tgstate-rust / src /constants.rs
bhgi's picture
Deploy tgstate-rust
71217a7
Raw
History Blame Contribute Delete
2.41 kB
/// Maximum upload body size (512 MB)
pub const MAX_UPLOAD_BODY_SIZE: usize = 512 * 1024 * 1024;
/// Telegram chunk size for large file uploads (~19.5 MB, under Telegram's 20MB limit)
pub const TELEGRAM_CHUNK_SIZE: usize = (19.5 * 1024.0 * 1024.0) as usize;
/// HTTP client timeout for file upload/download operations (seconds)
pub const HTTP_TIMEOUT_TRANSFER_SECS: u64 = 300;
/// HTTP client timeout for metadata/API operations (seconds)
pub const HTTP_TIMEOUT_METADATA_SECS: u64 = 30;
/// Rate limit: login attempts per window
pub const RATE_LIMIT_LOGIN_MAX: u32 = 5;
/// Rate limit: upload requests per window
pub const RATE_LIMIT_UPLOAD_MAX: u32 = 10;
/// Rate limit: general API requests per window
pub const RATE_LIMIT_API_MAX: u32 = 120;
/// Rate limit: public download/share requests per window. Covers `/d/*` and
/// `/share/*`. Higher than API because legitimate browsers issue many of
/// these per page load (HTML + thumbnails + Range requests for video).
pub const RATE_LIMIT_DOWNLOAD_MAX: u32 = 300;
/// Rate limit: window duration in seconds
pub const RATE_LIMIT_WINDOW_SECS: u64 = 60;
/// Rate limiter cleanup interval in seconds
pub const RATE_LIMIT_CLEANUP_INTERVAL_SECS: u64 = 120;
/// Maximum entries per rate limiter bucket before forced eviction
pub const RATE_LIMIT_MAX_ENTRIES: usize = 10_000;
/// SSE keepalive interval in seconds
pub const SSE_KEEPALIVE_SECS: u64 = 15;
/// Session cookie max-age in seconds (7 days). Combined with the sliding
/// refresh in `middleware::auth`, a user who visits the site at least once
/// a week stays logged in indefinitely; otherwise the cookie expires and
/// the user must log in again. May be overridden by env `SESSION_MAX_AGE_SECS`
/// at runtime (see `auth::build_cookie`). The previous 30-day default was
/// longer than SECURITY.md advertised and is shortened here.
pub const SESSION_MAX_AGE_SECS: u32 = 7 * 24 * 60 * 60;
/// Short ID length for file identifiers. Ten chars of 62-alphabet ≈ 60 bits of
/// entropy, which is practical-only enumeration-resistant for a single-admin
/// self-hosted tool.
pub const SHORT_ID_LENGTH: usize = 10;
/// Broadcast event bus capacity
pub const EVENT_BUS_CAPACITY: usize = 200;
/// Bot polling long-poll timeout in seconds
pub const BOT_POLL_TIMEOUT_SECS: u64 = 30;
/// Maximum number of file IDs accepted in a single batch-delete request.
pub const BATCH_DELETE_MAX: usize = 100;