web/

auth_keys.rs

//! Per-user JWT signing/verification for the web layer.
//!
//! Tokens are signed with each user's own RSA key (private key in their per-user
//! DB, public key in the global `users` directory). This module wraps the
//! `server` key lookups + the `token` codec into mint/verify helpers the auth
//! handlers call.
//!
//! Verification always reads the authoritative public key from the directory —
//! no public-key cache. A cache would risk accepting tokens signed with a
//! rotated/revoked key until process restart; correctness wins over saving one
//! indexed primary-key lookup. The DoS surface of unauthenticated lookups is
//! addressed by rate-limiting the auth endpoints, not by caching.

use crate::token::{self, TokenDetails, TokenType};
use uuid::Uuid;

/// Whether auth cookies should carry the `Secure` attribute (sent only over
/// HTTPS). Defaults to `true`; set `INSECURE_COOKIES=1` for local plain-HTTP
/// development. Bearer cookies (access/refresh tokens) must be `Secure` in
/// production so they can't leak over a downgraded HTTP request.
#[must_use]
pub fn secure_cookies() -> bool {
    !matches!(
        std::env::var("INSECURE_COOKIES").as_deref(),
        Ok("1") | Ok("true")
    )
}

/// Mints a token of `token_type` for `user_id`, signed with that user's
/// private key.
pub async fn mint(
    user_id: Uuid,
    ttl: i64,
    token_type: TokenType,
) -> Result<TokenDetails, MintError> {
    let private_key = server::auth_keys::private_key_for(user_id)
        .await
        .map_err(|_| MintError::KeyUnavailable)?;
    token::generate_jwt_token(user_id, ttl, &private_key, token_type).map_err(|_| MintError::Sign)
}

/// Verifies a token of the EXPECTED type against its owner's public key.
///
/// Reads the `sub` claim unverified as a routing hint ONLY, fetches that user's
/// authoritative public key from the directory, re-verifies the signature, and
/// requires the claimed `token_type` to match `expected` — so an access token
/// can never be replayed where a refresh token is required (or vice-versa).
/// Returns `None` for any failure — unknown user, missing key, bad signature,
/// or wrong type — so callers cannot distinguish failure modes (existence
/// masking). Always hits the DB for the current key, so a rotated/cleared key
/// takes effect immediately (no stale-key window).
pub async fn verify(token: &str, expected: TokenType) -> Option<TokenDetails> {
    let user_id = token::unverified_user_id(token).ok()?;
    let public_key = server::auth_keys::public_key_for(user_id).await.ok()??;
    let details = token::verify_jwt_token(&public_key, token).ok()?;
    if details.token_type != Some(expected) {
        return None;
    }
    Some(details)
}

#[derive(Debug)]
pub enum MintError {
    /// The user has no stored signing key (a provisioning invariant violation).
    KeyUnavailable,
    /// Signing failed (malformed key material).
    Sign,
}

impl std::fmt::Display for MintError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            MintError::KeyUnavailable => write!(f, "no signing key available for user"),
            MintError::Sign => write!(f, "failed to sign token"),
        }
    }
}