DMSCJWTManager

dmsc::auth

Struct DMSCJWTManager 

Source 
pub struct DMSCJWTManager { /* private fields */ }
Expand description

Core JWT management structure.

The DMSCJWTManager handles all JWT-related operations including token generation, validation, and secret key management. It uses the HS256 (HMAC SHA-256) algorithm for signing tokens.

§Thread Safety

This structure is designed to be shared across threads when wrapped in an Arc. All methods are stateless regarding the token content and only read the configuration (secret and expiry).

§Algorithm

Uses HMAC-SHA256 (HS256) for token signing. This symmetric algorithm uses the same secret key for both signing and verification.

§Performance

Token generation and validation are designed to be fast operations. The encoding/decoding operations are primarily CPU-bound due to the HMAC computation.

Implementations§

Source§

impl DMSCJWTManager

Source

pub fn new(secret: String, expiry_secs: u64) -> Self

Creates a new JWT manager with the specified secret and expiry time.

This constructor is used for Python bindings and creates a JWT manager that can generate and validate tokens with the given configuration.

§Parameters
  • secret: The secret key used for signing and verifying JWT tokens
  • expiry_secs: The default expiry time in seconds for generated tokens
§Returns

A new instance of DMSCJWTManager

Source

pub fn py_generate_token( &self, user_id: &str, roles: Vec<String>, permissions: Vec<String>, ) -> Result<String, DMSCError>

Generates a new JWT token for the specified user with roles and permissions.

§Parameters
  • user_id: The unique identifier of the user (subject claim)
  • roles: A list of role identifiers assigned to the user
  • permissions: A list of permission identifiers granted to the user
§Returns

The encoded JWT token string

Source

pub fn py_validate_token(&self, token: &str) -> Result<DMSCJWTClaims, DMSCError>

Validates a JWT token and returns the decoded claims.

§Parameters
  • token: The JWT token string to validate
§Returns

The decoded DMSCJWTClaims if validation succeeds

Source

pub fn py_get_token_expiry(&self) -> u64

Returns the default token expiry time in seconds.

Source§

impl DMSCJWTManager

Source

pub fn create(secret: String, expiry_secs: u64) -> Self

Creates a new JWT manager with the specified secret and expiry time.

This is the primary constructor for creating a JWT manager. It initializes the manager with a secret key and default token expiry time. The secret key is used for both signing new tokens and validating existing ones.

§Performance

This constructor pre-computes the encoding and decoding keys for optimal performance during token generation and validation operations.

§Parameters
  • secret: The secret key used for signing and verifying JWT tokens
  • expiry_secs: The default expiry time in seconds for generated tokens
§Returns

A new instance of DMSCJWTManager

§Examples
use dmsc::auth::jwt::DMSCJWTManager;

let manager = DMSCJWTManager::create(
    "your-secret-key".to_string(),
    3600  // 1 hour expiry
);
Source

pub fn generate_token( &self, user_id: &str, roles: Vec<String>, permissions: Vec<String>, ) -> Result<String, DMSCError>

Generates a new JWT token for the specified user with roles and permissions.

This method creates a signed JWT token containing the user’s subject identifier, assigned roles, and permissions. The token is signed using HMAC-SHA256 algorithm.

§Token Claims

The generated token includes the following claims:

  • sub: The user identifier
  • exp: Expiration time (current time + expiry_secs)
  • iat: Issued at time (current time)
  • roles: List of role identifiers
  • permissions: List of permission identifiers
§Parameters
  • user_id: The unique identifier of the user (subject claim)
  • roles: A vector of role identifiers assigned to the user
  • permissions: A vector of permission identifiers granted to the user
§Returns

A Result containing the encoded JWT token string, or a DMSCError if encoding fails

§Examples
use dmsc::auth::jwt::DMSCJWTManager;

let manager = DMSCJWTManager::create("secret".to_string(), 3600);

let token = manager.generate_token(
    "user123",
    vec!["admin".to_string()],
    vec!["read:data".to_string(), "write:data".to_string()]
);

match token {
    Ok(t) => println!("Generated token: {}", t),
    Err(e) => println!("Failed to generate token: {:?}", e),
}
Source

pub fn validate_token(&self, token: &str) -> Result<DMSCJWTClaims, DMSCError>

Validates a JWT token and returns the decoded claims.

This method verifies the token’s signature and decodes the claims payload. It validates the token structure and signature using the configured secret key.

§Validation Performed
  • Verifies the token signature using HMAC-SHA256
  • Validates the token structure (header, payload, signature)
  • Checks token expiration if validation is enabled
§Parameters
  • token: The JWT token string to validate
§Returns

A Result containing the decoded DMSCJWTClaims if validation succeeds, or a DMSCError if validation fails (invalid signature, expired token, etc.)

§Examples
use dmsc::auth::jwt::DMSCJWTManager;

let manager = DMSCJWTManager::create("secret".to_string(), 3600);

// First generate a token
let token = manager.generate_token("user123", vec![], vec![]).unwrap();

// Then validate it
let claims = manager.validate_token(&token);

match claims {
    Ok(c) => println!("User: {}, Roles: {:?}", c.sub, c.roles),
    Err(e) => println!("Invalid token: {:?}", e),
}
Source

pub fn get_token_expiry(&self) -> u64

Returns the default token expiry time in seconds.

This method returns the configured default expiry time that is used when generating new tokens.

§Returns

The default token expiry time in seconds

Source

pub fn get_secret(&self) -> &str

Returns a reference to the secret key.

This method provides read-only access to the configured secret key. The secret key is used for both signing and verifying tokens.

§Returns

A string slice reference to the secret key

§Security Note

Be cautious when exposing the secret key. In production, the secret should be stored securely and never logged or exposed to unauthorized parties.

