pub struct Guarded<T> { /* private fields */ }Expand description
A value that requires a WriteToken for mutable access.
Read access via .read() is always available. Write access via
.write(token) requires a WriteToken proving the caller has
the capability.
The framework issues write tokens only to plugins that declared
the corresponding write capability (e.g., write_headers).
Plugin code without a token cannot call .write().
Implementations§
Source§impl<T> Guarded<T>
impl<T> Guarded<T>
Sourcepub fn write(&mut self, _token: &WriteToken) -> &mut T
pub fn write(&mut self, _token: &WriteToken) -> &mut T
Write access — requires a WriteToken proving the caller has capability.
The framework issues WriteTokens only to plugins that declared the write capability in their config. Without the token, this method is uncallable — the plugin can read but not write.
Examples found in repository?
examples/cmf_capabilities_demo.rs (line 177)
139 async fn handle(
140 &self,
141 _payload: &MessagePayload,
142 extensions: &Extensions,
143 _ctx: &mut PluginContext,
144 ) -> PluginResult<MessagePayload> {
145 // Can see HTTP (has read_headers)
146 if let Some(ref http) = extensions.http {
147 println!(
148 " [header-injector] HTTP headers visible: {:?}",
149 http.request_headers
150 );
151 }
152
153 // Can NOT see security subject (no read_subject)
154 if let Some(ref security) = extensions.security {
155 if security.subject.is_some() {
156 println!(" [header-injector] WARNING: Subject visible (unexpected!)");
157 } else {
158 println!(" [header-injector] Security subject: not visible (no read_subject)");
159 }
160 }
161
162 // COW copy to modify — tokens propagate from the executor
163 let mut modified = extensions.cow_copy();
164
165 // Add a label via MonotonicSet (has append_labels)
166 if modified.labels_write_token.is_some() {
167 modified.security.as_mut().unwrap().add_label("PROCESSED");
168 println!(" [header-injector] Added label 'PROCESSED'");
169 }
170
171 // Inject a header via Guarded (has write_headers)
172 if let Some(ref token) = modified.http_write_token {
173 modified
174 .http
175 .as_mut()
176 .unwrap()
177 .write(token)
178 .set_header("X-Processed-By", "header-injector");
179 println!(" [header-injector] Injected header 'X-Processed-By'");
180 }
181
182 PluginResult::modify_extensions(modified)
183 }Sourcepub fn into_inner(self) -> T
pub fn into_inner(self) -> T
Consume the guard, returning the inner value.
Trait Implementations§
Source§impl<'de, T> Deserialize<'de> for Guarded<T>where
T: Deserialize<'de>,
impl<'de, T> Deserialize<'de> for Guarded<T>where
T: Deserialize<'de>,
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Auto Trait Implementations§
impl<T> Freeze for Guarded<T>where
T: Freeze,
impl<T> RefUnwindSafe for Guarded<T>where
T: RefUnwindSafe,
impl<T> Send for Guarded<T>where
T: Send,
impl<T> Sync for Guarded<T>where
T: Sync,
impl<T> Unpin for Guarded<T>where
T: Unpin,
impl<T> UnsafeUnpin for Guarded<T>where
T: UnsafeUnpin,
impl<T> UnwindSafe for Guarded<T>where
T: UnwindSafe,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more