f57ca8e45c
Three features bundled into one release: - rate-limit /auth/login, /register, /me/password (token bucket, 5 req/sec sustained with 10-request burst by default; 429 + Retry-After header on hit; tracing::warn! per hit so operators see attack patterns; AUTH_RATE_PER_SEC / AUTH_RATE_BURST env knobs) - handle SIGTERM for graceful container stops (replaces bare ctrl_c() with a select over ctrl_c + SignalKind::terminate() so docker compose stop runs the daemon shutdown path instead of letting Chromium leak past SIGKILL) - clear session.user on 401 from any API call (setOn401Hook in api/client.ts, registered from session.svelte.ts gated on $app/environment::browser so the SSR bundle never installs it; fixes "logged in but no bookmarks/collections" mid-session expiry state) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
12 lines
338 B
Rust
12 lines
338 B
Rust
//! Authentication primitives.
|
|
//!
|
|
//! Password hashing (argon2id), opaque-token generation for sessions and
|
|
//! bot API tokens, and the `CurrentUser` axum extractor that resolves a
|
|
//! request to a logged-in user via either a session cookie or a bearer
|
|
//! token.
|
|
|
|
pub mod extractor;
|
|
pub mod password;
|
|
pub mod rate_limit;
|
|
pub mod token;
|