modo-rs 0.8.0

Rust web framework for small monolithic apps
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

//! # modo::middleware
//!
//! Universal HTTP middleware for the modo web framework.
//!
//! Provides a collection of Tower-compatible middleware layers covering
//! the most common cross-cutting concerns — compression, request IDs,
//! panic recovery, CORS, CSRF, centralised error rendering, security
//! headers, request tracing, and rate limiting. Always available (no
//! feature flag required).
//!
//! ## Relationship to `modo::middlewares`
//!
//! This module ships the framework-universal layers. The virtual
//! [`modo::middlewares`](crate::middlewares) module is a flat
//! wiring-site index that re-exports **both** these universal
//! middlewares **and** domain-specific layers from feature-gated
//! modules (e.g. `tenant`, `auth`, `flash`, `ip`, `tier`,
//! `geolocation`, `template`). Reach for `modo::middlewares` when you
//! want a single namespace at your `.layer(...)` call sites; reach for
//! `modo::middleware` when you only need the universal layers or the
//! supporting configuration and extractor types.
//!
//! ## Provided items
//!
//! | Function / type | Purpose |
//! |---|---|
//! | [`compression`] | Compress responses (gzip, deflate, brotli, zstd) |
//! | [`request_id`] | Set / propagate `x-request-id` header |
//! | [`catch_panic`] | Convert handler panics into 500 responses |
//! | [`cors`] / [`cors_with`] | CORS headers (static or dynamic origins) |
//! | [`CorsConfig`] | CORS configuration |
//! | [`subdomains`] / [`urls`] | CORS origin predicates |
//! | [`csrf`] / [`CsrfConfig`] | Double-submit signed-cookie CSRF protection |
//! | [`CsrfToken`] | CSRF token in request/response extensions |
//! | [`error_handler`] | Centralised error-response rendering |
//! | [`security_headers`] / [`SecurityHeadersConfig`] | Security response headers |
//! | [`tracing`] | HTTP request/response lifecycle spans |
//! | [`rate_limit`] / [`rate_limit_with`] | Token-bucket rate limiting |
//! | [`RateLimitConfig`] | Rate-limit configuration |
//! | [`RateLimitLayer`] | Tower layer produced by `rate_limit` / `rate_limit_with` |
//! | [`KeyExtractor`] | Trait for custom rate-limit key extraction |
//! | [`PeerIpKeyExtractor`] / [`GlobalKeyExtractor`] | Built-in key extractors |
//!
//! ## Quick start
//!
//! ```rust,no_run
//! use axum::{Router, routing::get};
//! use axum::response::IntoResponse;
//! use modo::middleware::*;
//!
//! async fn render_error(err: modo::Error, _parts: http::request::Parts) -> axum::response::Response {
//!     (err.status(), err.message().to_string()).into_response()
//! }
//!
//! let app: Router = Router::new()
//!     .route("/", get(|| async { "hello" }))
//!     .layer(error_handler(render_error))
//!     .layer(compression())
//!     .layer(request_id())
//!     .layer(catch_panic())
//!     .layer(tracing());
//! ```

mod catch_panic;
mod compression;
mod cors;
mod csrf;
mod error_handler;
mod rate_limit;
mod request_id;
mod security_headers;
mod tracing;

pub use self::tracing::tracing;
pub use catch_panic::catch_panic;
pub use compression::compression;
pub use cors::{CorsConfig, cors, cors_with, subdomains, urls};
pub use csrf::{CsrfConfig, CsrfToken, csrf};
pub use error_handler::error_handler;
pub use rate_limit::{
    GlobalKeyExtractor, KeyExtractor, PeerIpKeyExtractor, RateLimitConfig, RateLimitLayer,
    rate_limit, rate_limit_with,
};
pub use request_id::request_id;
pub use security_headers::{SecurityHeadersConfig, security_headers};