tork-core 0.1.0

Core runtime for the Tork web framework: HTTP server, routing, dependency injection, responses, and errors, built on Hyper and Tokio.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

//! Named constants used across the runtime.
//!
//! Centralizing these values avoids magic literals scattered through the code
//! and keeps content types, limits, and user-facing messages consistent.

use std::time::Duration;

/// `Content-Type` value for JSON payloads.
pub const APPLICATION_JSON: &str = "application/json";

/// `Content-Type` value for UTF-8 plain text.
pub const TEXT_PLAIN_UTF8: &str = "text/plain; charset=utf-8";

/// `Content-Type` value for UTF-8 HTML documents.
pub const TEXT_HTML_UTF8: &str = "text/html; charset=utf-8";

/// `Content-Type` value for UTF-8 JavaScript sources.
pub const APPLICATION_JAVASCRIPT_UTF8: &str = "application/javascript; charset=utf-8";

/// `Content-Type` value for a Server-Sent Events stream.
pub const TEXT_EVENT_STREAM: &str = "text/event-stream";

/// Prefix of an `Authorization` header value that carries a bearer token.
pub const BEARER_PREFIX: &str = "Bearer ";

/// Generic message returned to clients for any server-side (5xx) error.
///
/// Server errors never expose internal detail in the response body; only this
/// fixed message is sent while the real cause is logged server-side.
pub const INTERNAL_ERROR_MESSAGE: &str = "Internal server error";

/// Maximum number of bytes the framework buffers from a single request body.
///
/// Requests whose body exceeds this limit are rejected, guarding against
/// memory-exhaustion attacks.
pub const MAX_BODY_BYTES: usize = 2 * 1024 * 1024;

/// Maximum time to wait for in-flight connections to drain during shutdown.
pub const GRACEFUL_SHUTDOWN_TIMEOUT: Duration = Duration::from_secs(15);

/// Default deadline for a client to send the complete request head (the request
/// line and all headers) after a connection is accepted.
///
/// Bounds slowloris-style attacks where a client opens a connection and dribbles
/// header bytes to tie up a worker indefinitely. Configurable via
/// [`App::header_read_timeout`](crate::App::header_read_timeout).
pub const DEFAULT_HEADER_READ_TIMEOUT: Duration = Duration::from_secs(30);

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn exported_constants_match_runtime_contract() {
        assert_eq!(APPLICATION_JSON, "application/json");
        assert_eq!(TEXT_EVENT_STREAM, "text/event-stream");
        assert_eq!(BEARER_PREFIX, "Bearer ");
        assert_eq!(INTERNAL_ERROR_MESSAGE, "Internal server error");
        assert_eq!(MAX_BODY_BYTES, 2 * 1024 * 1024);
        assert_eq!(GRACEFUL_SHUTDOWN_TIMEOUT, Duration::from_secs(15));
    }
}