openauth-core 0.0.4

Core types and primitives for OpenAuth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

use std::net::{IpAddr, Ipv6Addr};

/// IPv6 subnet prefix used for normalization.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum Ipv6Subnet {
    Prefix32,
    Prefix48,
    Prefix64,
    Full,
}

impl Ipv6Subnet {
    const fn bits(self) -> u8 {
        match self {
            Self::Prefix32 => 32,
            Self::Prefix48 => 48,
            Self::Prefix64 => 64,
            Self::Full => 128,
        }
    }
}

/// Options for IP normalization.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct NormalizeIpOptions {
    pub ipv6_subnet: Ipv6Subnet,
}

impl Default for NormalizeIpOptions {
    fn default() -> Self {
        Self {
            ipv6_subnet: Ipv6Subnet::Prefix64,
        }
    }
}

/// Returns true when the value is a valid IPv4 or IPv6 literal.
pub fn is_valid_ip(ip: &str) -> bool {
    ip.parse::<IpAddr>().is_ok()
}

/// Normalize an IP address for rate limiting using OpenAuth defaults.
pub fn normalize_ip(ip: &str) -> String {
    normalize_ip_with_options(ip, NormalizeIpOptions::default())
}

/// Normalize an IP address for rate limiting.
pub fn normalize_ip_with_options(ip: &str, options: NormalizeIpOptions) -> String {
    match ip.parse::<IpAddr>() {
        Ok(IpAddr::V4(ip)) => ip.to_string(),
        Ok(IpAddr::V6(ip)) => normalize_ipv6(ip, options.ipv6_subnet),
        Err(_) => ip.to_ascii_lowercase(),
    }
}

/// Create a rate limit key from a normalized IP and request path.
pub fn create_rate_limit_key(ip: &str, path: &str) -> String {
    format!("{ip}|{path}")
}

fn normalize_ipv6(ip: Ipv6Addr, subnet: Ipv6Subnet) -> String {
    if let Some(mapped) = ip.to_ipv4_mapped() {
        return mapped.to_string();
    }

    format_ipv6_segments(mask_ipv6_segments(ip.segments(), subnet.bits()))
}

fn mask_ipv6_segments(mut segments: [u16; 8], prefix_bits: u8) -> [u16; 8] {
    let mut bits_remaining = prefix_bits;

    for segment in &mut segments {
        if bits_remaining >= 16 {
            bits_remaining -= 16;
            continue;
        }

        if bits_remaining == 0 {
            *segment = 0;
            continue;
        }

        let mask = u16::MAX << (16 - bits_remaining);
        *segment &= mask;
        bits_remaining = 0;
    }

    segments
}

fn format_ipv6_segments(segments: [u16; 8]) -> String {
    segments
        .iter()
        .map(|segment| format!("{segment:04x}"))
        .collect::<Vec<_>>()
        .join(":")
}