tsk-56: Added API docs

tsk-56: Added utoipa Swagger crates
tsk-56: Dependency version brump
2025-08-24 19:02:20 -04:00 · 2025-08-24 15:50:40 -04:00 · 2025-08-24 15:48:39 -04:00 · 2025-08-12 21:46:01 +00:00 · 2025-08-11 22:15:17 +00:00 · 2025-08-03 23:09:50 +00:00
19 changed files with 931 additions and 168 deletions
--- a/.env.docker.sample
+++ b/.env.docker.sample
@@ -1,4 +1,5 @@
 SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
+SERVICE_PASSPHRASE=iUOo1fxshf3y1tUGn1yU8l9raPApHCdinW0VdCHdRFEjqhR3Bf02aZzsKbLtaDFH
 POSTGRES_AUTH_USER=icarus_op
 POSTGRES_AUTH_PASSWORD=password
 POSTGRES_AUTH_DB=icarus_auth_db
--- a/.env.sample
+++ b/.env.sample
@@ -1,4 +1,5 @@
 SECRET_KEY=refero34o8rfhfjn983thf39fhc943rf923n3h
+SERVICE_PASSPHRASE=iUOo1fxshf3y1tUGn1yU8l9raPApHCdinW0VdCHdRFEjqhR3Bf02aZzsKbLtaDFH
 POSTGRES_AUTH_USER=icarus_op_test
 POSTGRES_AUTH_PASSWORD=password
 POSTGRES_AUTH_DB=icarus_auth_test_db
--- a/.gitea/workflows/tag_release.yml
+++ b/.gitea/workflows/tag_release.yml
@@ -17,7 +17,7 @@ jobs:
      - name: Install Rust
        uses: actions-rs/toolchain@v1
        with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
          components: cargo

      - name: Extract Version from Cargo.toml
@@ -49,5 +49,3 @@ jobs:
          release_name: Release ${{ steps.version.outputs.project_tag_release }}
          body: |
           Release of version ${{ steps.version.outputs.project_tag_release }}
-          # draft: false
-          # prerelease: ${{ startsWith(github.ref, 'v') == false }} # prerelease if not a valid release tag
--- a/.gitea/workflows/workflow.yml
+++ b/.gitea/workflows/workflow.yml
@@ -18,7 +18,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
      - run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
@@ -36,7 +36,7 @@ jobs:
    # --- Add database service definition ---
    services:
      postgres:
-        image: postgres:17.4 # Or pin to a more specific version like 14.9
+        image: postgres:17.5
        env:
          # Use secrets for DB init, with fallbacks for flexibility
          POSTGRES_USER: ${{ secrets.DB_TEST_USER || 'testuser' }}
@@ -53,7 +53,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
      # --- Add this step for explicit verification ---
      - name: Verify Docker Environment
        run: |
@@ -94,7 +94,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
      - run: rustup component add rustfmt
      - run: |
          mkdir -p ~/.ssh
@@ -113,7 +113,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
      - run: rustup component add clippy
      - run: |
          mkdir -p ~/.ssh
@@ -132,7 +132,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
-          toolchain: 1.86.0
+          toolchain: 1.88.0
      - run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.MYREPO_TOKEN }}" > ~/.ssh/icarus_models_deploy_key
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 /target
 .env
+.env.local
+.env.docker
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -38,6 +38,15 @@ version = "1.0.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f"

+[[package]]
+name = "arbitrary"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1"
+dependencies = [
+ "derive_arbitrary",
+]
+
 [[package]]
 name = "argon2"
 version = "0.5.3"
@@ -67,9 +76,9 @@ checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"

 [[package]]
 name = "axum"
-version = "0.8.3"
+version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de45108900e1f9b9242f7f2e254aa3e2c029c921c258fe9e6b4217eeebd54288"
+checksum = "021e862c184ae977658b36c4500f7feac3221ca5da43e3f25bd04ab6c79a29b5"
 dependencies = [
 "axum-core",
 "bytes",
@@ -173,6 +182,12 @@ dependencies = [
 "generic-array",
 ]

+[[package]]
+name = "bumpalo"
+version = "3.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43"
+
 [[package]]
 name = "byteorder"
 version = "1.5.0"
@@ -215,6 +230,26 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"

+[[package]]
+name = "const_format"
+version = "0.2.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "126f97965c8ad46d6d9163268ff28432e8f6a1196a55578867832e3049df63dd"
+dependencies = [
+ "const_format_proc_macros",
+]
+
+[[package]]
+name = "const_format_proc_macros"
+version = "0.2.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-xid",
+]
+
 [[package]]
 name = "core-foundation"
 version = "0.9.4"
@@ -310,6 +345,17 @@ dependencies = [
 "serde",
 ]

+[[package]]
+name = "derive_arbitrary"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -399,6 +445,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ced92e76e966ca2fd84c8f7aa01a4aea65b0eb6648d72f7c8f3e2764a67fece"
 dependencies = [
 "crc32fast",
+ "libz-rs-sys",
 "miniz_oxide",
 ]

@@ -702,7 +749,7 @@ dependencies = [

 [[package]]
 name = "icarus_auth"
-version = "0.3.10"
+version = "0.4.3"
 dependencies = [
 "argon2",
 "axum",
@@ -712,7 +759,7 @@ dependencies = [
 "icarus_models",
 "josekit",
 "once_cell",
- "rand 0.9.0",
+ "rand 0.9.1",
 "serde",
 "serde_json",
 "sqlx",
@@ -721,26 +768,31 @@ dependencies = [
 "tower",
 "tracing-subscriber",
 "url",
+ "utoipa",
+ "utoipa-swagger-ui",
 "uuid",
 ]

 [[package]]
 name = "icarus_envy"
-version = "0.2.0"
-source = "git+ssh://git@git.kundeng.us/phoenix/icarus_envy.git?tag=v0.2.0-devel-dbe4dc67cb-950#dbe4dc67cb1baa5ae5c5f2b452ff45d388c719ea"
+version = "0.3.2"
+source = "git+ssh://git@git.kundeng.us/phoenix/icarus_envy.git?tag=v0.3.2#d84a8144aedf02e1b459d67c4023a7e0833f89fd"
 dependencies = [
+ "const_format",
 "dotenvy",
 ]

 [[package]]
 name = "icarus_models"
-version = "0.4.3"
-source = "git+ssh://git@git.kundeng.us/phoenix/icarus_models.git?tag=v0.4.3#6aa4c3d74142f5fceb4a6e95078bb3ae0a2d99c5"
+version = "0.5.6"
+source = "git+ssh://git@git.kundeng.us/phoenix/icarus_models.git?tag=v0.5.6-58-13b030bbca-111#13b030bbcabeff9c7a7593929db508dee5db6914"
 dependencies = [
- "rand 0.9.0",
+ "josekit",
+ "rand 0.9.1",
 "serde",
 "serde_json",
 "time",
+ "utoipa",
 "uuid",
 ]

@@ -891,6 +943,7 @@ checksum = "3954d50fe15b02142bf25d3b8bdadb634ec3948f103d04ffe3031bc8fe9d7058"
 dependencies = [
 "equivalent",
 "hashbrown",
+ "serde",
 ]

 [[package]]
@@ -901,9 +954,9 @@ checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"

 [[package]]
 name = "josekit"
-version = "0.10.1"
+version = "0.10.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe0633782b10949cf7d5aca9ec7c87ce642cbe4fff7d34602b2ec2e890ad56e5"
+checksum = "a808e078330e6af222eb0044b71d4b1ff981bfef43e7bc8133a88234e0c86a0c"
 dependencies = [
 "anyhow",
 "base64",
@@ -912,10 +965,20 @@ dependencies = [
 "regex",
 "serde",
 "serde_json",
- "thiserror 1.0.69",
+ "thiserror",
 "time",
 ]

