runique 2.0.1

A Django-inspired web framework for Rust with ORM, templates, and comprehensive security middleware
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

//! Centralized configuration of Runique middlewares — session, CSP, CSRF, debug errors, rate limit.

/// Centralized configuration of all Runique middlewares
///
/// Note: CSRF is ALWAYS enabled (imposed by the framework for security)
///
/// ## Error page management
/// `enable_debug_errors` controls whether the `error_handler` middleware is added to the router.
/// When active, error pages are rendered by Tera:
/// - In **development** (`DEBUG=true` or `cargo build` without `--release`): full traces.
/// - In **production** (`cargo build --release`): clean 404/500 pages without traces.
///
use serde::{Deserialize, Serialize};

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MiddlewareConfig {
    pub enable_csp: bool,
    /// Enables additional security headers (HSTS, X-Frame-Options, COEP, COOP, CORP,
    /// Referrer-Policy, Permissions-Policy). Has no effect if `enable_csp` is false.
    ///
    /// When `true`: uses `security_headers_middleware` (CSP + additional headers).
    /// When `false`: uses `csp_middleware` (CSP only).
    pub enable_header_security: bool,
    pub enable_host_validation: bool,
    /// Enables `error_handler` middleware which intercepts 4xx/5xx errors.
    /// Disable only if you handle errors manually in each handler.
    pub enable_debug_errors: bool,
    pub enable_cache: bool,
    pub exclusive_login: bool,
}

impl Default for MiddlewareConfig {
    fn default() -> Self {
        Self {
            enable_csp: true,
            enable_header_security: false,
            enable_host_validation: true,
            enable_debug_errors: true,
            enable_cache: true,
            exclusive_login: false,
        }
    }
}

impl MiddlewareConfig {
    pub fn from_env() -> Self {
        let get_bool = |key: &str, default: bool| {
            std::env::var(key)
                .map(|v| v.parse::<bool>().unwrap_or(default))
                .unwrap_or(default)
        };

        Self {
            // CSP and host validation configured only via the builder
            enable_csp: false,
            enable_header_security: false,
            enable_host_validation: false,
            enable_debug_errors: true, // always mounted — config.debug handles content
            enable_cache: get_bool("RUNIQUE_ENABLE_CACHE", true),
            exclusive_login: false,
        }
    }

    /// Configuration for production (maximum security)
    pub fn production() -> Self {
        Self {
            enable_csp: true,
            enable_header_security: false,
            enable_host_validation: true,
            enable_debug_errors: true,
            enable_cache: true,
            exclusive_login: false,
        }
    }

    /// Configuration for development (more permissive)
    pub fn development() -> Self {
        Self {
            enable_csp: false,
            enable_header_security: false,
            enable_host_validation: false,
            enable_debug_errors: true,
            enable_cache: false,
            exclusive_login: false,
        }
    }

    /// Configuration for API (minimal)
    pub fn api() -> Self {
        Self {
            enable_csp: false,
            enable_header_security: false,
            enable_host_validation: true,
            enable_debug_errors: true,
            enable_cache: true,
            exclusive_login: false,
        }
    }

    /// Builder pattern for customization
    pub fn custom() -> Self {
        Self::default()
    }

    // Chainable methods for fine-grained configuration
    #[must_use]
    pub fn with_csp(mut self, enable: bool) -> Self {
        self.enable_csp = enable;
        self
    }
    #[must_use]
    pub fn with_debug_errors(mut self, enable: bool) -> Self {
        self.enable_debug_errors = enable;
        self
    }
    #[must_use]
    pub fn with_cache(mut self, enable: bool) -> Self {
        self.enable_cache = enable;
        self
    }
    #[must_use]
    pub fn with_host_validation(mut self, enable: bool) -> Self {
        self.enable_host_validation = enable;
        self
    }
}