Module security 

Shared security primitives for Victauri’s localhost HTTP server.

This module provides the pure-logic building blocks that victauri-plugin uses in its axum middleware stack. Keeping them here (rather than inline in the plugin) keeps the security logic unit-testable without a Tauri runtime.

Structs

RateLimiter

Lock-free token-bucket rate limiter using monotonic timestamps for smooth refill.

Constants

DEFAULT_RATE_LIMIT

Default rate limit: 1 000 requests per second.

Functions

constant_time_eq

Constant-time byte comparison to prevent timing side-channel attacks on token validation.

generate_token

Generate a random UUID v4 token suitable for Bearer authentication.

is_allowed_origin

Returns true if origin (from the HTTP Origin header) is a localhost origin, a tauri:// origin, or absent.

is_localhost_host

Returns true if host (from the HTTP Host header) resolves to a localhost address.