Skip to main contentModule auth
Source - security
- Shared security primitives for Victauri’s localhost HTTP servers.
- AuthState
- Shared authentication state holding the optional Bearer token for the MCP
server.
- RateLimiterState
- Lock-free token-bucket rate limiter using monotonic timestamps for smooth
refill.
- constant_time_eq
- Constant-time byte comparison to prevent timing side-channel attacks on
token validation.
- default_rate_limiter
- Create a rate limiter with the default capacity of
DEFAULT_RATE_LIMIT requests per second. - dns_rebinding_guard
- Axum middleware that blocks DNS rebinding attacks.
- generate_token
- Generate a random UUID v4 token suitable for Bearer authentication.
- is_allowed_origin
- Returns
true if origin (from the HTTP Origin header) is a
localhost origin, a tauri:// origin, or absent. - is_localhost_host
- Returns
true if host (from the HTTP Host header) resolves to a
localhost address. - origin_guard
- Axum middleware that blocks cross-origin requests from browsers.
- rate_limit
- Axum middleware that rejects requests with 429 when the token bucket is
exhausted.
- require_auth
- Axum middleware that validates the
Authorization: Bearer <token> header
against AuthState. - security_headers
- Axum middleware that sets security-hardening response headers on every
response.