Expand description
§Security Middleware and Utilities
This module provides comprehensive security middleware and utilities for protecting Torch web applications. It includes protection against common web vulnerabilities, request signing, IP whitelisting, security headers, and input validation.
§Available Security Features
- Security Headers: Automatic security headers (HSTS, CSP, X-Frame-Options, etc.)
- Request Signing: HMAC-based request authentication
- IP Whitelisting: Restrict access to specific IP addresses or ranges
- Request ID: Generate unique IDs for request tracking
- Input Validation: Validate and sanitize user input
- Rate Limiting: Protect against abuse and DoS attacks
§Security Best Practices
§1. Always Use HTTPS in Production
Configure your reverse proxy (nginx, Apache) or load balancer
to terminate SSL and forward to your Torch application§2. Enable Security Headers
use torch_web::{App, security::SecurityHeaders};
let app = App::new()
.middleware(SecurityHeaders::new())
.get("/", |_req| async { Response::ok().body("Secure!") });§3. Validate All Input
use torch_web::{App, security::InputValidator};
let app = App::new()
.middleware(InputValidator)
.post("/api/data", |req| async move {
// Input is automatically validated
Response::ok().body("Data processed")
});§4. Use Request Signing for APIs
use torch_web::{App, security::RequestSigning};
let app = App::new()
.middleware(RequestSigning::new("your-secret-key"))
.post("/api/webhook", |req| async move {
// Request signature is automatically verified
Response::ok().body("Webhook processed")
});Structs§
- Input
Validator - Input validation middleware
- IpWhitelist
- IP whitelist middleware
- Request
Id - Request ID middleware for tracking requests
- Request
Signing - HMAC-based request signing middleware for API security.
- Security
Headers - Enhanced security headers middleware