+[[package]]
+name = "js-sys"
+version = "0.3.77"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f"
+dependencies = [
+ "once_cell",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "lazy_static"
 version = "1.5.0"
@@ -947,6 +1010,15 @@ dependencies = [
 "vcpkg",
 ]

+[[package]]
+name = "libz-rs-sys"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "172a788537a2221661b480fee8dc5f96c580eb34fa88764d3205dc356c7e4221"
+dependencies = [
+ "zlib-rs",
+]
+
 [[package]]
 name = "linux-raw-sys"
 version = "0.9.3"
@@ -1003,6 +1075,16 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"

+[[package]]
+name = "mime_guess"
+version = "2.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
+dependencies = [
+ "mime",
+ "unicase",
+]
+
 [[package]]
 name = "miniz_oxide"
 version = "0.8.7"
@@ -1314,13 +1396,12 @@ dependencies = [

 [[package]]
 name = "rand"
-version = "0.9.0"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94"
+checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"
 dependencies = [
 "rand_chacha 0.9.0",
 "rand_core 0.9.3",
- "zerocopy",
 ]

 [[package]]
@@ -1419,6 +1500,40 @@ dependencies = [
 "zeroize",
 ]

+[[package]]
+name = "rust-embed"
+version = "8.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "025908b8682a26ba8d12f6f2d66b987584a4a87bc024abc5bbc12553a8cd178a"
+dependencies = [
+ "rust-embed-impl",
+ "rust-embed-utils",
+ "walkdir",
+]
+
+[[package]]
+name = "rust-embed-impl"
+version = "8.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6065f1a4392b71819ec1ea1df1120673418bf386f50de1d6f54204d836d4349c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "rust-embed-utils",
+ "syn",
+ "walkdir",
+]
+
+[[package]]
+name = "rust-embed-utils"
+version = "8.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6cc0c81648b20b70c491ff8cce00c1c3b223bb8ed2b5d41f0e54c6c4c0a3594"
+dependencies = [
+ "sha2",
+ "walkdir",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@@ -1450,6 +1565,15 @@ version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"

+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "schannel"
 version = "0.1.27"
@@ -1590,6 +1714,12 @@ dependencies = [
 "rand_core 0.6.4",
 ]

+[[package]]
+name = "simd-adler32"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe"
+
 [[package]]
 name = "slab"
 version = "0.4.9"
@@ -1639,9 +1769,9 @@ dependencies = [

 [[package]]
 name = "sqlx"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4410e73b3c0d8442c5f99b425d7a435b5ee0ae4167b3196771dd3f7a01be745f"
+checksum = "1fefb893899429669dcdd979aff487bd78f4064e5e7907e4269081e0ef7d97dc"
 dependencies = [
 "sqlx-core",
 "sqlx-macros",
@@ -1652,10 +1782,11 @@ dependencies = [

 [[package]]
 name = "sqlx-core"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a007b6936676aa9ab40207cde35daab0a04b823be8ae004368c0793b96a61e0"
+checksum = "ee6798b1838b6a0f69c007c133b8df5866302197e404e8b6ee8ed3e3a5e68dc6"
 dependencies = [
+ "base64",
 "bytes",
 "crc",
 "crossbeam-queue",
@@ -1677,7 +1808,7 @@ dependencies = [
 "serde_json",
 "sha2",
 "smallvec",
- "thiserror 2.0.12",
+ "thiserror",
 "time",
 "tokio",
 "tokio-stream",
@@ -1688,9 +1819,9 @@ dependencies = [

 [[package]]
 name = "sqlx-macros"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3112e2ad78643fef903618d78cf0aec1cb3134b019730edb039b69eaf531f310"
+checksum = "a2d452988ccaacfbf5e0bdbc348fb91d7c8af5bee192173ac3636b5fb6e6715d"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -1701,9 +1832,9 @@ dependencies = [

 [[package]]
 name = "sqlx-macros-core"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e9f90acc5ab146a99bf5061a7eb4976b573f560bc898ef3bf8435448dd5e7ad"
+checksum = "19a9c1841124ac5a61741f96e1d9e2ec77424bf323962dd894bdb93f37d5219b"
 dependencies = [
 "dotenvy",
 "either",
@@ -1720,16 +1851,15 @@ dependencies = [
 "sqlx-postgres",
 "sqlx-sqlite",
 "syn",
- "tempfile",
 "tokio",
 "url",
 ]

 [[package]]
 name = "sqlx-mysql"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4560278f0e00ce64938540546f59f590d60beee33fffbd3b9cd47851e5fff233"
+checksum = "aa003f0038df784eb8fecbbac13affe3da23b45194bd57dba231c8f48199c526"
 dependencies = [
 "atoi",
 "base64",
@@ -1762,7 +1892,7 @@ dependencies = [
 "smallvec",
 "sqlx-core",
 "stringprep",
- "thiserror 2.0.12",
+ "thiserror",
 "time",
 "tracing",
 "uuid",
@@ -1771,9 +1901,9 @@ dependencies = [

 [[package]]
 name = "sqlx-postgres"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5b98a57f363ed6764d5b3a12bfedf62f07aa16e1856a7ddc2a0bb190a959613"
+checksum = "db58fcd5a53cf07c184b154801ff91347e4c30d17a3562a635ff028ad5deda46"
 dependencies = [
 "atoi",
 "base64",
@@ -1801,7 +1931,7 @@ dependencies = [
 "smallvec",
 "sqlx-core",
 "stringprep",
- "thiserror 2.0.12",
+ "thiserror",
 "time",
 "tracing",
 "uuid",
@@ -1810,9 +1940,9 @@ dependencies = [

 [[package]]
 name = "sqlx-sqlite"
-version = "0.8.3"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f85ca71d3a5b24e64e1d08dd8fe36c6c95c339a896cc33068148906784620540"
+checksum = "c2d12fe70b2c1b4401038055f90f151b78208de1f9f89a7dbfd41587a10c3eea"
 dependencies = [
 "atoi",
 "flume",
@@ -1827,6 +1957,7 @@ dependencies = [
 "serde",
 "serde_urlencoded",
 "sqlx-core",
+ "thiserror",
 "time",
 "tracing",
 "url",
@@ -1897,33 +2028,13 @@ dependencies = [
 "windows-sys 0.59.0",
 ]

-[[package]]
-name = "thiserror"
-version = "1.0.69"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
-dependencies = [
- "thiserror-impl 1.0.69",
-]
-
 [[package]]
 name = "thiserror"
 version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
 dependencies = [
- "thiserror-impl 2.0.12",
-]
-
-[[package]]
-name = "thiserror-impl"
-version = "1.0.69"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
+ "thiserror-impl",
 ]

 [[package]]
@@ -2005,9 +2116,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.44.1"
+version = "1.45.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
+checksum = "75ef51a33ef1da925cea3e4eb122833cb377c61439ca401b770f54902b806779"
 dependencies = [
 "backtrace",
 "bytes",
@@ -2133,6 +2244,12 @@ version = "1.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"

+[[package]]
+name = "unicase"
+version = "2.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
+
 [[package]]
 name = "unicode-bidi"
 version = "0.3.18"
@@ -2160,6 +2277,12 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0"

+[[package]]
+name = "unicode-xid"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
+
 [[package]]
 name = "url"
 version = "2.5.4"
@@ -2184,13 +2307,58 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"

