itsi 0.1.20 → 0.2.2

data/crates/itsi_server/src/server/middleware_stack/middlewares/csp.rs

@@ -15,6 +15,7 @@ use std::sync::Arc;
 use std::{path::PathBuf, sync::OnceLock};
 use tokio::sync::Mutex;
 use tokio::time::{self, Duration};
+use tracing::debug;
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct CspReport {
@@ -46,11 +47,11 @@ pub struct CspConfig {
 
 #[derive(Debug, Deserialize)]
 pub struct Csp {
-    pub policy_input: Option<CspConfig>,
+    pub policy: Option<CspConfig>,
     pub reporting_enabled: bool,
     pub report_file: Option<PathBuf>,
     pub report_endpoint: String,
-    pub flush_interval: u64,
+    pub flush_interval: f64,
 
     #[serde(skip)]
     pub computed_policy: OnceLock<String>,
@@ -63,7 +64,7 @@ pub struct Csp {
 #[async_trait]
 impl super::MiddlewareLayer for Csp {
     async fn initialize(&self) -> Result<(), magnus::error::Error> {
-        if let Some(policy_config) = &self.policy_input {
+        if let Some(policy_config) = &self.policy {
             let mut parts = Vec::new();
             if !policy_config.default_src.is_empty() {
                 parts.push(format!(
@@ -81,6 +82,7 @@ impl super::MiddlewareLayer for Csp {
                 parts.push(format!("report-uri {}", policy_config.report_uri.join(" ")));
             }
             let policy = parts.join("; ");
+            debug!(target: "middleware::csp", "Computed CSP policy: {}", policy);
             self.computed_policy
                 .set(policy)
                 .map_err(|_| ItsiError::new("Failed to set computed CSP policy"))?;
@@ -92,7 +94,7 @@ impl super::MiddlewareLayer for Csp {
                 let report_path = report_file.clone();
                 let pending_reports = Arc::clone(&self.pending_reports);
                 let handle = tokio::spawn(async move {
-                    let mut interval = time::interval(Duration::from_secs(flush_interval));
+                    let mut interval = time::interval(Duration::from_secs_f64(flush_interval));
                     loop {
                         interval.tick().await;
 
@@ -106,18 +108,25 @@ impl super::MiddlewareLayer for Csp {
                                 }
                             }
                             reports.clear();
-                            if let Err(e) = tokio::fs::OpenOptions::new()
+
+                            debug!("Flushing CSP report to file {:?}", &report_path.display());
+
+                            use tokio::io::AsyncWriteExt;
+
+                            match tokio::fs::OpenOptions::new()
                                 .append(true)
                                 .create(true)
                                 .open(&report_path)
                                 .await
-                                .map(|mut file| async move {
-                                    use tokio::io::AsyncWriteExt;
-                                    file.write_all(lines.as_bytes()).await
-                                })
-                                .map_err(ItsiError::new)
                             {
-                                eprintln!("Error writing CSP reports: {:?}", e);
+                                Ok(mut file) => {
+                                    if let Err(e) = file.write_all(lines.as_bytes()).await {
+                                        eprintln!("Error writing CSP reports: {:?}", e);
+                                    }
+                                }
+                                Err(e) => {
+                                    eprintln!("Error opening CSP report file: {:?}", e);
+                                }
                             }
                         }
                     }
@@ -136,6 +145,7 @@ impl super::MiddlewareLayer for Csp {
         _context: &mut HttpRequestContext,
     ) -> Result<Either<HttpRequest, HttpResponse>, magnus::error::Error> {
         if self.reporting_enabled && req.uri().path() == self.report_endpoint {
+            debug!(target: "middleware::csp", "Received CSP report");
             let full_bytes: Result<Bytes, _> = req
                 .into_body()
                 .into_data_stream()
@@ -148,6 +158,7 @@ impl super::MiddlewareLayer for Csp {
 
