refactor: use constant for minimum password length and API rate limit

Co-authored-by: Copilot <copilot@github.com>
2026-05-04 21:41:07 +02:00
parent 874c406d4a
commit d083f8ae3d
2 changed files with 61 additions and 36 deletions
--- a/crates/presentation/src/routes.rs
+++ b/crates/presentation/src/routes.rs
@@ -9,6 +9,8 @@ use tower_http::{services::ServeDir, trace::TraceLayer};

 use crate::{handlers, state::AppState};

+const API_RATE_LIMIT: u64 = 20; // 20 requests per minute globally for API routes
+
 /// Simple global rate limiter: tracks request count per 60-second window.
 /// Not per-IP — suitable for a low-traffic personal app.
 #[derive(Clone)]
@@ -55,20 +57,62 @@ pub fn build_router(state: AppState) -> Router {

 fn html_routes() -> Router<AppState> {
    // Auth routes: 20 requests per minute globally.
-    let limiter = RateLimiter::new(20);
+    let limiter = RateLimiter::new(API_RATE_LIMIT);
    let auth = Router::new()
        .route(
            "/login",
-            routing::get(handlers::html::get_login_page)
-                .post(handlers::html::post_login),
+            routing::get(handlers::html::get_login_page).post(handlers::html::post_login),
        )
        .route("/logout", routing::get(handlers::html::get_logout))
        .route(
            "/register",
-            routing::get(handlers::html::get_register_page)
-                .post(handlers::html::post_register),
+            routing::get(handlers::html::get_register_page).post(handlers::html::post_register),
        )
-        .route_layer(middleware::from_fn(move |req: axum::extract::Request, next: middleware::Next| {
+        .route_layer(middleware::from_fn(
+            move |req: axum::extract::Request, next: middleware::Next| {
+                let limiter = limiter.clone();
+                async move {
+                    if limiter.check() {
+                        next.run(req).await
+                    } else {
+                        StatusCode::TOO_MANY_REQUESTS.into_response()
+                    }
+                }
+            },
+        ));
+
+    Router::new()
+        .route("/", routing::get(handlers::html::get_activity_feed))
+        .route("/users", routing::get(handlers::html::get_users_list))
+        .route(
+            "/users/{id}",
+            routing::get(handlers::html::get_user_profile),
+        )
+        .merge(auth)
+        .route(
+            "/reviews/new",
+            routing::get(handlers::html::get_new_review_page),
+        )
+        .route("/reviews", routing::post(handlers::html::post_review))
+        .route(
+            "/reviews/{id}/delete",
+            routing::post(handlers::html::post_delete_review),
+        )
+        .route(
+            "/posters/{path}",
+            routing::get(handlers::posters::get_poster),
+        )
+        .route("/feed.rss", routing::get(handlers::rss::get_feed))
+        .route(
+            "/users/{id}/feed.rss",
+            routing::get(handlers::rss::get_user_feed),
+        )
+}
+
+fn api_routes() -> Router<AppState> {
+    let limiter = RateLimiter::new(API_RATE_LIMIT);
+    let auth_rate_limit =
+        middleware::from_fn(move |req: axum::extract::Request, next: middleware::Next| {
            let limiter = limiter.clone();
            async move {
                if limiter.check() {
@@ -77,33 +121,7 @@ fn html_routes() -> Router<AppState> {
                    StatusCode::TOO_MANY_REQUESTS.into_response()
                }
            }
-        }));
-
-    Router::new()
-        .route("/", routing::get(handlers::html::get_activity_feed))
-        .route("/users", routing::get(handlers::html::get_users_list))
-        .route("/users/{id}", routing::get(handlers::html::get_user_profile))
-        .merge(auth)
-        .route("/reviews/new", routing::get(handlers::html::get_new_review_page))
-        .route("/reviews", routing::post(handlers::html::post_review))
-        .route("/reviews/{id}/delete", routing::post(handlers::html::post_delete_review))
-        .route("/posters/{path}", routing::get(handlers::posters::get_poster))
-        .route("/feed.rss", routing::get(handlers::rss::get_feed))
-        .route("/users/{id}/feed.rss", routing::get(handlers::rss::get_user_feed))
-}
-
-fn api_routes() -> Router<AppState> {
-    let limiter = RateLimiter::new(20);
-    let auth_rate_limit = middleware::from_fn(move |req: axum::extract::Request, next: middleware::Next| {
-        let limiter = limiter.clone();
-        async move {
-            if limiter.check() {
-                next.run(req).await
-            } else {
-                StatusCode::TOO_MANY_REQUESTS.into_response()
-            }
-        }
-    });
+        });

    Router::new().nest(
        "/api",
@@ -114,7 +132,10 @@ fn api_routes() -> Router<AppState> {
                routing::get(handlers::api::get_review_history),
            )
            .route("/reviews", routing::post(handlers::api::post_review))
-            .route("/reviews/{id}", routing::delete(handlers::api::delete_review))
+            .route(
+                "/reviews/{id}",
+                routing::delete(handlers::api::delete_review),
+            )
            .route(
                "/movies/{id}/sync-poster",
                routing::post(handlers::api::sync_poster),