[package]
name = "kingfisher-scanner"
version = "0.1.0"
description = "High-level scanning API for Kingfisher secret scanner"
edition.workspace = true
rust-version.workspace = true
license.workspace = true
authors.workspace = true
homepage.workspace = true
repository.workspace = true
publish = false

[features]
default = []

# Core validation support (includes HTTP validation)
validation = ["validation-http"]

# HTTP-based validation for API tokens
validation-http = [
    "dep:reqwest",
    "dep:tokio",
    "dep:liquid",
    "dep:liquid-core",
    "dep:quick-xml",
    "dep:sha1",
]

# AWS credential validation
validation-aws = [
    "validation-http",
    "dep:aws-config",
    "dep:aws-credential-types",
    "dep:aws-sdk-iam",
    "dep:aws-sdk-sts",
    "dep:aws-types",
    "dep:aws-smithy-http-client",
    "dep:aws-smithy-runtime-api",
    "dep:aws-smithy-types",
    "dep:base32",
    "dep:byteorder",
    "dep:rand",
]

# Azure credential validation
validation-azure = [
    "validation-http",
    "dep:chrono",
    "dep:hmac",
    "dep:sha2",
]

# Coinbase credential validation
validation-coinbase = [
    "validation-http",
    "dep:chrono",
    "dep:ed25519-dalek",
    "dep:p256",
    "dep:rand",
    "dep:hex",
]

# GCP credential validation
validation-gcp = [
    "validation-http",
    "dep:chrono",
    "dep:pem",
    "dep:percent-encoding",
    "dep:ring",
    "dep:tokio",
]

# JWT validation
validation-jwt = [
    "validation-http",
    "dep:chrono",
    "dep:ipnet",
    "dep:jsonwebtoken",
    "dep:tokio",
]

# Database validation (MongoDB/MySQL/Postgres/JDBC)
validation-database = [
    "validation-http",
    "dep:bson",
    "dep:mongodb",
    "dep:mysql_async",
    "dep:tokio-postgres",
    "dep:tokio-postgres-rustls",
    "dep:rustls",
    "dep:rustls-native-certs",
    "dep:url",
    "dep:sha1",
]

# All validation features
validation-all = [
    "validation",
    "validation-aws",
    "validation-azure",
    "validation-coinbase",
    "validation-gcp",
    "validation-jwt",
    "validation-database",
]

[dependencies]
# Internal dependencies
kingfisher-core = { path = "../kingfisher-core" }
kingfisher-rules = { path = "../kingfisher-rules" }

# Error handling
anyhow.workspace = true
thiserror.workspace = true

# Serialization
serde.workspace = true
serde_json.workspace = true
schemars.workspace = true

# Regex
regex.workspace = true

# Hashing
xxhash-rust.workspace = true

# Vectorscan
vectorscan-rs.workspace = true

# Collections
smallvec.workspace = true
rustc-hash.workspace = true

# Concurrency
parking_lot.workspace = true
thread_local = "1.1"
once_cell.workspace = true
crossbeam-skiplist = "0.1.3"

# HTTP status codes
http.workspace = true

# Byte strings
bstr.workspace = true

# Base64 for decoding
base64.workspace = true

# Logging
tracing.workspace = true

# ---- Optional validation dependencies ----

# HTTP validation
reqwest = { version = "0.12", default-features = false, features = [
    "json", "gzip", "brotli", "deflate", "stream", "rustls-tls", "rustls-tls-native-roots", "multipart"
], optional = true }
tokio = { version = "1.48", features = ["net", "time", "sync"], optional = true }
liquid = { version = "0.26", optional = true }
liquid-core = { version = "0.26", optional = true }
quick-xml = { version = "0.38", features = ["serde", "serialize"], optional = true }
sha1 = { workspace = true, optional = true }
chrono = { version = "0.4.42", optional = true }
hmac = { workspace = true, optional = true }
sha2 = { workspace = true, optional = true }
pem = { version = "3.0.6", optional = true }
percent-encoding = { workspace = true, optional = true }
ring = { version = "0.17", optional = true }
ipnet = { version = "2.11", optional = true }
jsonwebtoken = { version = "10.2.0", features = ["aws-lc-rs"], optional = true }
p256 = { version = "0.13.2", optional = true }
ed25519-dalek = { version = "2.2", features = ["pkcs8"], optional = true }
hex = { workspace = true, optional = true }
url = { version = "2.5.7", optional = true }
bson = { version = "2.15.0", optional = true }
mongodb = { version = "3.4", default-features = false, features = ["rustls-tls", "aws-auth", "compat-3-0-0", "dns-resolver"], optional = true }
mysql_async = { version = "0.34.2", default-features = false, features = ["default-rustls"], optional = true }
tokio-postgres = { version = "0.7", default-features = false, features = ["runtime"], optional = true }
tokio-postgres-rustls = { version = "0.13.0", optional = true }
rustls = { version = "0.23.35", optional = true }
rustls-native-certs = { version = "0.8.2", optional = true }

# AWS validation
aws-config = { version = "1.8.14", default-features = false, features = ["default-https-client", "rt-tokio"], optional = true }
aws-credential-types = { version = "1.2.12", optional = true }
aws-sdk-iam = { version = "1.104.0", default-features = false, features = ["default-https-client", "rt-tokio"], optional = true }
aws-sdk-sts = { version = "1.98.0", default-features = false, features = ["default-https-client", "rt-tokio"], optional = true }
aws-types = { version = "1.3.12", optional = true }
aws-smithy-http-client = { version = "1.1.10", optional = true }
aws-smithy-runtime-api = { version = "1.11.4", optional = true }
aws-smithy-types = { version = "1.4.4", optional = true }
base32 = { version = "0.5", optional = true }
byteorder = { version = "1.5", optional = true }
rand = { version = "0.9", optional = true }

[dev-dependencies]
pretty_assertions = "1.4"
tempfile = "3.23"