feat(lib): add auth-kit

2026-02-02 14:26:24 +08:00
parent e49b33a464
commit 27a6791591
19 changed files with 1154 additions and 185 deletions
--- a/examples/offline_issue_jwt.rs
+++ b/examples/offline_issue_jwt.rs
@@ -0,0 +1,45 @@
+use jsonwebtoken::{Algorithm, EncodingKey, Header, encode};
+use serde::{Deserialize, Serialize};
+use std::time::{SystemTime, UNIX_EPOCH};
+use uuid::Uuid;
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Claims {
+    sub: String,
+    tenant_id: String,
+    exp: usize,
+    iat: usize,
+    iss: String,
+}
+
+fn main() {
+    let issuer = std::env::var("JWT_ISSUER").unwrap_or_else(|_| "iam-service".to_string());
+    let kid = std::env::var("JWT_KEY_ID").unwrap_or_else(|_| "default".to_string());
+    let private_pem = std::env::var("JWT_PRIVATE_KEY_PEM").expect("JWT_PRIVATE_KEY_PEM is required");
+    let tenant_id = std::env::var("TENANT_ID").unwrap_or_else(|_| Uuid::new_v4().to_string());
+    let user_id = std::env::var("USER_ID").unwrap_or_else(|_| Uuid::new_v4().to_string());
+
+    let now = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap()
+        .as_secs() as usize;
+
+    let claims = Claims {
+        sub: user_id,
+        tenant_id,
+        exp: now + 15 * 60,
+        iat: now,
+        iss: issuer.clone(),
+    };
+
+    let mut header = Header::new(Algorithm::RS256);
+    header.kid = Some(kid);
+    let token = encode(
+        &header,
+        &claims,
+        &EncodingKey::from_rsa_pem(private_pem.as_bytes()).expect("invalid private key pem"),
+    )
+    .expect("failed to sign token");
+
+    println!("{}", token);
+}