prost-protovalidate 0.4.2

Runtime validation for Protocol Buffer messages using buf.validate rules
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

//! Format validators for well-known string constraints.
//!
//! These validators implement the format checking logic used by `buf.validate`
//! well-known string rules. They are exposed publicly so that generated
//! validation code (from `prost-protovalidate-build`) can call them directly
//! without reimplementing the validation logic.

use crate::validator::rules::string as internal;

/// Returns `true` if `s` is a valid email address.
///
/// Checks for a non-empty local part and domain separated by `@`, with the
/// domain being a valid hostname or IP address literal.
#[inline]
#[must_use]
pub fn is_email(s: &str) -> bool {
    internal::is_email(s)
}

/// Returns `true` if `s` is a valid hostname per RFC 1123.
#[inline]
#[must_use]
pub fn is_hostname(s: &str) -> bool {
    internal::is_hostname(s)
}

/// Returns `true` if `s` is a valid IPv4 or IPv6 address.
#[inline]
#[must_use]
pub fn is_ip(s: &str) -> bool {
    internal::is_ip(s)
}

/// Returns `true` if `s` is a valid IPv4 address.
#[inline]
#[must_use]
pub fn is_ipv4(s: &str) -> bool {
    s.parse::<std::net::Ipv4Addr>().is_ok()
}

/// Returns `true` if `s` is a valid IPv6 address (including zone IDs).
#[inline]
#[must_use]
pub fn is_ipv6(s: &str) -> bool {
    internal::is_ipv6(s)
}

/// Returns `true` if `s` is a valid absolute URI per RFC 3986.
#[inline]
#[must_use]
pub fn is_uri(s: &str) -> bool {
    internal::is_uri(s)
}

/// Returns `true` if `s` is a valid URI reference (absolute or relative) per RFC 3986.
#[inline]
#[must_use]
pub fn is_uri_ref(s: &str) -> bool {
    internal::is_uri_ref(s)
}

/// Returns `true` if `s` is a valid UUID in `8-4-4-4-12` hex format.
#[inline]
#[must_use]
pub fn is_uuid(s: &str) -> bool {
    internal::is_uuid(s)
}

/// Returns `true` if `s` is a valid trimmed UUID (32 hex digits, no hyphens).
#[inline]
#[must_use]
pub fn is_tuuid(s: &str) -> bool {
    internal::is_tuuid(s)
}

/// Returns `true` if `s` is a valid ULID (26 Crockford base32 characters).
#[inline]
#[must_use]
pub fn is_ulid(s: &str) -> bool {
    internal::is_ulid(s)
}

/// Returns `true` if `s` is a valid IPv4 or IPv6 CIDR prefix (e.g. `192.168.0.0/16`).
///
/// When `strict` is `true`, host bits beyond the prefix length must be zero.
#[inline]
#[must_use]
pub fn is_ip_prefix(s: &str, strict: bool) -> bool {
    internal::is_ipv4_prefix(s, strict) || internal::is_ipv6_prefix(s, strict)
}

/// Returns `true` if `s` is a valid IPv4 CIDR prefix (e.g. `10.0.0.0/8`).
///
/// When `strict` is `true`, host bits beyond the prefix length must be zero.
#[inline]
#[must_use]
pub fn is_ipv4_prefix(s: &str, strict: bool) -> bool {
    internal::is_ipv4_prefix(s, strict)
}

/// Returns `true` if `s` is a valid IPv6 CIDR prefix (e.g. `2001:db8::/32`).
///
/// When `strict` is `true`, host bits beyond the prefix length must be zero.
#[inline]
#[must_use]
pub fn is_ipv6_prefix(s: &str, strict: bool) -> bool {
    internal::is_ipv6_prefix(s, strict)
}

/// Returns `true` if `s` is a valid `host:port` pair.
///
/// When `port_required` is `true`, the port component must be present.
#[inline]
#[must_use]
pub fn is_host_and_port(s: &str, port_required: bool) -> bool {
    internal::is_host_and_port(s, port_required)
}

/// Returns `true` if `s` is a valid HTTP header name.
///
/// When `strict` is `true`, validates against RFC 7230 token characters.
/// When `strict` is `false`, only rejects NUL, CR, and LF.
#[inline]
#[must_use]
pub fn is_http_header_name(s: &str, strict: bool) -> bool {
    if strict {
        internal::is_valid_http_header_name_strict(s)
    } else {
        internal::is_valid_http_header_name_loose(s)
    }
}

/// Returns `true` if `s` is a valid HTTP header value.
///
/// When `strict` is `true`, rejects NUL, control chars (except HT), and DEL.
/// When `strict` is `false`, only rejects NUL, CR, and LF.
#[inline]
#[must_use]
pub fn is_http_header_value(s: &str, strict: bool) -> bool {
    if strict {
        internal::is_valid_http_header_value_strict(s)
    } else {
        internal::is_valid_http_header_value_loose(s)
    }
}

/// Returns `true` if `path` is covered by `candidate` under `FieldMask`
/// path-coverage semantics — either `path` equals `candidate`, or
/// `candidate` is a prefix of `path` at a path-segment boundary
/// (i.e. `path == "{candidate}.{rest}"`).
///
/// Allocation-free; used by both the runtime evaluator and generated
/// `field_mask.in` / `field_mask.not_in` checks.
#[inline]
#[must_use]
pub fn fieldmask_covers(candidate: &str, path: &str) -> bool {
    path == candidate
        || (path.len() > candidate.len()
            && path.starts_with(candidate)
            && path.as_bytes()[candidate.len()] == b'.')
}

#[cfg(test)]
mod tests {
    use super::fieldmask_covers;

    #[test]
    fn fieldmask_covers_exact() {
        assert!(fieldmask_covers("user.email", "user.email"));
    }

    #[test]
    fn fieldmask_covers_subpath() {
        assert!(fieldmask_covers("user", "user.email"));
        assert!(fieldmask_covers("user.profile", "user.profile.name"));
    }

    #[test]
    fn fieldmask_covers_rejects_partial_segment() {
        // "user" does not cover "username" — the boundary character is `e`, not `.`.
        assert!(!fieldmask_covers("user", "username"));
        // Likewise for deeper segments.
        assert!(!fieldmask_covers("user.email", "user.emailaddress"));
    }

    #[test]
    fn fieldmask_covers_rejects_shorter_path() {
        // candidate longer than path can never cover it.
        assert!(!fieldmask_covers("user.email", "user"));
    }

    #[test]
    fn fieldmask_covers_empty_strings() {
        // Empty candidate covers any path that starts with `.` (degenerate but
        // consistent with the algebra); equal-empty covers empty.
        assert!(fieldmask_covers("", ""));
        assert!(!fieldmask_covers("user", ""));
    }
}