Spaces:
Paused
Paused
| /// Maximum upload body size (512 MB) | |
| pub const MAX_UPLOAD_BODY_SIZE: usize = 512 * 1024 * 1024; | |
| /// Telegram chunk size for large file uploads (~19.5 MB, under Telegram's 20MB limit) | |
| pub const TELEGRAM_CHUNK_SIZE: usize = (19.5 * 1024.0 * 1024.0) as usize; | |
| /// HTTP client timeout for file upload/download operations (seconds) | |
| pub const HTTP_TIMEOUT_TRANSFER_SECS: u64 = 300; | |
| /// HTTP client timeout for metadata/API operations (seconds) | |
| pub const HTTP_TIMEOUT_METADATA_SECS: u64 = 30; | |
| /// Rate limit: login attempts per window | |
| pub const RATE_LIMIT_LOGIN_MAX: u32 = 5; | |
| /// Rate limit: upload requests per window | |
| pub const RATE_LIMIT_UPLOAD_MAX: u32 = 10; | |
| /// Rate limit: general API requests per window | |
| pub const RATE_LIMIT_API_MAX: u32 = 120; | |
| /// Rate limit: public download/share requests per window. Covers `/d/*` and | |
| /// `/share/*`. Higher than API because legitimate browsers issue many of | |
| /// these per page load (HTML + thumbnails + Range requests for video). | |
| pub const RATE_LIMIT_DOWNLOAD_MAX: u32 = 300; | |
| /// Rate limit: window duration in seconds | |
| pub const RATE_LIMIT_WINDOW_SECS: u64 = 60; | |
| /// Rate limiter cleanup interval in seconds | |
| pub const RATE_LIMIT_CLEANUP_INTERVAL_SECS: u64 = 120; | |
| /// Maximum entries per rate limiter bucket before forced eviction | |
| pub const RATE_LIMIT_MAX_ENTRIES: usize = 10_000; | |
| /// SSE keepalive interval in seconds | |
| pub const SSE_KEEPALIVE_SECS: u64 = 15; | |
| /// Session cookie max-age in seconds (7 days). Combined with the sliding | |
| /// refresh in `middleware::auth`, a user who visits the site at least once | |
| /// a week stays logged in indefinitely; otherwise the cookie expires and | |
| /// the user must log in again. May be overridden by env `SESSION_MAX_AGE_SECS` | |
| /// at runtime (see `auth::build_cookie`). The previous 30-day default was | |
| /// longer than SECURITY.md advertised and is shortened here. | |
| pub const SESSION_MAX_AGE_SECS: u32 = 7 * 24 * 60 * 60; | |
| /// Short ID length for file identifiers. Ten chars of 62-alphabet ≈ 60 bits of | |
| /// entropy, which is practical-only enumeration-resistant for a single-admin | |
| /// self-hosted tool. | |
| pub const SHORT_ID_LENGTH: usize = 10; | |
| /// Broadcast event bus capacity | |
| pub const EVENT_BUS_CAPACITY: usize = 200; | |
| /// Bot polling long-poll timeout in seconds | |
| pub const BOT_POLL_TIMEOUT_SECS: u64 = 30; | |
| /// Maximum number of file IDs accepted in a single batch-delete request. | |
| pub const BATCH_DELETE_MAX: usize = 100; | |