Trait Implementations§

Source§

impl<'py> IntoPyObject<'py> for DMSCJWTManager

Source§

type Target = DMSCJWTManager

The Python output type
Source§

type Output = Bound<'py, <DMSCJWTManager as IntoPyObject<'py>>::Target>

The smart pointer type to use. Read more
Source§

type Error = PyErr

The type returned in the event of a conversion error.
Source§

fn into_pyobject( self, py: Python<'py>, ) -> Result<<Self as IntoPyObject<'_>>::Output, <Self as IntoPyObject<'_>>::Error>

Performs the conversion.
Source§

impl PyClass for DMSCJWTManager

Source§

type Frozen = False

Whether the pyclass is frozen. Read more
Source§

impl PyClassImpl for DMSCJWTManager

Source§

const IS_BASETYPE: bool = false

#[pyclass(subclass)]
Source§

const IS_SUBCLASS: bool = false

#[pyclass(extends=…)]
Source§

const IS_MAPPING: bool = false

#[pyclass(mapping)]
Source§

const IS_SEQUENCE: bool = false

#[pyclass(sequence)]
Source§

const IS_IMMUTABLE_TYPE: bool = false

#[pyclass(immutable_type)]
Source§

const RAW_DOC: &'static CStr = c"Core JWT management structure.\n\nThe `DMSCJWTManager` handles all JWT-related operations including token\ngeneration, validation, and secret key management. It uses the HS256\n(HMAC SHA-256) algorithm for signing tokens.\n\n## Thread Safety\n\nThis structure is designed to be shared across threads when wrapped in\nan Arc. All methods are stateless regarding the token content and only\nread the configuration (secret and expiry).\n\n## Algorithm\n\nUses HMAC-SHA256 (HS256) for token signing. This symmetric algorithm\nuses the same secret key for both signing and verification.\n\n## Performance\n\nToken generation and validation are designed to be fast operations.\nThe encoding/decoding operations are primarily CPU-bound due to the\nHMAC computation.\x00"

Docstring for the class provided on the struct or enum. Read more
Source§

const DOC: &'static CStr

Fully rendered class doc, including the text_signature if a constructor is defined. Read more
Source§

type BaseType = PyAny

Base class
Source§

type ThreadChecker = SendablePyClass<DMSCJWTManager>

This handles following two situations: Read more
Source§

type PyClassMutability = <<PyAny as PyClassBaseType>::PyClassMutability as PyClassMutability>::MutableChild

Immutable or mutable
Source§

type Dict = PyClassDummySlot

Specify this class has #[pyclass(dict)] or not.
Source§

type WeakRef = PyClassDummySlot

Specify this class has #[pyclass(weakref)] or not.
Source§

type BaseNativeType = PyAny

The closest native ancestor. This is PyAny by default, and when you declare #[pyclass(extends=PyDict)], it’s PyDict.
Source§

fn items_iter() -> PyClassItemsIter

Source§

fn lazy_type_object() -> &'static LazyTypeObject<Self>

§

fn dict_offset() -> Option<isize>

§

fn weaklist_offset() -> Option<isize>

Source§

impl PyClassNewTextSignature for DMSCJWTManager

Source§

const TEXT_SIGNATURE: &'static str = "(secret, expiry_secs)"

Source§

impl PyMethods<DMSCJWTManager> for PyClassImplCollector<DMSCJWTManager>

Source§

fn py_methods(self) -> &'static PyClassItems

Source§

impl PyTypeInfo for DMSCJWTManager

Source§

const NAME: &'static str = "DMSCJWTManager"

Class name.
Source§

const MODULE: Option<&'static str> = ::core::option::Option::None

Module name, if any.
Source§

fn type_object_raw(py: Python<'_>) -> *mut PyTypeObject

Returns the PyTypeObject instance for this type.
§

fn type_object(py: Python<'_>) -> Bound<'_, PyType>

Returns the safe abstraction over the type object.
§

fn is_type_of(object: &Bound<'_, PyAny>) -> bool

Checks if object is an instance of this type or a subclass of this type.
§

fn is_exact_type_of(object: &Bound<'_, PyAny>) -> bool

Checks if object is an instance of this type.
Source§

impl DerefToPyAny for DMSCJWTManager

Source§

impl ExtractPyClassWithClone for DMSCJWTManager

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<'py, T> IntoPyObjectExt<'py> for T
where T: IntoPyObject<'py>,

§

fn into_bound_py_any(self, py: Python<'py>) -> Result<Bound<'py, PyAny>, PyErr>

Converts self into an owned Python object, dropping type information.
§

fn into_py_any(self, py: Python<'py>) -> Result<Py<PyAny>, PyErr>

Converts self into an owned Python object, dropping type information and unbinding it from the 'py lifetime.
§

fn into_pyobject_or_pyerr(self, py: Python<'py>) -> Result<Self::Output, PyErr>

Converts self into a Python object. Read more
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> PyErrArguments for T
where T: for<'py> IntoPyObject<'py> + Send + Sync,

§

fn arguments(self, py: Python<'_>) -> Py<PyAny>

Arguments for exception
§

impl<T> PyTypeCheck for T
where T: PyTypeInfo,

§

const NAME: &'static str = T::NAME

👎Deprecated since 0.27.0: Use ::classinfo_object() instead and format the type name at runtime. Note that using built-in cast features is often better than manual PyTypeCheck usage.
Name of self. This is used in error messages, for example.
§

fn type_check(object: &Bound<'_, PyAny>) -> bool

Checks if object is an instance of Self, which may include a subtype. Read more
§

fn classinfo_object(py: Python<'_>) -> Bound<'_, PyAny>

Returns the expected type as a possible argument for the isinstance and issubclass function. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<T> Ungil for T
where T: Send,