Skip to main content

TokenPolicy

stygian_charon::token_lifecycle

Struct TokenPolicy 

Source 
pub struct TokenPolicy { /* private fields */ }
Expand description

Per-vendor defaults for the TokenValidator.

Every field is documented in the module docs. The defaults are the values baked into builtin_token_policies; operators can override per-vendor with TokenPolicyTable::with_policy.

§Example

use std::time::Duration;
use stygian_charon::token_lifecycle::TokenPolicy;
use stygian_charon::vendor_classifier::VendorId;

let policy = TokenPolicy::default_for(VendorId::Cloudflare);
assert_eq!(policy.default_ttl(), Duration::from_mins(30));
assert!(policy.single_use());

Implementations§

Source§

impl TokenPolicy

Source

pub fn new( default_ttl: Duration, max_ttl: Duration, require_nonce: bool, single_use: bool, require_session_binding: bool, ) -> Self

Build a TokenPolicy with explicit values. The constructor clamps default_ttl to max_ttl so a caller cannot accidentally build a policy whose default is longer than its maximum.

Source

pub fn with_default_ttl(self, default_ttl: Duration) -> Self

Replace the default TTL. The new value is clamped to the current max_ttl so the policy invariant (max_ttl >= default_ttl) is preserved.

§Example
use std::time::Duration;
use stygian_charon::token_lifecycle::TokenPolicy;

let p = TokenPolicy::default_for(stygian_charon::vendor_classifier::VendorId::Cloudflare);
let tighter = p.with_default_ttl(Duration::from_mins(5));
assert_eq!(tighter.default_ttl(), Duration::from_mins(5));
Source

pub fn with_max_ttl(self, max_ttl: Duration) -> Self

Replace the maximum TTL.

§Example
use std::time::Duration;
use stygian_charon::token_lifecycle::TokenPolicy;

let p = TokenPolicy::default_for(stygian_charon::vendor_classifier::VendorId::Cloudflare);
let tighter = p.with_max_ttl(Duration::from_mins(20));
assert_eq!(tighter.max_ttl(), Duration::from_mins(20));
Source

pub const fn default_ttl(&self) -> Duration

Default TTL baked into this policy.

Source

pub const fn max_ttl(&self) -> Duration

Maximum TTL the validator will accept.

Source

pub const fn require_nonce(&self) -> bool

Whether per-issuance nonce binding is required.

Source

pub const fn single_use(&self) -> bool

Per-vendor default for the single-use flag.

Source

pub const fn require_session_binding(&self) -> bool

Whether sticky-session binding is required.

Source

pub fn default_for(vendor: VendorId) -> Self

Per-vendor default policy matching the vendor policy table.

§Example
use std::time::Duration;
use stygian_charon::token_lifecycle::TokenPolicy;
use stygian_charon::vendor_classifier::VendorId;

assert_eq!(TokenPolicy::default_for(VendorId::Cloudflare).default_ttl(), Duration::from_mins(30));
assert_eq!(TokenPolicy::default_for(VendorId::DataDome).default_ttl(), Duration::from_mins(10));
assert_eq!(TokenPolicy::default_for(VendorId::Unknown).default_ttl(), Duration::from_mins(5));

Trait Implementations§

Source§

impl Clone for TokenPolicy

Source§

fn clone(&self) -> TokenPolicy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for TokenPolicy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for TokenPolicy

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for TokenPolicy

Source§

fn eq(&self, other: &TokenPolicy) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for TokenPolicy

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Copy for TokenPolicy

Source§

impl Eq for TokenPolicy

Source§

impl StructuralPartialEq for TokenPolicy

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,