Module auth 

Bearer-token authentication, rate limiting, and security middlewares.

Modules

security

Shared security primitives for Victauri’s localhost HTTP servers.

Structs

AuthState

Shared authentication state holding the optional Bearer token for the MCP server.

RateLimiterState

Lock-free token-bucket rate limiter using monotonic timestamps for smooth refill.

Functions

constant_time_eq

Constant-time byte comparison to prevent timing side-channel attacks on token validation.

default_rate_limiter

Create a rate limiter with the default capacity of DEFAULT_RATE_LIMIT requests per second.

dns_rebinding_guard

Axum middleware that blocks DNS rebinding attacks.

generate_token

Generate a random UUID v4 token suitable for Bearer authentication.

is_allowed_origin

Returns true if origin (from the HTTP Origin header) is a localhost origin, a tauri:// origin, or absent.

is_localhost_host

Returns true if host (from the HTTP Host header) resolves to a localhost address.

origin_guard

Axum middleware that blocks cross-origin requests from browsers.

rate_limit

Axum middleware that rejects requests with 429 when the token bucket is exhausted.

require_auth

Axum middleware that validates the Authorization: Bearer <token> header against AuthState.

security_headers

Axum middleware that sets security-hardening response headers on every response.