 [[package]]
-name = "uuid"
-version = "1.16.0"
+name = "utoipa"
+version = "5.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
+checksum = "2fcc29c80c21c31608227e0912b2d7fddba57ad76b606890627ba8ee7964e993"
+dependencies = [
+ "indexmap",
+ "serde",
+ "serde_json",
+ "utoipa-gen",
+]
+
+[[package]]
+name = "utoipa-gen"
+version = "5.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d79d08d92ab8af4c5e8a6da20c47ae3f61a0f1dabc1997cdf2d082b757ca08b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "regex",
+ "syn",
+ "uuid",
+]
+
+[[package]]
+name = "utoipa-swagger-ui"
+version = "9.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d047458f1b5b65237c2f6dc6db136945667f40a7668627b3490b9513a3d43a55"
+dependencies = [
+ "axum",
+ "base64",
+ "mime_guess",
+ "regex",
+ "rust-embed",
+ "serde",
+ "serde_json",
+ "url",
+ "utoipa",
+ "zip",
+]
+
+[[package]]
+name = "uuid"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3cf4199d1e5d15ddd86a694e4d0dffa9c323ce759fea589f00fef9d81cc1931d"
 dependencies = [
 "getrandom 0.3.2",
+ "js-sys",
 "serde",
+ "wasm-bindgen",
 ]

 [[package]]
@@ -2211,6 +2379,16 @@ version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"

+[[package]]
+name = "walkdir"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
+dependencies = [
+ "same-file",
+ "winapi-util",
+]
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
@@ -2232,6 +2410,64 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"

+[[package]]
+name = "wasm-bindgen"
+version = "0.2.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "rustversion",
+ "wasm-bindgen-macro",
+]
+
+[[package]]
+name = "wasm-bindgen-backend"
+version = "0.2.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
+dependencies = [
+ "bumpalo",
+ "log",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+ "wasm-bindgen-backend",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.100"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d"
+dependencies = [
+ "unicode-ident",
+]
+
 [[package]]
 name = "whoami"
 version = "1.6.0"
@@ -2258,6 +2494,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"

+[[package]]
+name = "winapi-util"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0978bf7171b3d90bac376700cb56d606feb40f251a475a5d6634613564460b22"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
@@ -2525,3 +2770,35 @@ dependencies = [
 "quote",
 "syn",
 ]
+
+[[package]]
+name = "zip"
+version = "3.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12598812502ed0105f607f941c386f43d441e00148fce9dec3ca5ffb0bde9308"
+dependencies = [
+ "arbitrary",
+ "crc32fast",
+ "flate2",
+ "indexmap",
+ "memchr",
+ "zopfli",
+]
+
+[[package]]
+name = "zlib-rs"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "626bd9fa9734751fc50d6060752170984d7053f5a39061f524cda68023d4db8a"
+
+[[package]]
+name = "zopfli"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "edfc5ee405f504cd4984ecc6f14d02d55cfda60fa4b689434ef4102aae150cd7"
+dependencies = [
+ "bumpalo",
+ "crc32fast",
+ "log",
+ "simd-adler32",
+]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,27 +1,29 @@
 [package]
 name = "icarus_auth"
-version = "0.3.10"
+version = "0.4.3"
 edition = "2024"
-rust-version = "1.86"
+rust-version = "1.88"

 [dependencies]
-axum = { version = "0.8.3" }
-serde = { version = "1.0.218", features = ["derive"] }
-serde_json = { version = "1.0.139" }
-tokio = { version = "1.44.1", features = ["rt-multi-thread"] }
+axum = { version = "0.8.4" }
+serde = { version = "1.0.219", features = ["derive"] }
+serde_json = { version = "1.0.140" }
+tokio = { version = "1.45.1", features = ["rt-multi-thread"] }
 tracing-subscriber = { version = "0.3.19" }
 tower = { version = "0.5.2" }
 hyper = { version = "1.6.0" }
-sqlx = { version = "0.8.3", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
-uuid = { version = "1.16.0", features = ["v4", "serde"] }
+sqlx = { version = "0.8.6", features = ["postgres", "runtime-tokio-native-tls", "time", "uuid"] }
+uuid = { version = "1.17.0", features = ["v4", "serde"] }
 argon2 = { version = "0.5.3", features = ["std"] } # Use the latest 0.5.x version
-rand = { version = "0.9" }
+rand = { version = "0.9.1" }
 time = { version = "0.3.41", features = ["macros", "serde"] }
-josekit = { version = "0.10.1" }
-icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.4.3" }
-icarus_envy = { git = "ssh://git@git.kundeng.us/phoenix/icarus_envy.git", tag = "v0.2.0-devel-dbe4dc67cb-950" }
+josekit = { version = "0.10.3" }
+utoipa = { version = "5.4.0", features = ["axum_extras"] }
+utoipa-swagger-ui = { version = "9.0.2", features = ["axum"] }
+icarus_models = { git = "ssh://git@git.kundeng.us/phoenix/icarus_models.git", tag = "v0.5.6-58-13b030bbca-111" }
+icarus_envy = { git = "ssh://git@git.kundeng.us/phoenix/icarus_envy.git", tag = "v0.3.2" }

 [dev-dependencies]
 http-body-util = { version = "0.1.3" }
-url = { version = "2.5" }
-once_cell = { version = "1.19" } # Useful for lazy initialization in tests/app setup
+url = { version = "2.5.4" }
+once_cell = { version = "1.21.3" } # Useful for lazy initialization in tests/app setup
--- a/4
+++ b/4
@@ -1,7 +1,7 @@
 # Stage 1: Build the application
 # Use a specific Rust version for reproducibility. Choose one that matches your development environment.
 # Using slim variant for smaller base image
-FROM rust:1.86 as builder
+FROM rust:1.88 as builder

 # Set the working directory inside the container
 WORKDIR /usr/src/app
@@ -68,4 +68,4 @@ EXPOSE 3000

 # Set the command to run your application
 # Ensure this matches the binary name copied above
-CMD ["./icarus_auth"]
+CMD ["./icarus_auth"]
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -19,7 +19,7 @@ services:

  # PostgreSQL Database Service
  auth_db:
-    image: postgres:17.4-alpine # Use an official Postgres image (Alpine variant is smaller)
+    image: postgres:17.5-alpine # Use an official Postgres image (Alpine variant is smaller)
    container_name: icarus_auth_db # Optional: Give the container a specific name
    environment:
      # These MUST match the user, password, and database name in the DATABASE_URL above
--- a/migrations/20250402221858_init_migrate.sql
+++ b/migrations/20250402221858_init_migrate.sql
@@ -20,3 +20,9 @@ CREATE TABLE IF NOT EXISTS "salt" (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    salt TEXT NOT NULL
 );
+
+CREATE TABLE IF NOT EXISTS "passphrase" (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    passphrase TEXT NOT NULL,
+    date_created TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
--- a/migrations/20250802185652_passphrase_data.sql
+++ b/migrations/20250802185652_passphrase_data.sql
@@ -0,0 +1,2 @@
+-- Add migration script here
+INSERT INTO "passphrase" (id, passphrase) VALUES('22f9c775-cce9-457a-a147-9dafbb801f61', 'iUOo1fxshf3y1tUGn1yU8l9raPApHCdinW0VdCHdRFEjqhR3Bf02aZzsKbLtaDFH');
--- a/src/callers/common.rs
+++ b/src/callers/common.rs
@@ -1,7 +1,7 @@
 pub mod response {
    use serde::{Deserialize, Serialize};

-    #[derive(Deserialize, Serialize)]
+    #[derive(Deserialize, Serialize, utoipa::ToSchema)]
    pub struct TestResult {
        pub message: String,
    }
@@ -11,11 +11,28 @@ pub mod endpoint {
    use super::*;
    use axum::{Extension, Json, http::StatusCode};

