Module security 

Shared security primitives for Victauri’s localhost HTTP servers.

This module provides the pure-logic building blocks that both victauri-plugin and victauri-browser use in their axum middleware stacks. Keeping them here eliminates copy-paste drift between the two crates.

Structs

RateLimiter

Lock-free token-bucket rate limiter using monotonic timestamps for smooth refill.

Constants

DEFAULT_RATE_LIMIT

Default rate limit: 1 000 requests per second.

Functions

constant_time_eq

Constant-time byte comparison to prevent timing side-channel attacks on token validation.

generate_token

Generate a random UUID v4 token suitable for Bearer authentication.

is_allowed_origin

Returns true if origin (from the HTTP Origin header) is a localhost origin, a tauri:// origin, or absent.

is_localhost_host

Returns true if host (from the HTTP Host header) resolves to a localhost address.