Struct kvarn_auth::Builder

source ·
pub struct Builder { /* private fields */ }
Expand description

You can use multiple authentication setups on a single site, but make sure that the respective Builder::with_cookie_paths do not overlap. You MUST set with_cookie_path to use more than 1 auth setup.

Implementations§

source§

impl Builder

source

pub fn new() -> Self

Create a new builder. Use Self::build or Self::build_validate to get a Config.

source

pub fn with_auth_page_name(self, auth_page_name: impl Into<String>) -> Self

Sets the URL endpoint where your frontend authenticates to.

source

pub fn with_lax_samesite(self) -> Self

Decrease security and protection against CSRF but allow users to follow links to auth-protected pages from other sites. This sets the SameSite property of the cookie to lax.

source

pub fn with_relaxed_httponly(self) -> Self

Decrease security and protection against XSS but allow the JavaScript to read the cookie, which allows the client to get the logged in status. It’s highly recommended to enable Builder::with_force_relog_on_ip_change when this is enabled, as that negates any credential theft, as the credentials are bound to an IP.

This disables the usual setting of the HttpOnly cookie property. This does not affect the credentials cookie. That will never be served without HttpOnly.

source

pub fn with_force_relog_on_ip_change(self) -> Self

Forces relogging by the user when they change IPs. This can protect users from getting their cookies scraped by malware, as the authentication is IP dependant.

Sets the name of the JWT cookie. This is the cookie that authorizes the user.

Panics

Panics if jwt_cookie_name contains illegal bytes for a header value.

Sets the name of the credentials cookie. This is the cookie that stores the user’s credentials to allow renewal of the JWT cookie without requiring the user to input credentials. It is encrypted with the server’s PK.

Panics

Panics if credentials_cookie_name contains illegal bytes for a header value.

Sets the path of all the cookies. Set this to avoid slowing down other pages on your server, as Kvarn will try to renew the JWT on every page by default. By setting this to only your protected pages, the JWT cookie is only sent there. Kvarn thinks the user isn’t logged in on other pages, reducing the work it has to do.

This is also useful if you want to have multiple authentication systems on a single host.

Panics

Panics if cookie_path contains illegal bytes for a header value.

source

pub fn with_show_auth_page_when_unauthorized( self, auth_page: impl Into<String> ) -> Self

Show this page when the user isn’t logged in.

This guarantees nobody can view any pages which starts with Self::with_cookie_path without being logged in.

Please also specify Self::with_cookie_path, as else auth_page will be shown instead of every other page when not logged in.

Panics

Panics if show_auth_page_when_unauthorized cannot be converted into a [kvarn::prelude::HeaderValue]. [kvarn::prelude::Uri].

source

pub fn with_jwt_validity(self, valid_for: Duration) -> Self

Makes all JWTs valid for the duration of valid_for. After that, the JWT is automatically refreshed from the securely stored credentials.

Makes the credentials cookie valid for the duration of valid_for. If this is a year, the user doesn’t have to relog in a year.

source

pub fn with_ip_from_header(self) -> Self

Reads the IP from the header x-real-ip instead of the connection IP. This is useful if the authentication is behind a reverse proxy.

source

pub fn build<T: Serialize + DeserializeOwned + Send + Sync, F: Fn(&str, &str, SocketAddr, &FatRequest) -> Fut + Send + Sync, Fut: Future<Output = Validation<T>> + Send + Sync>( self, is_allowed: F, pk: CryptoAlgo ) -> Arc<Config<T, F, Fut>>

Build these settings into a Config, which you then use for validation.

source

pub fn build_validate( self, validation_key: ValidationAlgo ) -> Arc<Config<(), fn(_: &str, _: &str, _: SocketAddr, _: &FatRequest) -> Pending<Validation<()>>, Pending<Validation<()>>>>

Available on crate features rsa or ecdsa only.

Build these settings into a Config built for validation. See the module-level documentation for more info.

Trait Implementations§

source§

impl Debug for Builder

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for Builder

source§

fn default() -> Builder

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize = mem::align_of::<T>()

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V