Skip to main content

RateLimitingSecurityConfig

fraiseql_server::middleware::rate_limit

Struct RateLimitingSecurityConfig 

Source 
pub struct RateLimitingSecurityConfig {
Show 13 fields
    pub enabled: bool,
    pub requests_per_second: u32,
    pub burst_size: u32,
    pub auth_start_max_requests: u32,
    pub auth_start_window_secs: u64,
    pub auth_callback_max_requests: u32,
    pub auth_callback_window_secs: u64,
    pub auth_refresh_max_requests: u32,
    pub auth_refresh_window_secs: u64,
    pub requests_per_second_per_user: Option<u32>,
    pub redis_url: Option<String>,
    pub trust_proxy_headers: bool,
    pub trusted_proxy_cidrs: Option<Vec<String>>,

}
Expand description

Minimal mirror of the [security.rate_limiting] TOML section, deserialized from the compiled schema’s security.rate_limiting JSON key.

Fields§

§enabled: bool

Enable rate limiting.

§requests_per_second: u32

Global request rate cap (requests per second, per IP).

§burst_size: u32

Burst allowance above the steady-state rate.

§auth_start_max_requests: u32

Auth initiation endpoint — max requests per window.

§auth_start_window_secs: u64

Auth initiation window in seconds.

§auth_callback_max_requests: u32

OAuth callback endpoint — max requests per window.

§auth_callback_window_secs: u64

OAuth callback window in seconds.

§auth_refresh_max_requests: u32

Token refresh endpoint — max requests per window.

§auth_refresh_window_secs: u64

Token refresh window in seconds.

§requests_per_second_per_user: Option<u32>

Per-authenticated-user request rate in requests/second. Defaults to 10× requests_per_second if not set.

§redis_url: Option<String>

Redis URL for distributed rate limiting (not yet implemented).

§trust_proxy_headers: bool

Trust X-Real-IP / X-Forwarded-For headers for the client IP.

Enable only when FraiseQL is deployed behind a trusted reverse proxy (e.g. nginx, Cloudflare, AWS ALB) that sets these headers. Enabling without a trusted proxy allows clients to spoof their IP address.

§trusted_proxy_cidrs: Option<Vec<String>>

CIDR ranges trusted as proxy IPs (e.g. ["10.0.0.0/8", "172.16.0.0/12"]).

When set and trust_proxy_headers = true, X-Forwarded-For is only honoured when the direct connection IP falls within one of these CIDR ranges. Requests arriving from outside these ranges use the connection IP directly, preventing clients from spoofing their address by setting X-Forwarded-For.

When None and trust_proxy_headers = true, all proxy IPs are trusted (less secure — a startup warning is emitted).

Trait Implementations§

Source§

impl Clone for RateLimitingSecurityConfig

Source§

fn clone(&self) -> RateLimitingSecurityConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RateLimitingSecurityConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for RateLimitingSecurityConfig

Source§

fn default() -> RateLimitingSecurityConfig

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for RateLimitingSecurityConfig
where RateLimitingSecurityConfig: Default,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,