-    // basic handler that responds with a static string
+    /// Endpoint to hit the root
+    /// basic handler that responds with a static string
+    #[utoipa::path(
+        get,
+        path = super::super::endpoints::ROOT,
+        responses(
+            (status = 200, description = "Test", body = &str),
+        )
+    )]
    pub async fn root() -> &'static str {
        "Hello, World!"
    }

+    /// Endpoint to do a database ping
+    #[utoipa::path(
+        get,
+        path = super::super::endpoints::DBTEST,
+        responses(
+            (status = 200, description = "Successful ping of the db", body = super::response::TestResult),
+            (status = 400, description = "Failure in pinging the db", body = super::response::TestResult)
+        )
+    )]
    pub async fn db_ping(
        Extension(pool): Extension<sqlx::PgPool>,
    ) -> (StatusCode, Json<response::TestResult>) {
--- a/src/callers/login.rs
+++ b/src/callers/login.rs
@@ -1,23 +1,54 @@
 pub mod request {
    use serde::{Deserialize, Serialize};

-    #[derive(Default, Deserialize, Serialize)]
+    #[derive(Default, Deserialize, Serialize, utoipa::ToSchema)]
    pub struct Request {
        pub username: String,
        pub password: String,
    }
+
+    pub mod service_login {
+        #[derive(Debug, serde::Deserialize, serde::Serialize, utoipa::ToSchema)]
+        pub struct Request {
+            pub passphrase: String,
+        }
+    }
+
+    pub mod refresh_token {
+        #[derive(Debug, serde::Deserialize, serde::Serialize, utoipa::ToSchema)]
+        pub struct Request {
+            pub access_token: String,
+        }
+    }
 }

 pub mod response {
    use serde::{Deserialize, Serialize};

-    #[derive(Default, Deserialize, Serialize)]
+    #[derive(Default, Deserialize, Serialize, utoipa::ToSchema)]
    pub struct Response {
        pub message: String,
        pub data: Vec<icarus_models::login_result::LoginResult>,
    }
+
+    pub mod service_login {
+        #[derive(Debug, Default, serde::Deserialize, serde::Serialize, utoipa::ToSchema)]
+        pub struct Response {
+            pub message: String,
+            pub data: Vec<icarus_models::login_result::LoginResult>,
+        }
+    }
+
+    pub mod refresh_token {
+        #[derive(Debug, Default, serde::Deserialize, serde::Serialize, utoipa::ToSchema)]
+        pub struct Response {
+            pub message: String,
+            pub data: Vec<icarus_models::login_result::LoginResult>,
+        }
+    }
 }

+/// Module for login endpoints
 pub mod endpoint {
    use axum::{Json, http::StatusCode};

@@ -28,6 +59,10 @@ pub mod endpoint {
    use super::request;
    use super::response;

+    // TODO: At some point, get the username from the DB
+    // Name of service username when returning a login result
+    pub const SERVICE_USERNAME: &str = "service";
+
    async fn not_found(message: &str) -> (StatusCode, Json<response::Response>) {
        (
            StatusCode::NOT_FOUND,
@@ -38,6 +73,20 @@ pub mod endpoint {
        )
    }

+    /// Endpoint to login
+    #[utoipa::path(
+        post,
+        path = super::super::endpoints::LOGIN,
+        request_body(
+            content = request::Request,
+            description = "Data required to login",
+            content_type = "application/json"
+        ),
+        responses(
+            (status = 200, description = "Successfully logged in", body = response::Response),
+            (status = 404, description = "Could not login with credentials", body = response::Response)
+        )
+    )]
    pub async fn login(
        axum::Extension(pool): axum::Extension<sqlx::PgPool>,
        Json(payload): Json<request::Request>,
@@ -48,7 +97,8 @@ pub mod endpoint {
                if hashing::verify_password(&payload.password, user.password.clone()).unwrap() {
                    // Create token
                    let key = icarus_envy::environment::get_secret_key().await;
-                    let (token_literal, duration) = token_stuff::create_token(&key).unwrap();
+                    let (token_literal, duration) =
+                        token_stuff::create_token(&key, &user.id).unwrap();

                    if token_stuff::verify_token(&key, &token_literal) {
                        let current_time = time::OffsetDateTime::now_utc();
@@ -62,7 +112,7 @@ pub mod endpoint {
                                    id: user.id,
                                    username: user.username.clone(),
                                    token: token_literal,
-                                    token_type: String::from(token_stuff::TOKENTYPE),
+                                    token_type: String::from(icarus_models::token::TOKEN_TYPE),
                                    expiration: duration,
                                }],
                            }),
@@ -79,4 +129,140 @@ pub mod endpoint {
            }
        }
    }
+
+    /// Endpoint to login as a service user
+    #[utoipa::path(
+        post,
+        path = super::super::endpoints::SERVICE_LOGIN,
+        request_body(
+            content = request::service_login::Request,
+            description = "Data required to login as a service user",
+            content_type = "application/json"
+        ),
+        responses(
+            (status = 200, description = "Login successful", body = response::Response),
+            (status = 400, description = "Error logging in with credentials", body = response::Response)
+        )
+    )]
+    pub async fn service_login(
+        axum::Extension(pool): axum::Extension<sqlx::PgPool>,
+        axum::Json(payload): axum::Json<request::service_login::Request>,
+    ) -> (
+        axum::http::StatusCode,
+        axum::Json<response::service_login::Response>,
+    ) {
+        let mut response = response::service_login::Response::default();
+
+        match repo::service::valid_passphrase(&pool, &payload.passphrase).await {
+            Ok((id, _passphrase, _date_created)) => {
+                let key = icarus_envy::environment::get_secret_key().await;
+                let (token_literal, duration) =
+                    token_stuff::create_service_token(&key, &id).unwrap();
+
+                if token_stuff::verify_token(&key, &token_literal) {
+                    let login_result = icarus_models::login_result::LoginResult {
+                        id,
+                        username: String::from(SERVICE_USERNAME),
+                        token: token_literal,
+                        token_type: String::from(icarus_models::token::TOKEN_TYPE),
+                        expiration: duration,
+                    };
+
+                    response.data.push(login_result);
+                    response.message = String::from("Successful");
+
+                    (axum::http::StatusCode::OK, axum::Json(response))
+                } else {
+                    (axum::http::StatusCode::OK, axum::Json(response))
+                }
+            }
+            Err(err) => {
+                response.message = err.to_string();
+                (axum::http::StatusCode::BAD_REQUEST, axum::Json(response))
+            }
+        }
+    }
+
+    /// Endpoint to retrieve a refresh token
+    #[utoipa::path(
+        post,
+        path = super::super::endpoints::REFRESH_TOKEN,
+        request_body(
+            content = request::refresh_token::Request,
+            description = "Data required to retrieve a refresh token",
+            content_type = "application/json"
+        ),
+        responses(
+            (status = 200, description = "Refresh token generated", body = response::Response),
+            (status = 400, description = "Error verifying token", body = response::Response),
+            (status = 404, description = "Could not validate token", body = response::Response),
+            (status = 500, description = "Error extracting token", body = response::Response)
+        )
+    )]
+    pub async fn refresh_token(
+        axum::Extension(pool): axum::Extension<sqlx::PgPool>,
+        axum::Json(payload): axum::Json<request::refresh_token::Request>,
+    ) -> (
+        axum::http::StatusCode,
+        axum::Json<response::refresh_token::Response>,
+    ) {
+        let mut response = response::refresh_token::Response::default();
+        let key = icarus_envy::environment::get_secret_key().await;
+
+        if token_stuff::verify_token(&key, &payload.access_token) {
+            let token_type = token_stuff::get_token_type(&key, &payload.access_token).unwrap();
+
+            if token_stuff::is_token_type_valid(&token_type) {
+                // Get passphrase record with id
+                match token_stuff::extract_id_from_token(&key, &payload.access_token) {
+                    Ok(id) => match repo::service::get_passphrase(&pool, &id).await {
+                        Ok((returned_id, _, _)) => {
+                            match token_stuff::create_service_refresh_token(&key, &returned_id) {
+                                Ok((access_token, exp_dur)) => {
+                                    let login_result = icarus_models::login_result::LoginResult {
+                                        id: returned_id,
+                                        token: access_token,
+                                        expiration: exp_dur,
+                                        token_type: String::from(icarus_models::token::TOKEN_TYPE),
+                                        username: String::from(SERVICE_USERNAME),
+                                    };
+                                    response.message = String::from("Successful");
+                                    response.data.push(login_result);
+
+                                    (axum::http::StatusCode::OK, axum::Json(response))
+                                }
+                                Err(err) => {
+                                    response.message = err.to_string();
+                                    (
+                                        axum::http::StatusCode::INTERNAL_SERVER_ERROR,
+                                        axum::Json(response),
+                                    )
+                                }
+                            }
+                        }
+                        Err(err) => {
+                            response.message = err.to_string();
+                            (
+                                axum::http::StatusCode::INTERNAL_SERVER_ERROR,
+                                axum::Json(response),
+                            )
+                        }
+                    },
+                    Err(err) => {
+                        response.message = err.to_string();
+                        (
+                            axum::http::StatusCode::INTERNAL_SERVER_ERROR,
+                            axum::Json(response),
+                        )
+                    }
+                }
+            } else {
+                response.message = String::from("Invalid token type");
+                (axum::http::StatusCode::NOT_FOUND, axum::Json(response))
+            }
+        } else {
+            response.message = String::from("Could not verify token");
+            (axum::http::StatusCode::BAD_REQUEST, axum::Json(response))
+        }
+    }
 }
--- a/src/callers/mod.rs
+++ b/src/callers/mod.rs
@@ -7,4 +7,6 @@ pub mod endpoints {
    pub const REGISTER: &str = "/api/v2/register";
    pub const DBTEST: &str = "/api/v2/test/db";
    pub const LOGIN: &str = "/api/v2/login";
+    pub const SERVICE_LOGIN: &str = "/api/v2/service/login";
+    pub const REFRESH_TOKEN: &str = "/api/v2/token/refresh";
 }
--- a/src/callers/register.rs
+++ b/src/callers/register.rs
@@ -6,7 +6,7 @@ use crate::repo;
 pub mod request {
    use serde::{Deserialize, Serialize};

