4/// accessing to certain resources and taking certain actions, using information
5/// provided in its request sent.
6/// It is hightly recommended to let an authority to manage privilege for
7/// unsafe HTTP methods, i.e., DELETE, PATCH and PUT.
8///
9/// # Authentication and Authorization
10///
11/// Authentication is the process the authority extract credential from a
12/// request, match the credential with an corresponding identity, and map the
13/// identity into an internal representation.
14///
15/// Authorization is the process the authority check whether the inquired
16/// priviledge is available for an identity.
17///
18/// Authentication could be a part of the authorization process.
19///
20/// The separation is not forced here because the use of `future` as result,
21/// because it is awful when we have to borrow `self` in future calls.
22pub trait Authority: 'static + Send + Sync {
23 /// A value denoting the privilege the system withholds. Generally, an enum
24 /// or a string namespaced by dot (`.`) is used.
25 type Privilege: 'static;
26 /// Decides whether the identity is capable of being granted with the
27 /// inquired privilege.
28 /// An implementation SHOULD use the mapped identity and check if the
29 /// inquired privilege is available for it. A remote process can be
30 /// involved.
31 fn authorize(&self, pr: Self::Privilege, req: &Request) -> Result<()>;
32}