[feat](trx-frontend-http): implement HTTP authentication (phases 1-3)

sjg/trx-rs

Add optional passphrase-based authentication with two roles (rx/control),
session management, auth middleware, and protected routes.

Phase 1: Config model with HttpAuthConfig struct, CookieSameSite enum,
validation logic for enabled auth requiring at least one passphrase.

Phase 2: Auth module with:
- AuthRole enum (Rx, Control)
- SessionRecord and SessionStore for in-memory session management
- AuthConfig at runtime
- /auth/login, /auth/logout, /auth/session endpoints
- Constant-time passphrase comparison for timing attack mitigation

Phase 3: Integration with:
- AuthMiddleware for route protection with public/read/control classification
- Server-side AuthState setup with cleanup task for expired sessions
- Auth endpoints registered in api.rs configure()

Sessions use 128-bit random IDs (hex-encoded), HttpOnly cookies, configurable
SameSite attribute. Auth is disabled by default to preserve current behavior.

All unit and integration tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stanislaw Grams <stanislawgrams@gmail.com>

This commit is contained in:

Stan Grams

2026-02-13 08:15:55 +01:00

parent 66989b306f

commit a4b014d66a

8 changed files with 1281 additions and 6 deletions

									
										src/trx-client/trx-frontend/trx-frontend-http/Cargo.toml
									
		+2
		
												View File
												
				@@ -20,3 +20,5 @@ actix-ws = "0.3"

				tokio-stream = { version = "0.1", features = ["sync"] }

				futures-util = "0.3"

				bytes = "1"

				rand = "0.8"

				hex = "0.4"