-    #[derive(Default, Deserialize, Serialize)]
+    #[derive(Default, Deserialize, Serialize, utoipa::ToSchema)]
    pub struct Request {
        #[serde(skip_serializing_if = "String::is_empty")]
        pub username: String,
@@ -26,13 +26,28 @@ pub mod request {
 pub mod response {
    use serde::{Deserialize, Serialize};

-    #[derive(Deserialize, Serialize)]
+    #[derive(Deserialize, Serialize, utoipa::ToSchema)]
    pub struct Response {
        pub message: String,
        pub data: Vec<icarus_models::user::User>,
    }
 }

+/// Endpoint to register a user
+#[utoipa::path(
+    post,
+    path = super::endpoints::REGISTER,
+    request_body(
+        content = request::Request,
+        description = "Data required to register",
+        content_type = "application/json"
+    ),
+    responses(
+        (status = 201, description = "User created", body = response::Response),
+        (status = 404, description = "User already exists", body = response::Response),
+        (status = 400, description = "Issue creating user", body = response::Response)
+    )
+)]
 pub async fn register_user(
    axum::Extension(pool): axum::Extension<sqlx::PgPool>,
    Json(payload): Json<request::Request>,
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -16,7 +16,7 @@ pub mod db {

    pub async fn create_pool() -> Result<sqlx::PgPool, sqlx::Error> {
        let database_url = icarus_envy::environment::get_db_url().await;
-        println!("Database url: {:?}", database_url);
+        println!("Database url: {database_url}");

        PgPoolOptions::new()
            .max_connections(connection_settings::MAXCONN)
--- a/src/main.rs
+++ b/src/main.rs
@@ -19,8 +19,31 @@ mod init {
        Router,
        routing::{get, post},
    };
+    use utoipa::OpenApi;

    use crate::callers;
+    use callers::common as common_callers;
+    use callers::login as login_caller;
+    use callers::register as register_caller;
+    use login_caller::endpoint as login_endpoints;
+    use login_caller::response as login_responses;
+    use register_caller::response as register_responses;
+
+    #[derive(utoipa::OpenApi)]
+    #[openapi(
+        paths(
+            common_callers::endpoint::db_ping, common_callers::endpoint::root,
+            register_caller::register_user,
+            login_endpoints::login, login_endpoints::service_login, login_endpoints::refresh_token
+            ),
+        components(schemas(common_callers::response::TestResult,
+                register_responses::Response,
+            login_responses::Response, login_responses::service_login::Response, login_responses::refresh_token::Response)),
+        tags(
+            (name = "Icarus Auth API", description = "Auth API for Icarus API")
+            )
+    )]
+    struct ApiDoc;

    pub async fn routes() -> Router {
        // build our application with a route
@@ -41,6 +64,14 @@ mod init {
                callers::endpoints::LOGIN,
                post(callers::login::endpoint::login),
            )
+            .route(
+                callers::endpoints::SERVICE_LOGIN,
+                post(callers::login::endpoint::service_login),
+            )
+            .route(
+                callers::endpoints::REFRESH_TOKEN,
+                post(callers::login::endpoint::refresh_token),
+            )
    }

    pub async fn app() -> Router {
@@ -50,7 +81,13 @@ mod init {

        icarus_auth::db::migrations(&pool).await;

-        routes().await.layer(axum::Extension(pool))
+        routes()
+            .await
+            .merge(
+                utoipa_swagger_ui::SwaggerUi::new("/swagger-ui")
+                    .url("/api-docs/openapi.json", ApiDoc::openapi()),
+            )
+            .layer(axum::Extension(pool))
    }
 }

@@ -154,6 +191,25 @@ mod tests {
        })
    }

+    pub mod requests {
+        use tower::ServiceExt; // for `call`, `oneshot`, and `ready`
+
+        pub async fn register(
+            app: &axum::Router,
+            usr: &icarus_auth::callers::register::request::Request,
+        ) -> Result<axum::response::Response, std::convert::Infallible> {
+            let payload = super::get_test_register_payload(&usr);
+            let req = axum::http::Request::builder()
+                .method(axum::http::Method::POST)
+                .uri(crate::callers::endpoints::REGISTER)
+                .header(axum::http::header::CONTENT_TYPE, "application/json")
+                .body(axum::body::Body::from(payload.to_string()))
+                .unwrap();
+
+            app.clone().oneshot(req).await
+        }
+    }
+
    #[tokio::test]
    async fn test_hello_world() {
        let app = init::app().await;
@@ -198,18 +254,8 @@ mod tests {
        let app = init::routes().await.layer(axum::Extension(pool));

        let usr = get_test_register_request();
-        let payload = get_test_register_payload(&usr);

-        let response = app
-            .oneshot(
-                Request::builder()
-                    .method(axum::http::Method::POST)
-                    .uri(callers::endpoints::REGISTER)
-                    .header(axum::http::header::CONTENT_TYPE, "application/json")
-                    .body(Body::from(payload.to_string()))
-                    .unwrap(),
-            )
-            .await;
+        let response = requests::register(&app, &usr).await;

        match response {
            Ok(resp) => {
@@ -265,19 +311,8 @@ mod tests {
        let app = init::routes().await.layer(axum::Extension(pool));

        let usr = get_test_register_request();
-        let payload = get_test_register_payload(&usr);

