Skip to main content

RouterContext

pylon_router

Struct RouterContext 

Source 
pub struct RouterContext<'a> {
Show 32 fields
    pub store: &'a dyn DataStore,
    pub session_store: &'a SessionStore,
    pub magic_codes: &'a MagicCodeStore,
    pub oauth_state: &'a OAuthStateStore,
    pub account_store: &'a AccountStore,
    pub api_keys: &'a ApiKeyStore,
    pub orgs: &'a OrgStore,
    pub siwe: &'a NonceStore,
    pub phone_codes: &'a PhoneCodeStore,
    pub passkeys: &'a PasskeyStore,
    pub policy_engine: &'a PolicyEngine,
    pub change_log: &'a ChangeLog,
    pub notifier: &'a dyn ChangeNotifier,
    pub rooms: &'a dyn RoomOps,
    pub cache: &'a dyn CacheOps,
    pub pubsub: &'a dyn PubSubOps,
    pub jobs: &'a dyn JobOps,
    pub scheduler: &'a dyn SchedulerOps,
    pub workflows: &'a dyn WorkflowOps,
    pub files: &'a dyn FileOps,
    pub openapi: &'a dyn OpenApiGenerator,
    pub functions: Option<&'a dyn FnOps>,
    pub email: &'a dyn EmailSender,
    pub shards: Option<&'a dyn ShardOps>,
    pub plugin_hooks: &'a dyn PluginHookOps,
    pub auth_ctx: &'a AuthContext,
    pub trusted_origins: &'a [String],
    pub is_dev: bool,
    pub request_headers: &'a [(String, String)],
    pub peer_ip: &'a str,
    pub cookie_config: &'a CookieConfig,
    pub response_headers: RefCell<Vec<(String, String)>>,

}

Fields§

§store: &'a dyn DataStore§session_store: &'a SessionStore§magic_codes: &'a MagicCodeStore§oauth_state: &'a OAuthStateStore§account_store: &'a AccountStore

Persistent OAuth account links — better-auth’s account table equivalent. Used by the OAuth callback to look up + upsert the (provider, provider_account_id) → user_id mapping plus the access/refresh token bundle.

§api_keys: &'a ApiKeyStore

Long-lived API keys — pk.key_<id>.<secret> bearer tokens that resolve to a user_id with optional scopes/expiry. Created via POST /api/auth/api-keys, listed/revoked from the same path.

§orgs: &'a OrgStore

Organizations + memberships + invites — multi-tenant team management. Endpoints under /api/auth/orgs/....

§siwe: &'a NonceStore

Per-address pending SIWE nonces. Issued at /api/auth/siwe/nonce, consumed at /api/auth/siwe/verify.

§phone_codes: &'a PhoneCodeStore

Phone-number magic codes. Endpoints under /api/auth/phone/....

§passkeys: &'a PasskeyStore

WebAuthn / passkey credentials + per-user challenge stash. Endpoints under /api/auth/passkey/....

§policy_engine: &'a PolicyEngine§change_log: &'a ChangeLog§notifier: &'a dyn ChangeNotifier§rooms: &'a dyn RoomOps§cache: &'a dyn CacheOps§pubsub: &'a dyn PubSubOps§jobs: &'a dyn JobOps§scheduler: &'a dyn SchedulerOps§workflows: &'a dyn WorkflowOps§files: &'a dyn FileOps§openapi: &'a dyn OpenApiGenerator§functions: Option<&'a dyn FnOps>§email: &'a dyn EmailSender§shards: Option<&'a dyn ShardOps>§plugin_hooks: &'a dyn PluginHookOps§auth_ctx: &'a AuthContext§trusted_origins: &'a [String]

Allowlist of origins (scheme://host[:port]) that the OAuth start endpoint will accept as ?callback= / ?error_callback= targets. Sourced from PYLON_TRUSTED_ORIGINS (comma-separated) at server boot. Borrowed from better-auth’s trustedOrigins model — explicit allowlist, no implicit “same-origin trust” or env-var magic. Open redirects via OAuth are an easy bug to ship by accident; this list is the only thing standing between a misconfigured frontend and an attacker-controlled redirect.

§is_dev: bool§request_headers: &'a [(String, String)]

Raw HTTP request headers (lowercased names). Used by the webhook action endpoint to pass the exact signing-relevant headers through to TypeScript actions. Empty slice on platforms that don’t forward headers (e.g. internal calls).

§peer_ip: &'a str

Client IP as the runtime resolved it from the socket. Used as the rate-limit bucket key for unauthenticated callers — the alternative (“anon” string) puts every unauth request worldwide into one shared bucket, which lets one attacker starve every other anonymous caller. Empty string on platforms that don’t expose a peer address.

§cookie_config: &'a CookieConfig

Session cookie shape (name, domain, attrs). Handlers use this to emit Set-Cookie headers via RouterContext::add_response_header when they want a browser-bound session.

§response_headers: RefCell<Vec<(String, String)>>

Extra response headers handlers want to attach (e.g. Set-Cookie, Location). The runtime drains this after route() returns and merges them into the outgoing response. Interior mutability so handlers don’t need a &mut ctx.

Implementations§

Source§

impl<'a> RouterContext<'a>

Source

pub fn add_response_header( &self, name: impl Into<String>, value: impl Into<String>, )

Queue a header to be added to the response built from this request.

Source

pub fn take_response_headers(&self) -> Vec<(String, String)>

Drain the queued response headers. Runtime calls this once after route() returns, before constructing the wire response.

Source

pub fn request_origin(&self) -> Option<&str>

Read the request’s Origin header, if any. Browsers always send Origin on cross-origin XHR/fetch and on POSTs; non-browser callers (CLI, server-to-server) typically don’t.

Emit a session cookie when the request looks like it came from a browser (i.e. carries Origin). Non-browser callers still receive the JSON token in the body and ignore the missing cookie. Origin allowlisting is enforced at the runtime CSRF layer for state-changing methods, so handlers don’t need to re-check here.

Auto Trait Implementations§

§

impl<'a> !Freeze for RouterContext<'a>

§

impl<'a> !RefUnwindSafe for RouterContext<'a>

§

impl<'a> Send for RouterContext<'a>

§

impl<'a> !Sync for RouterContext<'a>

§

impl<'a> Unpin for RouterContext<'a>

§

impl<'a> UnsafeUnpin for RouterContext<'a>

§

impl<'a> !UnwindSafe for RouterContext<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more