pub struct Config {
pub client_id: String,
pub client_secret: String,
pub redirect_uri: String,
pub auth_url: String,
pub token_url: String,
pub api_base_url: String,
pub info_url: String,
pub app_name: String,
pub http_timeout_secs: u64,
/* private fields */
}Expand description
Application configuration resolved from environment variables.
Mirrors the Go config.Config struct — all fields come from env vars
with sensible defaults for the X API.
Holds the application configuration.
Fields§
§client_id: StringOAuth2 client ID (may come from env or the active app in .xurl).
client_secret: StringOAuth2 client secret.
redirect_uri: StringOAuth2 PKCE redirect URI.
auth_url: StringOAuth2 authorization URL.
token_url: StringOAuth2 token exchange URL.
api_base_url: StringAPI base URL.
info_url: StringUser info endpoint URL.
app_name: StringExplicit --app override; empty means “use default”.
http_timeout_secs: u64Per-request HTTP timeout in seconds for all reqwest-backed paths
(API client, OAuth2 token exchange/refresh, fetch_username).
Sourced from --timeout / XURL_TIMEOUT via the CLI runner;
Config::new() defaults to crate::api::DEFAULT_TIMEOUT_SECS.
Implementations§
Source§impl Config
impl Config
Sourcepub fn new() -> Self
pub fn new() -> Self
Creates a new Config from environment variables, falling back to defaults.
redirect_uri resolution is env-only here: REDIRECT_URI if set,
otherwise DEFAULT_REDIRECT_URI. The token-store-aware three-level
precedence (env > app-stored > default) is run by
Auth::new_with_store_path,
which overwrites redirect_uri, redirect_uri_source, and
redirect_uri_from_env on the owned Config. The R12 audit confirms
no consumer reads redirect_uri from a pre-resolution Config.
Source§impl Config
impl Config
Sourcepub fn default_store_path() -> PathBuf
pub fn default_store_path() -> PathBuf
Returns the legacy default token-store path: ~/.xurl.
Falls back to ./.xurl when the home directory cannot be resolved.
This is the canonical legacy path resolver — the binary uses it; tests
pass explicit tempdir paths to Auth::new_with_store_path instead.
Sourcepub fn validate_redirect_uri(uri: &str) -> Result<Url>
pub fn validate_redirect_uri(uri: &str) -> Result<Url>
Validates an OAuth2 redirect URI.
Enforces the project’s https-or-loopback policy: accept any https
URL, or http only when the host is one of localhost, 127.0.0.1,
or ::1. All other schemes (including ftp, file) and http
against a non-loopback host are rejected.
Returns the parsed Url on success so callers that already need it
(e.g., the listener bind logic) can avoid a second parse.
§Errors
Returns XurlError::Validation when parsing fails or the URI does
not satisfy the https-or-loopback rule.