-        let response = app
-            .clone()
-            .oneshot(
-                Request::builder()
-                    .method(axum::http::Method::POST)
-                    .uri(callers::endpoints::REGISTER)
-                    .header(axum::http::header::CONTENT_TYPE, "application/json")
-                    .body(Body::from(payload.to_string()))
-                    .unwrap(),
-            )
-            .await;
+        let response = requests::register(&app, &usr).await;

        match response {
            Ok(resp) => {
@@ -341,4 +376,125 @@ mod tests {

        let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
    }
+
+    #[tokio::test]
+    async fn test_service_login_user() {
+        let tm_pool = db_mgr::get_pool().await.unwrap();
+
+        let db_name = db_mgr::generate_db_name().await;
+
+        match db_mgr::create_database(&tm_pool, &db_name).await {
+            Ok(_) => {
+                println!("Success");
+            }
+            Err(e) => {
+                assert!(false, "Error: {:?}", e.to_string());
+            }
+        }
+
+        let pool = db_mgr::connect_to_db(&db_name).await.unwrap();
+
+        icarus_auth::db::migrations(&pool).await;
+
+        let app = init::routes().await.layer(axum::Extension(pool));
+        let passphrase =
+            String::from("iUOo1fxshf3y1tUGn1yU8l9raPApHCdinW0VdCHdRFEjqhR3Bf02aZzsKbLtaDFH");
+        let payload = serde_json::json!({
+            "passphrase": passphrase
+        });
+
+        match app
+            .oneshot(
+                Request::builder()
+                    .method(axum::http::Method::POST)
+                    .uri(callers::endpoints::SERVICE_LOGIN)
+                    .header(axum::http::header::CONTENT_TYPE, "application/json")
+                    .body(Body::from(payload.to_string()))
+                    .unwrap(),
+            )
+            .await
+        {
+            Ok(response) => {
+                assert_eq!(StatusCode::OK, response.status(), "Status is not right");
+                let body = axum::body::to_bytes(response.into_body(), usize::MAX)
+                    .await
+                    .unwrap();
+                let parsed_body: callers::login::response::service_login::Response =
+                    serde_json::from_slice(&body).unwrap();
+                let _login_result = &parsed_body.data[0];
+            }
+            Err(err) => {
+                assert!(false, "Error: {err:?}");
+            }
+        }
+
+        let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
+    }
+
+    #[tokio::test]
+    async fn test_refresh_token() {
+        let tm_pool = db_mgr::get_pool().await.unwrap();
+
+        let db_name = db_mgr::generate_db_name().await;
+
+        match db_mgr::create_database(&tm_pool, &db_name).await {
+            Ok(_) => {
+                println!("Success");
+            }
+            Err(e) => {
+                assert!(false, "Error: {:?}", e.to_string());
+            }
+        }
+
+        let pool = db_mgr::connect_to_db(&db_name).await.unwrap();
+
+        icarus_auth::db::migrations(&pool).await;
+
+        let app = init::routes().await.layer(axum::Extension(pool));
+        let id = uuid::Uuid::parse_str("22f9c775-cce9-457a-a147-9dafbb801f61").unwrap();
+        let key = icarus_envy::environment::get_secret_key().await;
+
+        match icarus_auth::token_stuff::create_service_token(&key, &id) {
+            Ok((token, _expire)) => {
+                let payload = serde_json::json!({
+                    "access_token": token
+                });
+
+                match app
+                    .oneshot(
+                        Request::builder()
+                            .method(axum::http::Method::POST)
+                            .uri(callers::endpoints::REFRESH_TOKEN)
+                            .header(axum::http::header::CONTENT_TYPE, "application/json")
+                            .body(Body::from(payload.to_string()))
+                            .unwrap(),
+                    )
+                    .await
+                {
+                    Ok(response) => {
+                        let body = axum::body::to_bytes(response.into_body(), usize::MAX)
+                            .await
+                            .unwrap();
+                        let parsed_body: callers::login::response::service_login::Response =
+                            serde_json::from_slice(&body).unwrap();
+                        let login_result = &parsed_body.data[0];
+
+                        assert_eq!(
+                            id, login_result.id,
+                            "The Id from the response does not match {id:?} {:?}",
+                            login_result.id
+                        );
+                    }
+                    Err(err) => {
+                        assert!(false, "Error: {err:?}");
+                    }
+                }
+            }
+            Err(err) => {
+                assert!(false, "Error: {err:?}");
+            }
+        }
+
+        let _ = db_mgr::drop_database(&tm_pool, &db_name).await;
+    }
 }
--- a/src/repo/mod.rs
+++ b/src/repo/mod.rs
@@ -57,7 +57,7 @@ pub mod user {
        .fetch_optional(pool)
        .await
        .map_err(|e| {
-            eprintln!("Error updating time: {}", e);
+            eprintln!("Error updating time: {e}");
            e
        });

@@ -113,7 +113,7 @@ pub mod user {
        .fetch_one(pool)
        .await
        .map_err(|e| {
-            eprintln!("Error inserting item: {}", e);
+            eprintln!("Error inserting item: {e}");
            e
        })?;

@@ -180,7 +180,7 @@ pub mod salt {
        .fetch_one(pool)
        .await
        .map_err(|e| {
-            eprintln!("Error inserting item: {}", e);
+            eprintln!("Error inserting item: {e}");
            e
        })?;

@@ -195,3 +195,56 @@ pub mod salt {
        }
    }
 }
+
+pub mod service {
+    use sqlx::Row;
+
+    pub async fn valid_passphrase(
+        pool: &sqlx::PgPool,
+        passphrase: &String,
+    ) -> Result<(uuid::Uuid, String, time::OffsetDateTime), sqlx::Error> {
+        let result = sqlx::query(
+            r#"
+            SELECT * FROM "passphrase" WHERE passphrase = $1
+            "#,
+        )
+        .bind(passphrase)
+        .fetch_one(pool)
+        .await;
+
+        match result {
+            Ok(row) => {
+                let id: uuid::Uuid = row.try_get("id")?;
+                let passphrase: String = row.try_get("passphrase")?;
+                let date_created: Option<time::OffsetDateTime> = row.try_get("date_created")?;
+
+                Ok((id, passphrase, date_created.unwrap()))
+            }
+            Err(err) => Err(err),
+        }
+    }
+
+    pub async fn get_passphrase(
+        pool: &sqlx::PgPool,
+        id: &uuid::Uuid,
+    ) -> Result<(uuid::Uuid, String, time::OffsetDateTime), sqlx::Error> {
+        let result = sqlx::query(
+            r#"
+            SELECT * FROM "passphrase" WHERE id = $1;
+            "#,
+        )
+        .bind(id)
+        .fetch_one(pool)
+        .await;
+
+        match result {
+            Ok(row) => {
+                let returned_id: uuid::Uuid = row.try_get("id")?;
+                let passphrase: String = row.try_get("passphrase")?;
+                let date_created: time::OffsetDateTime = row.try_get("date_created")?;
+                Ok((returned_id, passphrase, date_created))
+            }
+            Err(err) => Err(err),
+        }
+    }
+}
--- a/src/token_stuff/mod.rs
+++ b/src/token_stuff/mod.rs
@@ -1,12 +1,11 @@
 use josekit::{
    self,
-    jws::{JwsHeader, alg::hmac::HmacJwsAlgorithm::Hs256},
-    jwt::{self, JwtPayload},
+    jws::alg::hmac::HmacJwsAlgorithm::Hs256,
+    jwt::{self},
 };

 use time;

