Add src/server/auth.rs with bearer_auth_middleware axum layer that extracts the Authorization: Bearer header, resolves via IdentityProvider::resolve_from_token, and stashes Option<Identity> in request extensions. Shared by HTTP gateway routes and the to_mcp rmcp service (research §4.4). No token, malformed header, or failed resolution all yield None (unauthenticated, not an error) — Bearer-only auth mechanism (ADR-004). Includes ResolvedIdentity axum extractor reading from extensions, and wires the middleware into the HttpAdapter router around the gateway/openapi/mcp routes (excluding the raw /healthz route).
48 lines
1.5 KiB
TOML
48 lines
1.5 KiB
TOML
[package]
|
|
name = "alknet-http"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
description = "HTTP interface for alknet: serves HTTP/1.1 + HTTP/2 on standard ALPNs (with WebSocket upgrade for browser bidirectional access) and hosts the HTTP-backed call-protocol adapters"
|
|
repository.workspace = true
|
|
|
|
[lib]
|
|
name = "alknet_http"
|
|
|
|
[features]
|
|
default = ["h2", "http1"]
|
|
mcp = ["dep:rmcp"]
|
|
h2 = ["dep:hyper", "hyper-util/http2", "hyper/http2"]
|
|
http1 = ["dep:hyper", "hyper-util/http1", "hyper/http1"]
|
|
|
|
[dependencies]
|
|
alknet-core = { path = "../alknet-core" }
|
|
alknet-call = { path = "../alknet-call" }
|
|
arc-swap = "1"
|
|
axum = { version = "0.8", features = ["ws"] }
|
|
hyper = { version = "1", optional = true, features = ["server"] }
|
|
hyper-util = { version = "0.1", features = ["server", "service", "tokio"] }
|
|
httpdate = "1"
|
|
reqwest = { version = "0.13", default-features = false, features = ["json", "stream", "rustls"] }
|
|
reqwest-middleware = "0.5"
|
|
reqwest-retry = "0.9"
|
|
tokio = { version = "1", features = ["full"] }
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
async-trait = "0.1"
|
|
tracing = "0.1"
|
|
thiserror = "2"
|
|
uuid = { version = "1", features = ["v4"] }
|
|
futures = "0.3"
|
|
openapiv3 = "2"
|
|
http = "1"
|
|
url = "2"
|
|
rmcp = { version = "1.8", optional = true, default-features = false, features = [
|
|
"client",
|
|
"server",
|
|
"transport-streamable-http-client-reqwest",
|
|
"transport-streamable-http-server",
|
|
] }
|
|
|
|
[dev-dependencies]
|
|
tower = "0.5" |