ecluse:ecluse-core
Safe HaskellNone
LanguageGHC2021

Ecluse.Core.Server.Pipeline.Shared

Description

Shared utilities for the data-plane handler modules.

This module provides the common combinators and shared types used across the packument, tarball, and publish handlers. It handles edge authentication checks, defines common HTTP response rendering functions, and declares shared serve rejection values (e.g., for integrity floor enforcement).

Synopsis

Documentation

edgeTokenMatches :: Maybe Secret -> Maybe Secret -> Bool Source #

The shared edge gate against a configured inbound token: with none configured the edge is open; with one configured the request's forwarded bearer must match it exactly. Deny-by-default: a missing or mismatched bearer is rejected. The match is constant-time: Secret equality compares over the full UTF-8 bytes without a content-dependent early out, so this gate does not leak the configured token's prefix length through timing.

The packument, tarball, and publish paths all apply the same gate, so it is factored here rather than duplicated per route. It takes the already-extracted bearer (forwardedToken) rather than the request, so a handler that also forwards the credential upstream scans the headers for it once and reuses the one extraction for both.

serveOverloaded :: MountRenderer -> Response Source #

An admission refusal: the request found the waiting room full, or waited out its slot budget (Ecluse.Core.Server.Admission). The body follows the matched mount's error surface and the retry hint is deliberately short: capacity, unlike a policy denial, can clear as soon as one in-flight metadata operation completes, and a budget-expiry refusal has already waited one such interval in-process.