feat(core): implement AuthContext, Identity, AuthToken, IdentityProvider, ConfigIdentityProvider (task: core/auth)

Implement authentication types in auth.rs: AuthContext (Clone, 4 fields),
Identity (Clone, PartialEq), AuthToken, IdentityProvider trait (resolve_from_
fingerprint + resolve_from_token), ConfigIdentityProvider (reads from
ArcSwap<DynamicConfig> on every call — hot-reloadable). Fingerprint resolution
via authorized_fingerprints HashSet, token resolution via alk_ prefix + SHA-256
hash + expiry check. Also implemented minimal config.rs types (DynamicConfig,
AuthPolicy, ApiKeyEntry, RateLimitConfig, ConfigReloadHandle) needed by auth —
aligned with architecture docs for the parallel core/config task to extend.

27 unit tests pass; clippy clean.

Refs: docs/architecture/crates/core/auth.md
Implements: ADR-004, ADR-011
This commit is contained in:
2026-06-23 14:10:06 +00:00
4 changed files with 396 additions and 4 deletions

2
Cargo.lock generated
View File

@@ -71,12 +71,14 @@ dependencies = [
"async-trait",
"bytes",
"futures",
"hex",
"iroh",
"quinn",
"rustls",
"rustls-pki-types",
"serde",
"serde_json",
"sha2",
"thiserror 2.0.18",
"tokio",
"toml",