rusty_common/auth/

jwt.rs

//! JWT utilities for authentication

use crate::{CommonError, Result, SmartString};
use jsonwebtoken::{Algorithm, EncodingKey, Header};
use serde::{Deserialize, Serialize};

/// JWT Claims structure
#[derive(Debug, Serialize, Deserialize)]
pub struct JwtClaims {
    /// The access key for the API.
    pub access_key: SmartString,
    /// A unique nonce for the request.
    pub nonce: SmartString,
    /// The hash of the query string, if applicable.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub query_hash: Option<SmartString>,
    /// The hash of the request body, if applicable.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub body_hash: Option<SmartString>,
    /// The expiration time for the token.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub exp: Option<i64>,
}

impl JwtClaims {
    /// Create new JWT claims with access key
    #[must_use]
    pub fn new(access_key: SmartString) -> Self {
        Self {
            access_key,
            nonce: uuid::Uuid::new_v4().to_string().into(),
            query_hash: None,
            body_hash: None,
            exp: None,
        }
    }

    /// Set query hash
    #[must_use]
    pub fn with_query_hash(mut self, query_hash: SmartString) -> Self {
        self.query_hash = Some(query_hash);
        self
    }

    /// Set body hash
    #[must_use]
    pub fn with_body_hash(mut self, body_hash: SmartString) -> Self {
        self.body_hash = Some(body_hash);
        self
    }
}

/// Generate JWT token with HS256 algorithm
pub fn generate_jwt_hs256(claims: &JwtClaims, secret: &str) -> Result<SmartString> {
    let header = Header::new(Algorithm::HS256);
    let encoding_key = EncodingKey::from_secret(secret.as_ref());

    jsonwebtoken::encode(&header, claims, &encoding_key)
        .map(|s| s.into())
        .map_err(|e| CommonError::Auth(format!("JWT encoding error: {e}").into()))
}