gradatum-warden 0.6.4

L0 network guard for Gradatum: IP filter + rate limit + loopback bypass (MVP)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

//! Tower [`Layer`] implementing the warden L0.

use std::sync::Arc;

use tower::Layer;

use crate::config::WardenConfig;
use crate::error::WardenError;
use crate::service::{WardenService, WardenState};

/// Tower layer that inserts [`WardenService`] into the middleware stack.
///
/// Constructed via [`WardenLayer::new`].
///
/// # Example
///
/// ```rust,ignore
/// let warden = WardenLayer::new(WardenConfig::default())?;
/// let app = Router::new()
///     .route("/api/v1/...", ...)
///     .layer(warden);
/// ```
#[derive(Debug, Clone)]
pub struct WardenLayer {
    pub(crate) state: Arc<WardenState>,
}

impl WardenLayer {
    /// Builds a [`WardenLayer`] from a [`WardenConfig`].
    ///
    /// # Errors
    ///
    /// Returns [`WardenError::InvalidRateLimit`] if `per_minute == 0` or `burst == 0`.
    pub fn new(config: WardenConfig) -> Result<Self, WardenError> {
        let config = Arc::new(config);
        let state = Arc::new(WardenState::new(config)?);
        Ok(Self { state })
    }
}

impl<S> Layer<S> for WardenLayer {
    type Service = WardenService<S>;

    fn layer(&self, inner: S) -> Self::Service {
        WardenService {
            inner,
            state: self.state.clone(),
        }
    }
}