refactor: extract domain model

1 files changed, 63 insertions, 0 deletions

diff --git a/src/domain/services.rs b/src/domain/services.rs
new file mode 100644
index 0000000..2c23cdc
--- /dev/null
+++ b/src/domain/services.rs
@@ -0,0 +1,63 @@
+use crate::domain::models::*;
+use anyhow::Result;
+
+/// Domain service for OAuth2 authorization flow
+pub trait AuthorizationService: Send + Sync {
+    fn authorize(&self, request: &AuthorizationRequest, user: &User) -> Result<AuthorizationResult, OAuthError>;
+    fn validate_client(&self, client_id: &str) -> Result<OAuthClient, OAuthError>;
+    fn validate_redirect_uri(&self, client: &OAuthClient, redirect_uri: &str) -> Result<(), OAuthError>;
+    fn validate_scopes(&self, client: &OAuthClient, requested_scopes: &[String]) -> Result<Vec<String>, OAuthError>;
+}
+
+/// Domain service for OAuth2 token operations
+pub trait TokenService: Send + Sync {
+    fn exchange_code_for_tokens(&self, request: &TokenRequest) -> Result<TokenResult, OAuthError>;
+    fn refresh_tokens(&self, request: &TokenRequest) -> Result<TokenResult, OAuthError>;
+    fn introspect_token(&self, token: &str, client_id: &str) -> Result<TokenClaims, OAuthError>;
+    fn revoke_token(&self, token: &str, client_id: &str) -> Result<(), OAuthError>;
+}
+
+/// Domain service for client management
+pub trait ClientService: Send + Sync {
+    fn create_client(&self, client: &OAuthClient, client_secret: &str) -> Result<()>;
+    fn get_client(&self, client_id: &str) -> Result<Option<OAuthClient>>;
+    fn update_client(&self, client: &OAuthClient) -> Result<()>;
+    fn delete_client(&self, client_id: &str) -> Result<()>;
+    fn authenticate_client(&self, client_id: &str, client_secret: &str) -> Result<OAuthClient, OAuthError>;
+}
+
+/// Domain service for user management
+pub trait UserService: Send + Sync {
+    fn get_user(&self, user_id: &str) -> Result<Option<User>>;
+    fn authenticate_user(&self, username: &str, password: &str) -> Result<User, OAuthError>;
+    fn is_user_authorized(&self, user: &User, client: &OAuthClient, scopes: &[String]) -> Result<bool>;
+}
+
+/// Domain service for audit logging
+pub trait AuditService: Send + Sync {
+    fn log_authorization_attempt(&self, request: &AuthorizationRequest, user: Option<&User>, success: bool, ip_address: Option<&str>) -> Result<()>;
+    fn log_token_request(&self, request: &TokenRequest, success: bool, ip_address: Option<&str>) -> Result<()>;
+    fn log_token_introspection(&self, token_hash: &str, client_id: &str, success: bool) -> Result<()>;
+    fn log_token_revocation(&self, token_hash: &str, client_id: &str, success: bool) -> Result<()>;
+}
+
+/// Domain service for rate limiting
+pub trait RateLimitService: Send + Sync {
+    fn check_rate_limit(&self, identifier: &str, endpoint: &str) -> Result<(), OAuthError>;
+    fn is_rate_limited(&self, identifier: &str, endpoint: &str, max_requests: u32, window_minutes: u32) -> Result<bool>;
+}
+
+/// Domain service for PKCE operations
+pub trait PkceService: Send + Sync {
+    fn generate_code_verifier(&self) -> String;
+    fn generate_code_challenge(&self, verifier: &str, method: &str) -> Result<String>;
+    fn verify_code_challenge(&self, verifier: &str, challenge: &str, method: &str) -> Result<bool>;
+}
+
+/// Domain service for JWT operations
+pub trait JwtService: Send + Sync {
+    fn generate_access_token(&self, claims: &TokenClaims) -> Result<String>;
+    fn generate_refresh_token(&self, client_id: &str, user_id: &str, scopes: &[String]) -> Result<String>;
+    fn validate_token(&self, token: &str) -> Result<TokenClaims>;
+    fn get_jwks(&self) -> Result<String>; // JSON Web Key Set
+}
\ No newline at end of file