pub fn build_router_with_audit(
state: Arc<AppState>,
auth: AuthConfig,
tenant: TenantConfig,
limiter: RateLimiter,
audit: AuditConfig,
cors: CorsConfig,
) -> RouterExpand description
Build the router with full configuration including the audit sink and the CORS allowlist.
The outer ServiceBuilder is layered top-to-bottom: host_validate
(with its TrustedHosts extension) is the outermost pair — T19 perf
— so hostile Host probes are rejected with 400 before any trace
span is allocated or any propagator hop runs. The trace layer wraps
the rest of the stack, followed by inject_trace_id_header, the
CORS layer (so cross-origin preflight short-circuits before any
expensive downstream work), the body limit (which guards every
downstream layer from oversized payloads), the per-request timeout
and the global concurrency cap. Auth and tenant resolution are
from_fn middleware that run after the size cap (so a request that
would be rejected with 413 does not consume an auth slot). The
per-token rate limiter runs after bearer auth so it can read the
AuthContext the auth layer inserts. The audit middleware sits
innermost, after every other layer has resolved the actor / tenant /
scope, so the synthesised record captures the same identity the
handler saw.