             if let Ok(body_bytes) = full_bytes {
                 if let Ok(report) = serde_json::from_slice::<CspReport>(&body_bytes) {
+                    debug!(target: "middleware::csp", "Report: {:?}", report);
                     let mut pending = self.pending_reports.lock().await;
                     pending.push(report);
                 }
@@ -163,6 +174,7 @@ impl super::MiddlewareLayer for Csp {
     async fn after(&self, resp: HttpResponse, _context: &mut HttpRequestContext) -> HttpResponse {
         if let Some(policy) = self.computed_policy.get() {
             if !resp.headers().contains_key("Content-Security-Policy") {
+                debug!(target: "middleware::csp", "Adding CSP header");
                 let (mut parts, body) = resp.into_parts();
                 if let Ok(header_value) = HeaderValue::from_str(policy) {
                     parts
@@ -170,6 +182,8 @@ impl super::MiddlewareLayer for Csp {
                         .insert("Content-Security-Policy", header_value);
                 }
                 return HttpResponse::from_parts(parts, body);
+            } else {
+                debug!(target: "middleware::csp", "CSP header already present");
             }
         }
         resp

data/crates/itsi_server/src/server/middleware_stack/middlewares/deny_list.rs

@@ -3,20 +3,22 @@ use crate::{
     services::itsi_http_service::HttpRequestContext,
 };
 
-use super::{ErrorResponse, FromValue, MiddlewareLayer};
+use super::{token_source::TokenSource, ErrorResponse, FromValue, MiddlewareLayer};
 use async_trait::async_trait;
 use either::Either;
 use itsi_error::ItsiError;
 use magnus::error::Result;
 use regex::RegexSet;
 use serde::Deserialize;
-use std::sync::OnceLock;
+use std::{collections::HashMap, sync::OnceLock};
+use tracing::debug;
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct DenyList {
     #[serde(skip_deserializing)]
     pub denied_ips: OnceLock<RegexSet>,
     pub denied_patterns: Vec<String>,
+    pub trusted_proxies: HashMap<String, TokenSource>,
     #[serde(default = "forbidden_error_response")]
     pub error_response: ErrorResponse,
 }
@@ -40,8 +42,15 @@ impl MiddlewareLayer for DenyList {
         req: HttpRequest,
         context: &mut HttpRequestContext,
     ) -> Result<Either<HttpRequest, HttpResponse>> {
+        let addr = if self.trusted_proxies.contains_key(&context.addr) {
+            let source = self.trusted_proxies.get(&context.addr).unwrap();
+            source.extract_token(&req).unwrap_or(&context.addr)
+        } else {
+            &context.addr
+        };
         if let Some(denied_ips) = self.denied_ips.get() {
-            if denied_ips.is_match(&context.addr) {
+            if denied_ips.is_match(addr) {
+                debug!(target: "middleware::deny_list", "IP address {} is not allowed", addr);
                 return Ok(Either::Right(
                     self.error_response
                         .to_http_response(req.accept().into())

data/crates/itsi_server/src/server/middleware_stack/middlewares/error_response/default_responses.rs

@@ -1,86 +1,85 @@
-use std::convert::Infallible;
-
+use super::{ContentSource, DefaultFormat, ErrorResponse};
+use crate::server::http_message_types::ResponseFormat;
 use bytes::Bytes;
 use http_body_util::{combinators::BoxBody, Full};
-
-use crate::server::http_message_types::ResponseFormat;
-
-use super::{ContentSource, DefaultFormat, ErrorResponse};
+use std::{convert::Infallible, sync::Arc};
 
