1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
use crate::domain::models::*;
use anyhow::Result;
/// Domain service for OAuth2 authorization flow
pub trait AuthorizationService: Send + Sync {
fn authorize(
&self,
request: &AuthorizationRequest,
user: &User,
) -> Result<AuthorizationResult, OAuthError>;
fn validate_client(&self, client_id: &str) -> Result<OAuthClient, OAuthError>;
fn validate_redirect_uri(
&self,
client: &OAuthClient,
redirect_uri: &str,
) -> Result<(), OAuthError>;
fn validate_scopes(
&self,
client: &OAuthClient,
requested_scopes: &[String],
) -> Result<Vec<String>, OAuthError>;
}
/// Domain service for OAuth2 token operations
pub trait TokenService: Send + Sync {
fn exchange_code_for_tokens(&self, request: &TokenRequest) -> Result<TokenResult, OAuthError>;
fn refresh_tokens(&self, request: &TokenRequest) -> Result<TokenResult, OAuthError>;
fn introspect_token(&self, token: &str, client_id: &str) -> Result<TokenClaims, OAuthError>;
fn revoke_token(&self, token: &str, client_id: &str) -> Result<(), OAuthError>;
}
/// Domain service for client management
pub trait ClientService: Send + Sync {
fn create_client(&self, client: &OAuthClient, client_secret: &str) -> Result<()>;
fn get_client(&self, client_id: &str) -> Result<Option<OAuthClient>>;
fn update_client(&self, client: &OAuthClient) -> Result<()>;
fn delete_client(&self, client_id: &str) -> Result<()>;
fn authenticate_client(
&self,
client_id: &str,
client_secret: &str,
) -> Result<OAuthClient, OAuthError>;
}
/// Domain service for user management
pub trait UserService: Send + Sync {
fn get_user(&self, user_id: &str) -> Result<Option<User>>;
fn authenticate_user(&self, username: &str, password: &str) -> Result<User, OAuthError>;
fn is_user_authorized(
&self,
user: &User,
client: &OAuthClient,
scopes: &[String],
) -> Result<bool>;
}
/// Domain service for audit logging
pub trait AuditService: Send + Sync {
fn log_authorization_attempt(
&self,
request: &AuthorizationRequest,
user: Option<&User>,
success: bool,
ip_address: Option<&str>,
) -> Result<()>;
fn log_token_request(
&self,
request: &TokenRequest,
success: bool,
ip_address: Option<&str>,
) -> Result<()>;
fn log_token_introspection(
&self,
token_hash: &str,
client_id: &str,
success: bool,
) -> Result<()>;
fn log_token_revocation(&self, token_hash: &str, client_id: &str, success: bool) -> Result<()>;
}
/// Domain service for rate limiting
pub trait RateLimitService: Send + Sync {
fn check_rate_limit(&self, identifier: &str, endpoint: &str) -> Result<(), OAuthError>;
fn is_rate_limited(
&self,
identifier: &str,
endpoint: &str,
max_requests: u32,
window_minutes: u32,
) -> Result<bool>;
}
/// Domain service for PKCE operations
pub trait PkceService: Send + Sync {
fn generate_code_verifier(&self) -> String;
fn generate_code_challenge(&self, verifier: &str, method: &str) -> Result<String>;
fn verify_code_challenge(&self, verifier: &str, challenge: &str, method: &str) -> Result<bool>;
}
/// Domain service for JWT operations
pub trait JwtService: Send + Sync {
fn generate_access_token(&self, claims: &TokenClaims) -> Result<String>;
fn generate_refresh_token(
&self,
client_id: &str,
user_id: &str,
scopes: &[String],
) -> Result<String>;
fn validate_token(&self, token: &str) -> Result<TokenClaims>;
fn get_jwks(&self) -> Result<String>; // JSON Web Key Set
}
|
