Add src/server/auth.rs with bearer_auth_middleware axum layer that extracts the Authorization: Bearer header, resolves via IdentityProvider::resolve_from_token, and stashes Option<Identity> in request extensions. Shared by HTTP gateway routes and the to_mcp rmcp service (research §4.4). No token, malformed header, or failed resolution all yield None (unauthenticated, not an error) — Bearer-only auth mechanism (ADR-004). Includes ResolvedIdentity axum extractor reading from extensions, and wires the middleware into the HttpAdapter router around the gateway/openapi/mcp routes (excluding the raw /healthz route).
19 lines
657 B
Rust
19 lines
657 B
Rust
//! alknet-http: HTTP interface for alknet — serves HTTP/1.1 + HTTP/2 on
|
|
//! standard ALPNs (with WebSocket upgrade for browser bidirectional access)
|
|
//! and hosts the HTTP-backed call-protocol adapters.
|
|
//!
|
|
//! Two roles in one crate (ADR-039): HTTP server (HttpAdapter, a
|
|
//! ProtocolHandler for h2/http1.1 + WS upgrade) and HTTP client host
|
|
//! (from_openapi/from_mcp forwarding, to_openapi/to_mcp projections).
|
|
|
|
pub mod adapters;
|
|
pub mod client;
|
|
pub mod gateway;
|
|
pub mod server;
|
|
pub mod websocket;
|
|
|
|
pub use gateway::GatewayDispatch;
|
|
pub use server::{
|
|
bearer_auth_middleware, extract_bearer_identity, DecoyConfig, HttpAdapter, ResolvedIdentity,
|
|
};
|