 impl DefaultFormat {
     pub fn response_for_code(&self, code: u16) -> ContentSource {
         match self {
             DefaultFormat::Plaintext => match code {
-                500 => ContentSource::Inline("500 Internal Error".to_owned()),
-                404 => ContentSource::Inline("404 Not Found".to_owned()),
-                401 => ContentSource::Inline("401 Unauthorized".to_owned()),
-                403 => ContentSource::Inline("403 Forbidden".to_owned()),
-                413 => ContentSource::Inline("413 Payload Too Large".to_owned()),
-                429 => ContentSource::Inline("429 Too Many Requests".to_owned()),
-                502 => ContentSource::Inline("502 Bad Gateway".to_owned()),
-                503 => ContentSource::Inline("503 Service Unavailable".to_owned()),
-                504 => ContentSource::Inline("504 Gateway Timeout".to_owned()),
-                _ => ContentSource::Inline("Unexpected Error".to_owned()),
+                500 => ContentSource::Static(Arc::new("500 Internal Error".into())),
+                404 => ContentSource::Static(Arc::new("404 Not Found".into())),
+                401 => ContentSource::Static(Arc::new("401 Unauthorized".into())),
+                403 => ContentSource::Static(Arc::new("403 Forbidden".into())),
+                413 => ContentSource::Static(Arc::new("413 Payload Too Large".into())),
+                429 => ContentSource::Static(Arc::new("429 Too Many Requests".into())),
+                502 => ContentSource::Static(Arc::new("502 Bad Gateway".into())),
+                503 => ContentSource::Static(Arc::new("503 Service Unavailable".into())),
+                504 => ContentSource::Static(Arc::new("504 Gateway Timeout".into())),
+                _ => ContentSource::Static(Arc::new("Unexpected Error".into())),
             },
             DefaultFormat::Html => match code {
-                500 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/500.html").to_owned(),
-                ),
-                404 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/404.html").to_owned(),
-                ),
-                401 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/401.html").to_owned(),
-                ),
-                403 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/403.html").to_owned(),
-                ),
-                413 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/413.html").to_owned(),
-                ),
-                429 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/429.html").to_owned(),
-                ),
-                502 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/502.html").to_owned(),
-                ),
-                503 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/503.html").to_owned(),
-                ),
-                504 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/html/504.html").to_owned(),
-                ),
-                _ => ContentSource::Inline("Unexpected Error".to_owned()),
+                500 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/500.html").into(),
+                )),
+                404 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/404.html").into(),
+                )),
+                401 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/401.html").into(),
+                )),
+                403 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/403.html").into(),
+                )),
+                413 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/413.html").into(),
+                )),
+                429 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/429.html").into(),
+                )),
+                502 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/502.html").into(),
+                )),
+                503 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/503.html").into(),
+                )),
+                504 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/504.html").into(),
+                )),
+                _ => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/html/500.html").into(),
+                )),
             },
             DefaultFormat::Json => match code {
-                500 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/500.json").to_owned(),
-                ),
-                404 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/404.json").to_owned(),
-                ),
-                401 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/401.json").to_owned(),
-                ),
-                403 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/403.json").to_owned(),
-                ),
-                413 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/413.json").to_owned(),
-                ),
-                429 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/429.json").to_owned(),
-                ),
-                502 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/502.json").to_owned(),
-                ),
-                503 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/503.json").to_owned(),
-                ),
-                504 => ContentSource::Inline(
-                    include_str!("../../../../default_responses/json/504.json").to_owned(),
-                ),
-                _ => ContentSource::Inline("Unexpected Error".to_owned()),
+                500 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/500.json").into(),
+                )),
+                404 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/404.json").into(),
+                )),
+                401 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/401.json").into(),
+                )),
+                403 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/403.json").into(),
+                )),
+                413 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/413.json").into(),
+                )),
+                429 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/429.json").into(),
+                )),
+                502 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/502.json").into(),
+                )),
+                503 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/503.json").into(),
+                )),
+                504 => ContentSource::Static(Arc::new(
+                    include_str!("../../../../default_responses/json/504.json").into(),
+                )),
+                _ => ContentSource::Static(Arc::new("Unexpected Error".into())),
             },
         }
     }
@@ -95,6 +94,9 @@ impl ErrorResponse {
         };
         match source {
             ContentSource::Inline(bytes) => BoxBody::new(Full::new(Bytes::from(bytes))),
+            ContentSource::Static(text) => {
+                BoxBody::new(Full::new(Bytes::from(String::from(text.as_str()))))
+            }
             ContentSource::File(_) => BoxBody::new(Full::new(Bytes::from("Unexpected error"))),
         }
     }

data/crates/itsi_server/src/server/middleware_stack/middlewares/error_response.rs

@@ -5,6 +5,8 @@ use http_body_util::{combinators::BoxBody, Full};
 use serde::{Deserialize, Deserializer};
 use std::convert::Infallible;
 use std::path::PathBuf;
+use std::sync::Arc;
+use tracing::warn;
 
 use crate::server::http_message_types::{HttpResponse, ResponseFormat};
 use crate::services::static_file_server::ROOT_STATIC_FILE_SERVER;
@@ -16,6 +18,9 @@ pub enum ContentSource {
     Inline(String),
     #[serde(rename(deserialize = "file"))]
     File(PathBuf),
+    #[serde(rename(deserialize = "static"))]
+    #[serde(skip_deserializing)]
+    Static(Arc<String>),
 }
 