-pub const TOKENTYPE: &str = "JWT";
 pub const KEY_ENV: &str = "SECRET_KEY";
 pub const MESSAGE: &str = "Something random";
 pub const ISSUER: &str = "icarus_auth";
@@ -21,67 +20,113 @@ pub fn get_expiration(issued: &time::OffsetDateTime) -> Result<time::OffsetDateT
    Ok(*issued + duration_expire)
 }

-mod util {
-    pub fn time_to_std_time(
-        provided_time: &time::OffsetDateTime,
-    ) -> Result<std::time::SystemTime, std::time::SystemTimeError> {
-        let converted = std::time::SystemTime::from(*provided_time);
-        Ok(converted)
-    }
+pub fn create_token(
+    provided_key: &String,
+    id: &uuid::Uuid,
+) -> Result<(String, i64), josekit::JoseError> {
+    let resource = icarus_models::token::TokenResource {
+        message: String::from(MESSAGE),
+        issuer: String::from(ISSUER),
+        audiences: vec![String::from(AUDIENCE)],
+        id: *id,
+    };
+    icarus_models::token::create_token(provided_key, &resource, time::Duration::hours(4))
 }

-pub fn create_token(provided_key: &String) -> Result<(String, i64), josekit::JoseError> {
-    let mut header = JwsHeader::new();
-    header.set_token_type(TOKENTYPE);
+pub fn create_service_token(
+    provided: &String,
+    id: &uuid::Uuid,
+) -> Result<(String, i64), josekit::JoseError> {
+    let resource = icarus_models::token::TokenResource {
+        message: String::from(SERVICE_SUBJECT),
+        issuer: String::from(ISSUER),
+        audiences: vec![String::from(AUDIENCE)],
+        id: *id,
+    };
+    icarus_models::token::create_token(provided, &resource, time::Duration::hours(1))
+}

-    let mut payload = JwtPayload::new();
-    payload.set_subject(MESSAGE);
-    payload.set_issuer(ISSUER);
-    payload.set_audience(vec![AUDIENCE]);
-    match get_issued() {
-        Ok(issued) => {
-            let expire = get_expiration(&issued).unwrap();
-            payload.set_issued_at(&util::time_to_std_time(&issued).unwrap());
-            payload.set_expires_at(&util::time_to_std_time(&expire).unwrap());
-
-            let key: String = if provided_key.is_empty() {
-                let rt = tokio::runtime::Runtime::new().unwrap();
-
-                // Block on the async function to get the result
-                rt.block_on(icarus_envy::environment::get_secret_key())
-            } else {
-                provided_key.to_owned()
-            };
-
-            let signer = Hs256.signer_from_bytes(key.as_bytes()).unwrap();
-            Ok((
-                josekit::jwt::encode_with_signer(&payload, &header, &signer).unwrap(),
-                (expire - time::OffsetDateTime::UNIX_EPOCH).whole_seconds(),
-            ))
-        }
-        Err(e) => Err(josekit::JoseError::InvalidClaim(e.into())),
-    }
+pub fn create_service_refresh_token(
+    key: &String,
+    id: &uuid::Uuid,
+) -> Result<(String, i64), josekit::JoseError> {
+    let resource = icarus_models::token::TokenResource {
+        message: String::from(SERVICE_SUBJECT),
+        issuer: String::from(ISSUER),
+        audiences: vec![String::from(AUDIENCE)],
+        id: *id,
+    };
+    icarus_models::token::create_token(key, &resource, time::Duration::hours(4))
 }

 pub fn verify_token(key: &String, token: &String) -> bool {
-    let ver = Hs256.verifier_from_bytes(key.as_bytes()).unwrap();
-    let (payload, _header) = jwt::decode_with_verifier(token, &ver).unwrap();
-    match payload.subject() {
-        Some(_sub) => true,
-        None => false,
+    match get_payload(key, token) {
+        Ok((payload, _header)) => match payload.subject() {
+            Some(_sub) => true,
+            None => false,
+        },
+        Err(_err) => false,
    }
 }

+pub fn extract_id_from_token(key: &String, token: &String) -> Result<uuid::Uuid, std::io::Error> {
+    match get_payload(key, token) {
+        Ok((payload, _header)) => match payload.claim("id") {
+            Some(id) => match uuid::Uuid::parse_str(id.as_str().unwrap()) {
+                Ok(extracted) => Ok(extracted),
+                Err(err) => Err(std::io::Error::other(err.to_string())),
+            },
+            None => Err(std::io::Error::other("No claim found")),
+        },
+        Err(err) => Err(std::io::Error::other(err.to_string())),
+    }
+}
+
+pub const APP_TOKEN_TYPE: &str = "Icarus_App";
+pub const APP_SUBJECT: &str = "Something random";
+pub const SERVICE_TOKEN_TYPE: &str = "Icarus_Service";
+pub const SERVICE_SUBJECT: &str = "Service random";
+
+pub fn get_token_type(key: &String, token: &String) -> Result<String, std::io::Error> {
+    match get_payload(key, token) {
+        Ok((payload, _header)) => match payload.subject() {
+            Some(subject) => {
+                if subject == APP_SUBJECT {
+                    Ok(String::from(APP_TOKEN_TYPE))
+                } else if subject == SERVICE_SUBJECT {
+                    Ok(String::from(SERVICE_TOKEN_TYPE))
+                } else {
+                    Err(std::io::Error::other(String::from("Invalid subject")))
+                }
+            }
+            None => Err(std::io::Error::other(String::from("Invalid payload"))),
+        },
+        Err(err) => Err(std::io::Error::other(err.to_string())),
+    }
+}
+
+pub fn is_token_type_valid(token_type: &String) -> bool {
+    token_type == SERVICE_TOKEN_TYPE
+}
+
+fn get_payload(
+    key: &String,
+    token: &String,
+) -> Result<(josekit::jwt::JwtPayload, josekit::jws::JwsHeader), josekit::JoseError> {
+    let ver = Hs256.verifier_from_bytes(key.as_bytes()).unwrap();
+    jwt::decode_with_verifier(token, &ver)
+}
+
 #[cfg(test)]
 mod tests {
-
    use super::*;

