Skip to main content

AppHandler

Struct AppHandler 

Source
pub struct AppHandler<A, Z = AllowAllAuthorizer> { /* private fields */ }
Expand description

Adapts the engine pipeline to the transport’s IngressHandler contract, authenticating each request with the configured Authenticator and, after authentication, authorizing it with the configured Authorizer (default AllowAllAuthorizer, no second policy layer until one is supplied).

Implementations§

Source§

impl<A: Authenticator> AppHandler<A, AllowAllAuthorizer>

Source

pub fn new(pipeline: AppPipeline, authenticator: A) -> Self

Wraps a pipeline and an authenticator (no request logging by default, and the allow-all authorizer until Self::with_authorizer supplies one).

Source§

impl<A: Authenticator, Z: Authorizer> AppHandler<A, Z>

Source

pub fn with_authorizer<Z2: Authorizer>( self, authorizer: Z2, ) -> AppHandler<A, Z2>

Sets the post-authentication Authorizer (builder style). Replaces the default allow-all policy; the principal is already resolved, so the authorizer decides only whether that principal may perform the action.

Source

pub fn with_forward_policy(self, policy: ForwardPolicy) -> Self

Sets the client-to-upstream header forwarding policy (builder style). Default pass-all (sidecar trust). Restrict it to keep specific headers (e.g. authorization) off the cluster, or disable forwarding entirely.

Source

pub fn with_capture(self, capture: Box<dyn Capture>) -> Self

Sets the full-fidelity traffic capture (builder style). Off by default. Compose redaction with capture::RedactingCapture; the stream carries bodies and values, so treat it as privileged.

Source

pub fn with_debug_endpoints(self, enabled: bool) -> Self

Sets whether the pre-auth /debug/explain and /debug/breakglass surfaces are served (builder style). Default true; set false in production so operational metadata is not exposed unauthenticated.

Source

pub fn with_require_tls_for_mutation(self, require: bool) -> Self

Sets whether body-mutating requests are refused over cleartext (NFR-S1). Builder style; default true (enforce). Pass false only on a trusted network where the operator accepts mutating over cleartext.

Source

pub fn pipeline(&self) -> &AppPipeline

The pipeline this handler serves, a read-only accessor for introspection (e.g. the perf harness reading upstream pool_stats after a load run).

Source

pub fn with_request_log(self, request_log: Box<dyn RequestLog>) -> Self

Sets the structured per-request logger (builder style). Default: no logs.

Source

pub fn with_directive_admin( self, store: Arc<InMemoryDirectiveStore>, token: String, clock: Arc<dyn Clock>, ) -> Self

Enables the POST /admin/directives channel (builder style): publishes a fleet directive set into store when the request carries the bearer token. Without this, the endpoint reports not_enabled.

Trait Implementations§

Source§

impl<A, Z> Debug for AppHandler<A, Z>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<A: Authenticator, Z: Authorizer> IngressHandler for AppHandler<A, Z>

Source§

async fn handle(&self, req: IngressRequest) -> IngressResponse

Handles one request. The returned future must be Send so connections can be served on the multi-threaded runtime.
Source§

fn forward_plan(&self, path: &str, logical_index: &str) -> bool

Whether this request is a verbatim passthrough that should be forwarded with a streamed body (ADR-014 stage 2), decided from the head alone so the transport can avoid buffering. Returns false by default (every request is buffered and handled by handle). Verbatim passthrough forwards every method, so the decision is path/index-only.
Source§

async fn handle_forward( &self, req: IngressRequest, body: Incoming, ) -> StreamingResponse

Handles a streamed verbatim forward: body is the downstream request body piped straight to the upstream, and the returned StreamingResponse’s body is the upstream response piped straight back, neither buffered. Called only when forward_plan returned true; req carries the parsed head (its body field is empty, the body is the body argument). The default returns 500, so a handler that opts in via forward_plan must implement it.
Source§

fn wants_search_stream( &self, endpoint: EndpointKind, query: Option<&str>, ) -> bool

Whether this _search should have its response streamed back through the hit transform (ADR-014, final stage) rather than buffered: decided from the endpoint + query (e.g. a scroll-opening search keeps the buffered path). The request body is still buffered first (it is small); only the response streams. false by default.
Source§

async fn handle_search_stream(&self, req: IngressRequest) -> StreamingResponse

Handles a streamed-response _search: req carries the (buffered) query body; the returned StreamingResponse’s body is the upstream hits envelope piped back through the hit transform without buffering. Called only when wants_search_stream returned true. Default 500.
Source§

fn wants_bulk_stream( &self, endpoint: EndpointKind, headers: &[(String, String)], ) -> bool

Whether this _bulk request should be stream-demuxed (ADR-014 stage 4) rather than buffered: decided from the endpoint + headers (e.g. the write mode) alone, so the transport can avoid buffering the whole batch. false by default.
Source§

async fn handle_bulk_stream( &self, req: IngressRequest, body: Incoming, ) -> IngressResponse

Handles a stream-demuxed _bulk: body is the NDJSON batch, framed and dispatched op by op without buffering the whole thing. Called only when wants_bulk_stream returned true. Default 500.

Auto Trait Implementations§

§

impl<A, Z = AllowAllAuthorizer> !Freeze for AppHandler<A, Z>

§

impl<A, Z = AllowAllAuthorizer> !RefUnwindSafe for AppHandler<A, Z>

§

impl<A, Z = AllowAllAuthorizer> !UnwindSafe for AppHandler<A, Z>

§

impl<A, Z> Send for AppHandler<A, Z>
where A: Send, Z: Send,

§

impl<A, Z> Sync for AppHandler<A, Z>
where A: Sync, Z: Sync,

§

impl<A, Z> Unpin for AppHandler<A, Z>
where A: Unpin, Z: Unpin,

§

impl<A, Z> UnsafeUnpin for AppHandler<A, Z>
where A: UnsafeUnpin, Z: UnsafeUnpin,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more