 #[derive(Debug, Clone, Deserialize, Default)]
@@ -90,7 +95,13 @@ impl From<ErrorResponseDef> for ErrorResponse {
                 "bad_gateway" => ErrorResponse::bad_gateway(),
                 "service_unavailable" => ErrorResponse::service_unavailable(),
                 "gateway_timeout" => ErrorResponse::gateway_timeout(),
-                _ => panic!("Unknown error response name: {}", name),
+                _ => {
+                    warn!(
+                        "Unknown error response name: {}. Using internal server error.",
+                        name
+                    );
+                    ErrorResponse::internal_server_error()
+                }
             },
         }
     }
@@ -139,6 +150,9 @@ impl ErrorResponse {
             Some(ContentSource::Inline(text)) => {
                 return BoxBody::new(Full::new(Bytes::from(text.clone())));
             }
+            Some(ContentSource::Static(text)) => {
+                return BoxBody::new(Full::new(Bytes::from(String::from(text.as_str()))));
+            }
             Some(ContentSource::File(path)) => {
                 // Convert the PathBuf to a &str (assumes valid UTF-8).
                 if let Some(path_str) = path.to_str() {

data/crates/itsi_server/src/server/middleware_stack/middlewares/etag.rs

@@ -15,6 +15,7 @@ use hyper::body::Body;
 use magnus::error::Result;
 use serde::Deserialize;
 use sha2::{Digest, Sha256};
+use tracing::debug;
 
 #[derive(Debug, Clone, Copy, Deserialize, Default)]
 pub enum ETagType {
@@ -60,6 +61,7 @@ impl MiddlewareLayer for ETag {
         // Store if-none-match header in context if present for later use in after hook
         if self.handle_if_none_match {
             if let Some(if_none_match) = req.headers().get(header::IF_NONE_MATCH) {
+                debug!(target: "middleware::etag", "Received If-None-Match header: {:?}", if_none_match);
                 if let Ok(etag_value) = if_none_match.to_str() {
                     context.set_if_none_match(Some(etag_value.to_string()));
                 }
@@ -77,33 +79,35 @@ impl MiddlewareLayer for ETag {
             | StatusCode::NON_AUTHORITATIVE_INFORMATION
             | StatusCode::NO_CONTENT
             | StatusCode::PARTIAL_CONTENT => {}
-            _ => return resp,
+            _ => {
+                debug!(target: "middleware::etag", "Skipping ETag middleware for ineligible response");
+                return resp;
+            }
         }
 
-        // Skip if already has an ETag
         if resp.headers().contains_key(header::ETAG) {
+            debug!(target: "middleware::etag", "Forwarding response with existing ETag");
             return resp;
         }
 
-        // Skip if Cache-Control: no-store is present
         if let Some(cache_control) = resp.headers().get(header::CACHE_CONTROL) {
             if let Ok(cache_control_str) = cache_control.to_str() {
                 if cache_control_str.contains("no-store") {
+                    debug!(target: "middleware::etag", "Skipping ETag for no-store response");
                     return resp;
                 }
             }
         }
 
-        // Check if body is a stream or fixed size using size_hint (similar to compression.rs)
         let body_size = resp.size_hint().exact();
 
-        // Skip streaming bodies
         if body_size.is_none() {
+            debug!(target: "middleware::etag", "Skipping ETag for streaming response");
             return resp;
         }
 
-        // Skip if body is too small
         if body_size.unwrap_or(0) < self.min_body_size as u64 {
+            debug!(target: "middleware::etag", "Skipping ETag for small response");
             return resp;
         }
 
@@ -142,6 +146,7 @@ impl MiddlewareLayer for ETag {
                 ETagType::Weak => format!("W/\"{}\"", computed_etag),
             };
 
+            debug!(target: "middleware::etag", "Computed ETag for response {}", formatted_etag);
             if let Ok(value) = HeaderValue::from_str(&formatted_etag) {
                 parts.headers.insert(header::ETAG, value);
             }
@@ -150,7 +155,6 @@ impl MiddlewareLayer for ETag {
             formatted_etag
         };
 
-        // Handle 304 Not Modified if we have an If-None-Match header and it matches
         if self.handle_if_none_match {
             if let Some(if_none_match) = context.get_if_none_match() {
                 if if_none_match == etag_value || if_none_match == "*" {
@@ -176,7 +180,6 @@ impl MiddlewareLayer for ETag {
             }
         }
 
-        // Recreate response with the original body and the ETag header
         Response::from_parts(parts, body)
     }
 }

data/crates/itsi_server/src/server/middleware_stack/middlewares/intrusion_protection.rs

@@ -4,6 +4,7 @@ use crate::services::rate_limiter::{
     get_ban_manager, get_rate_limiter, BanManager, RateLimiter, RateLimiterConfig,
 };
 
