pylon-auth 0.3.23

Pylon — realtime backend as a single Rust binary. Schema, policies, server functions, live queries, auth — one process.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239

//! User-agent parsing → friendly device labels.
//!
//! Real UA parsers (uap-rs, ua_parser) ship 2k+ regex pairs. For the
//! `/api/auth/sessions` UI we don't need that — we want a single
//! readable label per session ("Chrome on macOS", "Safari on iOS",
//! "Yubikey CLI"). Substring matching covers >95% of real traffic
//! at <1% the binary size.
//!
//! What this DOESN'T do:
//! - Parse exact browser/OS versions (apps that need that should pull
//!   the UA string verbatim from `Session.device` and parse it themselves)
//! - Detect WebViews vs native (the UA isn't reliable for that anyway)
//! - Identify bots (use a separate IP-reputation feed)
//!
//! Bounded output — the friendly label caps at 80 chars so a
//! pathological UA can't blow up the session row.

const MAX_LABEL_LEN: usize = 80;

/// Turn a User-Agent header value into a short friendly label.
/// Falls back to "Unknown" for empty / unrecognized strings.
pub fn parse_user_agent(ua: &str) -> String {
    let ua = ua.trim();
    if ua.is_empty() {
        return "Unknown".into();
    }
    // SDK / native client clients tend to use simple identifiers.
    // Match those FIRST so a SDK UA that happens to mention "Mozilla"
    // (some HTTP clients do) doesn't get bucketed as a browser.
    if let Some(label) = match_sdk(ua) {
        return cap(label.to_string());
    }
    let browser = match_browser(ua);
    let os = match_os(ua);
    let label = match (browser, os) {
        (Some(b), Some(o)) => format!("{b} on {o}"),
        (Some(b), None) => b.to_string(),
        (None, Some(o)) => o.to_string(),
        (None, None) => "Unknown".into(),
    };
    cap(label)
}

fn cap(s: String) -> String {
    if s.chars().count() <= MAX_LABEL_LEN {
        s
    } else {
        s.chars().take(MAX_LABEL_LEN).collect()
    }
}

/// Match the Pylon SDK family + common API-client identifiers.
/// Order matters — more specific tokens first.
fn match_sdk(ua: &str) -> Option<&'static str> {
    let lc = ua.to_ascii_lowercase();
    if lc.starts_with("pylonclient/") || lc.starts_with("pylonsdk/") {
        return Some("Pylon SDK");
    }
    if lc.starts_with("pylon-cli/") || lc.starts_with("pylon/") {
        return Some("Pylon CLI");
    }
    if lc.starts_with("curl/") {
        return Some("curl");
    }
    if lc.starts_with("httpie/") || lc.starts_with("python-requests/") {
        return Some("Python (requests)");
    }
    if lc.starts_with("go-http-client/") {
        return Some("Go HTTP client");
    }
    if lc.starts_with("postmanruntime/") {
        return Some("Postman");
    }
    None
}

/// Browser detection. Order matters: "Edg" / "OPR" / "Brave" must
/// match BEFORE "Chrome" because all four ship "Chrome/X.Y" in
/// their UAs (they're all Chromium forks).
fn match_browser(ua: &str) -> Option<&'static str> {
    if ua.contains("Edg/") || ua.contains("Edge/") {
        return Some("Edge");
    }
    if ua.contains("OPR/") || ua.contains("Opera") {
        return Some("Opera");
    }
    if ua.contains("Brave") {
        return Some("Brave");
    }
    if ua.contains("Vivaldi") {
        return Some("Vivaldi");
    }
    // Firefox MUST come before generic "Mozilla" check.
    if ua.contains("Firefox/") {
        return Some("Firefox");
    }
    // Chrome before Safari — Safari ships "Version/X" but every
    // Chromium-based UA also ships "Safari/" in the suffix.
    if ua.contains("Chrome/") {
        return Some("Chrome");
    }
    if ua.contains("Safari/") {
        return Some("Safari");
    }
    None
}

