495c8ddbb9
Ports the fewo-webapp AuthInterceptor + requireAdmin onto three abstract
interfaces so consumer apps plug in their own user store, public paths,
and runtime config without forking:
auth/AuthPrincipal.hpp library-owned {id, username, role} value
auth/IAuthBackend.hpp resolveBy{Session,ApiKey,Cert}, hasActiveUsers,
deleteExpiredSessions
auth/IAuthPolicy.hpp isPublicPath, adminRoles, readonlyRoles,
setupModeActive (defaults: admin/readonly,
no public paths, setup off)
auth/IRuntimeConfig.hpp bindAddress, isLoopback
auth/AuthInterceptor.hpp intercept() running the same 6-step ladder as
fewo's original (public → setup → cert DN →
session/API key → CSRF → readonly)
auth/RequireRole.hpp requireUser + requireAdmin helpers reading
bundle data (config-driven role sets, not
hard-coded 'admin')
TokenHasher is passed in so the library doesn't prescribe SHA-256 vs.
whatever. Bundle keys match fewo's existing controllers so the consumer
migration in #418 is a straightforward adapter swap.
Smoke-compiled against oatpp 1.3.0 headers.
Closes fewo-webapp#413
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
23 lines
663 B
C++
23 lines
663 B
C++
#ifndef OATPP_AUTHKIT_AUTH_PRINCIPAL_HPP
|
|
#define OATPP_AUTHKIT_AUTH_PRINCIPAL_HPP
|
|
|
|
#include <string>
|
|
|
|
namespace oatpp_authkit {
|
|
|
|
/**
|
|
* @brief Library-owned authenticated-user value.
|
|
*
|
|
* Intentionally decoupled from any consumer-specific DTO so the library
|
|
* stays portable. Consumers translate from their own UserDto (or whatever)
|
|
* into this struct inside their IAuthBackend implementation.
|
|
*/
|
|
struct AuthPrincipal {
|
|
int id{0}; ///< Stable numeric id from the user store.
|
|
std::string username;
|
|
std::string role; ///< Arbitrary string; policy decides what "admin"/"readonly" mean.
|
|
};
|
|
|
|
} // namespace oatpp_authkit
|
|
|
|
#endif
|