+use super::token_source::TokenSource;
 use super::{ErrorResponse, FromValue, MiddlewareLayer};
 
 use async_trait::async_trait;
@@ -28,12 +29,13 @@ pub struct IntrusionProtection {
     pub banned_header_pattern_matchers: OnceLock<HashMap<String, RegexSet>>,
     #[serde(default)]
     pub banned_header_patterns: HashMap<String, Vec<String>>,
-    pub banned_time_seconds: u64,
+    pub banned_time_seconds: f64,
     #[serde(skip_deserializing)]
     pub rate_limiter: OnceLock<Arc<dyn RateLimiter>>,
     #[serde(skip_deserializing)]
     pub ban_manager: OnceLock<BanManager>,
     pub store_config: RateLimiterConfig,
+    pub trusted_proxies: HashMap<String, TokenSource>,
     #[serde(default = "forbidden_error_response")]
     pub error_response: ErrorResponse,
 }
@@ -49,6 +51,7 @@ impl MiddlewareLayer for IntrusionProtection {
         if !self.banned_url_patterns.is_empty() {
             match RegexSet::new(&self.banned_url_patterns) {
                 Ok(regex_set) => {
+                    debug!(target: "middleware::intrusion_protection", "Compiled URL regex patterns: {} items.", regex_set.len());
                     let _ = self.banned_url_pattern_matcher.set(regex_set);
                 }
                 Err(e) => {
@@ -64,6 +67,7 @@ impl MiddlewareLayer for IntrusionProtection {
                 if !patterns.is_empty() {
                     match RegexSet::new(patterns) {
                         Ok(regex_set) => {
+                            debug!(target: "middleware::intrusion_protection", "Compiled header regex patterns for {}: {} items.", header_name, regex_set.len());
                             header_matchers.insert(header_name.clone(), regex_set);
                         }
                         Err(e) => {
@@ -81,12 +85,14 @@ impl MiddlewareLayer for IntrusionProtection {
         // Initialize rate limiter (used for tracking bans)
         // This will automatically fall back to in-memory if Redis fails
         if let Ok(limiter) = get_rate_limiter(&self.store_config).await {
+            debug!(target: "middleware::intrusion_protection", "Initialized rate limiter.");
             let _ = self.rate_limiter.set(limiter);
         }
 
         // Initialize ban manager
         // This will automatically fall back to in-memory if Redis fails
         if let Ok(manager) = get_ban_manager(&self.store_config).await {
+            debug!(target: "middleware::intrusion_protection", "Initialized ban manager.");
             let _ = self.ban_manager.set(manager);
         }
 
@@ -99,12 +105,18 @@ impl MiddlewareLayer for IntrusionProtection {
         context: &mut HttpRequestContext,
     ) -> Result<Either<HttpRequest, HttpResponse>> {
         // Get client IP address from context's service
-        let client_ip = &context.addr;
+        let client_ip = if self.trusted_proxies.contains_key(&context.addr) {
+            let source = self.trusted_proxies.get(&context.addr).unwrap();
+            source.extract_token(&req).unwrap_or(&context.addr)
+        } else {
+            &context.addr
+        };
 
         // Check if the IP is already banned
         if let Some(ban_manager) = self.ban_manager.get() {
             match ban_manager.is_banned(client_ip).await {
                 Ok(Some(_)) => {
+                    debug!(target: "middleware::intrusion_protection", "IP {} is banned.", client_ip);
                     return Ok(Either::Right(
                         self.error_response
                             .to_http_response(req.accept().into())
@@ -115,9 +127,7 @@ impl MiddlewareLayer for IntrusionProtection {
                     error!("Error checking IP ban status: {:?}", e);
                     // Continue processing - fail open
                 }
-                _ => {
-                    // Not banned, continue with intrusion checks
-                }
+                _ => {}
             }
         } else {
             warn!("No ban manager available for intrusion protection");
@@ -128,12 +138,13 @@ impl MiddlewareLayer for IntrusionProtection {
             let path = req.uri().path_and_query().map(|p| p.as_str()).unwrap_or("");
 
             if url_matcher.is_match(path) {
+                debug!(target: "middleware::intrusion_protection", "Banned URL pattern detected: {}", path);
                 if let Some(ban_manager) = self.ban_manager.get() {
                     match ban_manager
                         .ban_ip(
                             client_ip,
                             &format!("Banned URL pattern detected: {}", path),
-                            Duration::from_secs(self.banned_time_seconds),
+                            Duration::from_secs_f64(self.banned_time_seconds),
                         )
                         .await
                     {
@@ -156,10 +167,7 @@ impl MiddlewareLayer for IntrusionProtection {
             for (header_name, pattern_set) in header_matchers {
                 if let Some(header_value) = req.header(header_name) {
                     if pattern_set.is_match(header_value) {
-                        info!(
-                            "Intrusion detected: Header pattern match for {} in header {}",
-                            header_value, header_name
-                        );
+                        debug!(target: "middleware::intrusion_protection", "Banned header pattern detected: {} in {}", header_value, header_name);
 
