pub trait NonceStore:
Send
+ Sync
+ 'static {
// Required method
fn record_if_unseen<'life0, 'life1, 'async_trait>(
&'life0 self,
nonce: &'life1 str,
expires_at: DateTime<Utc>,
) -> Pin<Box<dyn Future<Output = Result<bool, CoolError>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
}Expand description
Tracks the nonces of sealed envelopes that have already been verified inside the clock-skew window, so a captured-and-replayed request gets rejected the second time. Banks running multi-replica deployments back this with Redis so the rejection holds cluster-wide.
Required Methods§
Sourcefn record_if_unseen<'life0, 'life1, 'async_trait>(
&'life0 self,
nonce: &'life1 str,
expires_at: DateTime<Utc>,
) -> Pin<Box<dyn Future<Output = Result<bool, CoolError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn record_if_unseen<'life0, 'life1, 'async_trait>(
&'life0 self,
nonce: &'life1 str,
expires_at: DateTime<Utc>,
) -> Pin<Box<dyn Future<Output = Result<bool, CoolError>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Attempt to register nonce as seen. Returns Ok(true) if it
is the first time we see it (caller may proceed); Ok(false)
if it was already recorded (caller should reject). Implementations
must drop entries past expires_at to keep the working set bounded.