/// OS detection. Order matters: iPad/iPhone before Mac (some iPad
/// modes report "Macintosh" in the UA per Apple's "request desktop
/// site" feature — but still include "iPad" earlier).
fn match_os(ua: &str) -> Option<&'static str> {
    if ua.contains("iPhone") {
        return Some("iOS");
    }
    if ua.contains("iPad") {
        return Some("iPadOS");
    }
    if ua.contains("Android") {
        return Some("Android");
    }
    // macOS marker varies: "Mac OS X 10_15_7", "Macintosh", "Mac OS".
    if ua.contains("Macintosh") || ua.contains("Mac OS") {
        return Some("macOS");
    }
    if ua.contains("Windows NT") || ua.contains("Win64") || ua.contains("Win32") {
        return Some("Windows");
    }
    // Linux comes last because both Android and ChromeOS ship "Linux"
    // as a substring.
    if ua.contains("CrOS") {
        return Some("ChromeOS");
    }
    if ua.contains("Linux") {
        return Some("Linux");
    }
    None
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn empty_returns_unknown() {
        assert_eq!(parse_user_agent(""), "Unknown");
        assert_eq!(parse_user_agent("   "), "Unknown");
    }

    #[test]
    fn chrome_macos() {
        let ua = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36";
        assert_eq!(parse_user_agent(ua), "Chrome on macOS");
    }

    #[test]
    fn safari_ios() {
        let ua = "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1";
        // iPhone token wins over the substring "Mac OS" in iOS UAs.
        assert_eq!(parse_user_agent(ua), "Safari on iOS");
    }

    #[test]
    fn firefox_linux() {
        let ua = "Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0";
        assert_eq!(parse_user_agent(ua), "Firefox on Linux");
    }

    #[test]
    fn edge_classified_before_chrome() {
        // Edge ships "Chrome/" in its UA; the browser detector must
        // pick Edge first or every Edge user shows as Chrome.
        let ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Edg/130.0.0.0";
        assert_eq!(parse_user_agent(ua), "Edge on Windows");
    }

    #[test]
    fn opera_classified_before_chrome() {
        let ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 OPR/115.0.0.0";
        assert_eq!(parse_user_agent(ua), "Opera on Windows");
    }

    #[test]
    fn android_classified_before_linux() {
        // Android UAs include "Linux" as a substring; OS detector
        // must pick Android first.
        let ua = "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36";
        assert_eq!(parse_user_agent(ua), "Chrome on Android");
    }

    #[test]
    fn ipad_classified_before_macos() {
        // Newer iPad UAs say "Macintosh" with "request desktop site".
        // We want iPadOS not macOS — but if the UA strictly says
        // "Macintosh" with no iPad token, macOS is the right answer.
        // This test pins the "real iPad UA" case.
        let ua = "Mozilla/5.0 (iPad; CPU OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1";
        assert_eq!(parse_user_agent(ua), "Safari on iPadOS");
    }

    #[test]
    fn pylon_sdk_recognized() {
        assert_eq!(parse_user_agent("PylonClient/0.3.21 ts"), "Pylon SDK");
        assert_eq!(parse_user_agent("PylonSDK/swift 0.3.21"), "Pylon SDK");
        assert_eq!(parse_user_agent("pylon/0.3.21"), "Pylon CLI");
    }

    #[test]
    fn curl_recognized() {
        assert_eq!(parse_user_agent("curl/8.4.0"), "curl");
    }

    #[test]
    fn capped_at_80_chars() {
        let label = parse_user_agent(&("X".repeat(500)));
        assert!(label.chars().count() <= MAX_LABEL_LEN);
    }

    #[test]
    fn unknown_browser_known_os() {
        // A weird browser on a known OS — we still get the OS half.
        let ua = "WeirdBrowser/1.0 (Windows NT 10.0)";
        assert_eq!(parse_user_agent(ua), "Windows");
    }

    #[test]
    fn unknown_browser_unknown_os() {
        assert_eq!(parse_user_agent("totally-bogus-junk"), "Unknown");
    }

    /// Defense against UA-fingerprinting probes that send 10MB UAs.
    /// The label MUST be a bounded String, not a borrow into the
    /// caller's input.
    #[test]
    fn does_not_panic_on_pathological_input() {
        let _ = parse_user_agent(&"\u{1F600}".repeat(10000)); // emoji
        let _ = parse_user_agent(&"\0\0\0".repeat(1000)); // nulls
        let _ = parse_user_agent("\n\n\n\n");
    }
}