                         // Ban the IP address if possible
                         if let Some(ban_manager) = self.ban_manager.get() {
@@ -170,7 +178,7 @@ impl MiddlewareLayer for IntrusionProtection {
                                         "Banned header pattern detected: {} in {}",
                                         header_value, header_name
                                     ),
-                                    Duration::from_secs(self.banned_time_seconds),
+                                    Duration::from_secs_f64(self.banned_time_seconds),
                                 )
                                 .await
                             {

data/crates/itsi_server/src/server/middleware_stack/middlewares/log_requests.rs

@@ -42,11 +42,11 @@ pub enum LogMiddlewareLevel {
 impl LogMiddlewareLevel {
     pub fn log(&self, message: String) {
         match self {
-            LogMiddlewareLevel::Trace => trace!(message),
-            LogMiddlewareLevel::Debug => debug!(message),
-            LogMiddlewareLevel::Info => info!(message),
-            LogMiddlewareLevel::Warn => warn!(message),
-            LogMiddlewareLevel::Error => error!(message),
+            LogMiddlewareLevel::Trace => trace!(target: "middleware::log_requests", message),
+            LogMiddlewareLevel::Debug => debug!(target: "middleware::log_requests", message),
+            LogMiddlewareLevel::Info => info!(target: "middleware::log_requests", message),
+            LogMiddlewareLevel::Warn => warn!(target: "middleware::log_requests", message),
+            LogMiddlewareLevel::Error => error!(target: "middleware::log_requests", message),
         }
     }
 }

data/crates/itsi_server/src/server/middleware_stack/middlewares/max_body.rs

@@ -13,7 +13,7 @@ use std::sync::atomic::Ordering;
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct MaxBody {
-    pub max_size: usize,
+    pub limit_bytes: usize,
     #[serde(default = "payload_too_large_error_response")]
     pub error_response: ErrorResponse,
 }
@@ -29,7 +29,7 @@ impl MiddlewareLayer for MaxBody {
         req: HttpRequest,
         context: &mut HttpRequestContext,
     ) -> Result<Either<HttpRequest, HttpResponse>> {
-        req.body().limit.store(self.max_size, Ordering::Relaxed);
+        req.body().limit.store(self.limit_bytes, Ordering::Relaxed);
         context.set_response_format(req.accept().into());
         Ok(Either::Left(req))
     }

data/crates/itsi_server/src/server/middleware_stack/middlewares/mod.rs

@@ -57,22 +57,28 @@ use serde::Deserialize;
 use serde_magnus::deserialize;
 pub use static_assets::StaticAssets;
 pub use static_response::StaticResponse;
+pub use string_rewrite::StringRewrite;
 
 use crate::server::http_message_types::HttpRequest;
 use crate::server::http_message_types::HttpResponse;
 use crate::services::itsi_http_service::HttpRequestContext;
 
+use std::collections::HashMap;
+use std::sync::Mutex;
+static CACHE: LazyLock<Mutex<HashMap<u64, Arc<dyn std::any::Any + Send + Sync>>>> =
+    LazyLock::new(|| Mutex::new(HashMap::new()));
+
+pub fn clear_value_cache() {
+    let mut cache = CACHE.lock().unwrap();
+    cache.clear();
+}
+
 pub trait FromValue: Sized + Send + Sync + 'static {
     fn from_value(value: Value) -> Result<Arc<Self>>
     where
         Self: Deserialize<'static>,
     {
-        use std::collections::HashMap;
-        use std::sync::Mutex;
-
         let raw = value.as_raw();
-        static CACHE: LazyLock<Mutex<HashMap<u64, Arc<dyn std::any::Any + Send + Sync>>>> =
-            LazyLock::new(|| Mutex::new(HashMap::new()));
 
         let mut cache = CACHE.lock().unwrap();