    #[test]
    fn test_tokenize() {
        let rt = tokio::runtime::Runtime::new().unwrap();
        let special_key = rt.block_on(icarus_envy::environment::get_secret_key());
-        match create_token(&special_key) {
+        let id = uuid::Uuid::new_v4();
+        match create_token(&special_key, &id) {
            Ok((token, _duration)) => {
                let result = verify_token(&special_key, &token);
                assert!(result, "Token not verified");
Author	SHA1	Message	Date
phoenix	be053ac0dc	tsk-56: Added API docs All checks were successful Rust Build / Check (pull_request) Successful in 2m3s Details Rust Build / Test Suite (pull_request) Successful in 2m54s Details Rust Build / Rustfmt (pull_request) Successful in 29s Details Rust Build / Clippy (pull_request) Successful in 2m2s Details Rust Build / build (pull_request) Successful in 3m36s Details	2025-08-24 19:02:20 -04:00
phoenix	d4ec3c5d1c	tsk-56: Added utoipa Swagger crates	2025-08-24 15:50:40 -04:00
phoenix	50f517140e	tsk-56: Dependency version brump icarus_models and icarus_envy version bump	2025-08-24 15:48:39 -04:00
phoenix	a4c943189c	Next release (#32 ) All checks were successful Rust Build / Rustfmt (push) Successful in 29s Details Rust Build / Test Suite (push) Successful in 48s Details Rust Build / Check (push) Successful in 57s Details Rust Build / Clippy (push) Successful in 34s Details Rust Build / build (push) Successful in 1m2s Details Reviewed-on: #32	2025-08-12 21:46:01 +00:00
phoenix	eb1e2990f9	tsk-51: Refresh token endpoint (#54 ) All checks were successful Rust Build / Check (push) Successful in 46s Details Rust Build / Test Suite (push) Successful in 57s Details Release Tagging / release (push) Successful in 59s Details Rust Build / Rustfmt (push) Successful in 37s Details Rust Build / Clippy (push) Successful in 48s Details Rust Build / Check (pull_request) Successful in 45s Details Rust Build / build (push) Successful in 59s Details Rust Build / Rustfmt (pull_request) Successful in 38s Details Rust Build / Clippy (pull_request) Successful in 43s Details Rust Build / Test Suite (pull_request) Successful in 54s Details Rust Build / build (pull_request) Successful in 59s Details Closes #51 Reviewed-on: #54 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-08-11 22:15:17 +00:00
phoenix	99390ce8b7	tsk-50: Create Special endpoint for services to obtain a token (#53 ) All checks were successful Rust Build / Check (push) Successful in 32s Details Release Tagging / release (push) Successful in 51s Details Rust Build / Rustfmt (push) Successful in 25s Details Rust Build / build (push) Successful in 42s Details Rust Build / Check (pull_request) Successful in 36s Details Rust Build / Clippy (push) Successful in 2m2s Details Rust Build / Test Suite (pull_request) Successful in 42s Details Rust Build / Rustfmt (pull_request) Successful in 32s Details Rust Build / Clippy (pull_request) Successful in 37s Details Rust Build / Test Suite (push) Successful in 3m57s Details Rust Build / build (pull_request) Successful in 3m14s Details Reviewed-on: #53 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-08-03 23:09:50 +00:00
phoenix	5967ed5b13	minor refactoring (#52 ) All checks were successful Release Tagging / release (push) Successful in 35s Details Rust Build / Check (push) Successful in 37s Details Rust Build / Rustfmt (push) Successful in 27s Details Rust Build / Test Suite (push) Successful in 41s Details Rust Build / build (push) Successful in 46s Details Rust Build / Clippy (push) Successful in 1m46s Details Rust Build / Check (pull_request) Successful in 37s Details Rust Build / Rustfmt (pull_request) Successful in 28s Details Rust Build / Test Suite (pull_request) Successful in 39s Details Rust Build / build (pull_request) Successful in 45s Details Rust Build / Clippy (pull_request) Successful in 1m44s Details Reviewed-on: #52 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-08-01 20:49:15 +00:00
phoenix	be4d1109a7	Update rust in docker (#48 ) Some checks failed Release Tagging / release (push) Successful in 29s Details Rust Build / Check (push) Successful in 36s Details Rust Build / Test Suite (push) Successful in 45s Details Rust Build / Rustfmt (push) Successful in 27s Details Rust Build / Clippy (push) Successful in 35s Details Rust Build / build (push) Successful in 59s Details Rust Build / Check (pull_request) Failing after 44s Details Rust Build / Test Suite (pull_request) Failing after 1m17s Details Rust Build / Rustfmt (pull_request) Failing after 39s Details Rust Build / Clippy (pull_request) Failing after 38s Details Rust Build / build (pull_request) Failing after 37s Details Reviewed-on: #48 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-07-13 23:01:16 +00:00
phoenix	4353414c69	Upgrade postgresql (#47 ) All checks were successful Rust Build / Check (push) Successful in 36s Details Rust Build / Test Suite (push) Successful in 49s Details Rust Build / Rustfmt (push) Successful in 29s Details Rust Build / Clippy (push) Successful in 40s Details Rust Build / build (push) Successful in 1m4s Details Release Tagging / release (push) Successful in 30s Details Rust Build / Check (pull_request) Successful in 39s Details Rust Build / Test Suite (pull_request) Successful in 46s Details Rust Build / Rustfmt (pull_request) Successful in 25s Details Rust Build / Clippy (pull_request) Successful in 37s Details Rust Build / build (pull_request) Successful in 56s Details Reviewed-on: #47 Closes #46 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-07-12 19:32:56 +00:00
phoenix	c176d0fcf3	Version bump (#45 ) All checks were successful Release Tagging / release (push) Successful in 31s Details Rust Build / Check (push) Successful in 40s Details Rust Build / Test Suite (push) Successful in 52s Details Rust Build / Rustfmt (push) Successful in 25s Details Rust Build / Clippy (push) Successful in 41s Details Rust Build / build (push) Successful in 1m2s Details Rust Build / Check (pull_request) Successful in 2m18s Details Rust Build / Test Suite (pull_request) Successful in 2m29s Details Rust Build / Rustfmt (pull_request) Successful in 26s Details Rust Build / Clippy (pull_request) Successful in 2m23s Details Rust Build / build (pull_request) Successful in 4m51s Details Reviewed-on: #45 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-06-29 20:50:55 +00:00
phoenix	c8b8d470dc	Refactoring (#44 ) All checks were successful Release Tagging / release (push) Successful in 28s Details Rust Build / Check (push) Successful in 37s Details Rust Build / Test Suite (push) Successful in 47s Details Rust Build / Rustfmt (push) Successful in 25s Details Rust Build / Clippy (push) Successful in 39s Details Rust Build / build (push) Successful in 1m2s Details Rust Build / Check (pull_request) Successful in 38s Details Rust Build / Test Suite (pull_request) Successful in 50s Details Rust Build / Rustfmt (pull_request) Successful in 27s Details Rust Build / Clippy (pull_request) Successful in 40s Details Rust Build / build (pull_request) Successful in 1m6s Details Reviewed-on: #44 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-06-29 20:39:04 +00:00
phoenix	bcd0e607ef	Update dependencies (#43 ) Some checks failed Release Tagging / release (push) Successful in 31s Details Rust Build / Check (push) Successful in 36s Details Rust Build / Rustfmt (push) Successful in 25s Details Rust Build / Clippy (push) Failing after 39s Details Rust Build / Check (pull_request) Successful in 40s Details Rust Build / Test Suite (pull_request) Successful in 52s Details Rust Build / build (pull_request) Successful in 1m6s Details Rust Build / Test Suite (push) Successful in 47s Details Rust Build / build (push) Successful in 1m2s Details Rust Build / Rustfmt (pull_request) Successful in 27s Details Rust Build / Clippy (pull_request) Failing after 41s Details Reviewed-on: #43 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-06-29 20:26:58 +00:00
phoenix	70de6b862f	rust std change (#42 ) Some checks failed Release Tagging / release (push) Successful in 31s Details Rust Build / Check (push) Successful in 39s Details Rust Build / Test Suite (push) Successful in 52s Details Rust Build / Rustfmt (push) Successful in 27s Details Rust Build / Clippy (push) Failing after 40s Details Rust Build / build (push) Successful in 59s Details Rust Build / Check (pull_request) Successful in 38s Details Rust Build / Test Suite (pull_request) Successful in 51s Details Rust Build / Rustfmt (pull_request) Successful in 27s Details Rust Build / Clippy (pull_request) Failing after 40s Details Rust Build / build (pull_request) Successful in 1m6s Details Reviewed-on: #42 Co-authored-by: phoenix <kundeng00@pm.me> Co-committed-by: phoenix <kundeng00@pm.me>	2025-06-29 20:03:41 +00:00
phoenix	eb7e394cf0	Next release (#27 ) All checks were successful Rust Build / Check (push) Successful in 53s Details Rust Build / Test Suite (push) Successful in 1m2s Details Rust Build / Rustfmt (push) Successful in 32s Details Rust Build / Clippy (push) Successful in 59s Details Rust Build / build (push) Successful in 1m20s Details Reviewed-on: #27	2025-04-12 00:27:47 +00:00