qubit-http 0.5.1

General-purpose HTTP infrastructure for Rust with unified client semantics, secure logging, and built-in SSE decoding
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

/*******************************************************************************
 *
 *    Copyright (c) 2025 - 2026 Haixing Hu.
 *
 *    SPDX-License-Identifier: Apache-2.0
 *
 *    Licensed under the Apache License, Version 2.0.
 *
 ******************************************************************************/
//! Crate-wide defaults and fixed tuning values for HTTP client behavior and logging.

// ---------------------------------------------------------------------------
// Sensitive headers (log masking)
// ---------------------------------------------------------------------------

/// Built-in header names preloaded into [`crate::SensitiveHttpHeaders::default`]
/// for log masking.
pub const DEFAULT_SENSITIVE_HEADER_NAMES: [&str; 21] = [
    "Authorization",
    "Proxy-Authorization",
    "Api-Key",
    "X-Api-Key",
    "Bearer",
    "Cookie",
    "Set-Cookie",
    "Secret-Key",
    "Client-Secret",
    "Access-Token",
    "Refresh-Token",
    "Private-Token",
    "Session-Token",
    "JWT-Token",
    "Password",
    "X-Auth-Password",
    "X-Client-ID",
    "X-Client-Secret",
    "X-Auth-Token",
    "X-Auth-App-Token",
    "X-Auth-User-Token",
];

// ---------------------------------------------------------------------------
// Timeouts ([`crate::HttpTimeoutOptions::default`])
// ---------------------------------------------------------------------------

/// Default connect timeout in seconds.
pub const DEFAULT_CONNECT_TIMEOUT_SECS: u64 = 10;

/// Default read timeout in seconds.
pub const DEFAULT_READ_TIMEOUT_SECS: u64 = 120;

/// Default write timeout in seconds.
pub const DEFAULT_WRITE_TIMEOUT_SECS: u64 = 120;

// ---------------------------------------------------------------------------
// Logging ([`crate::HttpLoggingOptions::default`])
// ---------------------------------------------------------------------------

/// Default maximum body bytes included in TRACE log previews.
pub const DEFAULT_LOG_BODY_SIZE_LIMIT_BYTES: usize = 16 * 1024;

/// Default maximum bytes included in non-success response body previews on [`crate::HttpError`].
pub const DEFAULT_ERROR_RESPONSE_PREVIEW_LIMIT_BYTES: usize = 16 * 1024;

// ---------------------------------------------------------------------------
// SSE decode safety limits
// ---------------------------------------------------------------------------

/// Default maximum bytes allowed for a single SSE line before raising a protocol error.
pub const DEFAULT_SSE_MAX_LINE_BYTES: usize = 64 * 1024;

/// Default maximum bytes allowed for one SSE frame (between blank lines) before raising a protocol error.
pub const DEFAULT_SSE_MAX_FRAME_BYTES: usize = 1024 * 1024;

// ---------------------------------------------------------------------------
// Sensitive header value masking rules used by [`crate::HttpLogger`]
// ---------------------------------------------------------------------------

/// Values with at most this many characters are fully replaced by [`SENSITIVE_HEADER_MASK_PLACEHOLDER`].
pub const SENSITIVE_HEADER_MASK_SHORT_LEN: usize = 4;

/// How many characters to keep visible at the start and end when masking longer values.
pub const SENSITIVE_HEADER_MASK_EDGE_CHARS: usize = 2;

/// Replacement string for fully masked or middle segments of sensitive header values.
pub const SENSITIVE_HEADER_MASK_PLACEHOLDER: &str = "****";