pavex::cookie::config

Struct CryptoRule

pub struct CryptoRule {
    pub cookie_names: Vec<String>,
    pub algorithm: CryptoAlgorithm,
    pub key: Key,
    pub fallbacks: Vec<FallbackConfig>,
}
Expand description

CryptoRule specifies whether certain cookies should be encrypted or signed.

Fields§

§cookie_names: Vec<String>

The names of the cookies to which this rule applies.

§algorithm: CryptoAlgorithm

How the cookies should be secured: either encryption or signing.

§key: Key

The key to use for encryption or signing.

§Requirements

The key must be at least 64 bytes long and should be generated using a cryptographically secure random number generator.

§fallbacks: Vec<FallbackConfig>

Fallbacks are used to decrypt/verify request cookies that failed to be decrypted/verified using the primary key.
Fallbacks are never used to encrypt/sign response cookies.

§Key rotation

Fallbacks exist to enable key and algorithm rotation.
From time to time, you may want to change the key used to sign or encrypt cookies, or update the algorithm.
If you do this naively (e.g. change CryptoRule::key or CryptoRule::algorithm to a new value), the server will immediately start rejecting all existing cookies because they were signed/encrypted with the old key/algorithm.

With fallbacks, you can start using the new configuration without invalidating all existing cookies. The process for key rotation goes as follows:

  1. Generate a new key
  2. Set key to the new key, and add the old key to the fallbacks vector, using the same algorithm
  3. Wait for the expiration of all cookies signed/encrypted with the old key
  4. Remove the old key from the fallbacks vector

Trait Implementations§

§

impl Clone for CryptoRule

§

fn clone(&self) -> CryptoRule

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
§

impl Debug for CryptoRule

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
§

impl<'de> Deserialize<'de> for CryptoRule

§

fn deserialize<__D>( __deserializer: __D, ) -> Result<CryptoRule, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,