pub fn expose_during<F, R>(f: F) -> Rwhere
F: FnOnce() -> R,Expand description
Run f with SensitiveString’s Serialize impl exposing inner values.
Use this around code paths that need to serialise-and-deserialise a
config struct without destroying its secrets – typically the
figment::Figment::from(Serialized::defaults(&config)) + .extract()
round-trip in a consumer’s config loader.
§Scope and reentrancy
The flag is thread-local. Calls from inside the closure on the same
thread observe exposure; calls from other threads do not. Nested
calls compose correctly (inner guards restore the outer state on
drop). Async callers should be aware that the flag does NOT cross
.await boundaries to other threads – keep the round-trip on one
thread, or wrap each thread’s section in its own
expose_during.
§Panic safety
If f panics, the previous flag value is restored via an RAII
drop guard before the panic unwinds further.
§Examples
use hyperi_rustlib::{SensitiveString, expose_during};
use serde::{Serialize, Deserialize};
#[derive(Serialize, Deserialize)]
struct Cfg {
password: SensitiveString,
}
let cfg = Cfg { password: SensitiveString::new("hunter2") };
// Default: serialise redacts.
let json = serde_json::to_string(&cfg).unwrap();
assert!(json.contains("***REDACTED***"));
// Inside expose_during: serialise reveals so a round-trip preserves the value.
let round_tripped: Cfg = expose_during(|| {
let v = serde_json::to_value(&cfg).unwrap();
serde_json::from_value(v).unwrap()
});
assert_eq!(round_tripped.password.expose(), "hunter2");
// After the call, default redaction resumes.
let json = serde_json::to_string(&cfg).unwrap();
assert!(json.contains("***REDACTED***"));