Expand description
§ranvier-guard — HTTP Security/Policy Guard Nodes
Guard nodes are typed Transition nodes that enforce security and policy constraints as visible, traceable pipeline steps — replacing hidden Tower middleware layers.
Each Guard reads context from the Bus (e.g., request headers, client IP) and either passes the input through unchanged or returns a Fault.
§Available Guards
| Guard | Purpose | Bus Read | Bus Write |
|---|---|---|---|
CorsGuard | Origin validation + CORS headers | RequestOrigin | CorsHeaders |
RateLimitGuard | Per-client token-bucket rate limiting | ClientIdentity | — |
SecurityHeadersGuard | Standard security response headers | — | SecurityHeaders |
IpFilterGuard | Allow/deny-list IP filtering | ClientIp | — |
AccessLogGuard | Structured access logging | AccessLogRequest | AccessLogEntry |
§Example
ⓘ
use ranvier_guard::*;
Axon::simple::<String>("api")
.then(AccessLogGuard::new())
.then(CorsGuard::new(CorsConfig::default()))
.then(SecurityHeadersGuard::new(SecurityPolicy::default()))
.then(business_logic)Modules§
Structs§
- Accept
Encoding - Bus-injectable type representing the client’s
Accept-Encodingheader. - Access
LogEntry - Access log entry written to the Bus by
AccessLogGuard. - Access
LogGuard - HTTP access log guard — logs request metadata and writes an
AccessLogEntryto the Bus. - Access
LogRequest - Request metadata injected into the Bus before
AccessLogGuardruns. - Auth
Guard - Authentication guard — validates credentials and injects
IamIdentityinto the Bus. - Authorization
Header - Bus-injectable type representing the raw
Authorizationheader value. - Client
Identity - Bus-injectable type representing the client identity for rate limiting.
- Client
Ip - Bus-injectable type representing the client IP address.
- Compression
Config - Compression configuration written to the Bus after encoding negotiation.
- Compression
Guard - Compression guard — negotiates response encoding from
Accept-Encoding. - Content
Length - Bus-injectable type representing the request’s
Content-Lengthheader value. - Content
Type Guard - Content-Type validation guard — rejects requests with unsupported media types.
- Cors
Config - CORS guard configuration.
- Cors
Guard - CORS guard Transition — validates the request origin against allowed origins.
- Cors
Headers - CORS headers to be applied to the response.
- Idempotency
Cache - Shared TTL-based in-memory cache for idempotency key tracking.
- Idempotency
Cached Response - Cached response from a previous idempotent request.
- Idempotency
Guard - Idempotency guard — prevents duplicate request processing via an in-memory TTL cache.
- Idempotency
Key - Bus-injectable type representing the
Idempotency-Keyheader value. - IpFilter
Guard - IP filter guard — allows or denies requests based on client IP.
- Rate
Limit Error - Rate limit error with retry-after information.
- Rate
Limit Guard - Rate limit guard — enforces per-client request rate limits.
- Request
Content Type - Bus-injectable type representing the request’s
Content-Typeheader value. - Request
Id - Bus type representing a unique request identifier.
- Request
IdGuard - Request ID guard — ensures every request has a unique identifier.
- Request
Origin - Bus-injectable type representing the request origin header.
- Request
Size Limit Guard - Request body size limit guard — rejects requests exceeding the configured
maximum
Content-Length. - Security
Headers - Security headers stored in the Bus for the HTTP layer to apply.
- Security
Headers Guard - Security headers guard — injects standard security headers into the Bus.
- Security
Policy - Security policy configuration for HTTP response headers.
- Timeout
Deadline - Deadline for the current request pipeline.
- Timeout
Guard - Pipeline timeout guard — sets a
TimeoutDeadlinein the Bus. - Trusted
Proxies - A set of trusted proxy IPs for safe X-Forwarded-For extraction.
Enums§
- Auth
Strategy - Authentication strategy for
AuthGuard. - Compression
Encoding - Supported compression encodings.
- IpFilter
Mode - IP filter mode.