change that hoists the redirect-free reqwest::Client into a single, lazily-initialized static so every call to validate_jwt re-uses the same handle (and therefore the same connection-pool, DNS cache, TLS session cache, etc)

2025-07-14 17:22:51 -07:00 · 2025-07-14 17:22:51 -07:00 · 352d8ff659
commit 352d8ff659
parent ee6332a78d
2 changed files with 4 additions and 6 deletions
--- a/src/validation.rs
+++ b/src/validation.rs
@ -688,7 +688,7 @@ async fn timed_validate_single_match<'a>(
                return;
            }

-            match jwt::validate_jwt(&token, client).await {
+            match jwt::validate_jwt(&token).await {
                Ok((ok, msg)) => {
                    m.validation_success = ok;
                    m.validation_response_body = msg;
--- a/src/validation/jwt.rs
+++ b/src/validation/jwt.rs
@ -46,7 +46,7 @@ struct Claims {
    aud: Option<Aud>,
 }

-pub async fn validate_jwt(token: &str, client: &Client) -> Result<(bool, String)> {
+pub async fn validate_jwt(token: &str) -> Result<(bool, String)> {
    // --- insecure payload decode -------------------------------------------------
    let claims: Claims = {
        let payload_b64 = token.split('.').nth(1).ok_or_else(|| anyhow!("invalid JWT format"))?;
@ -199,16 +199,14 @@ mod tests {
    #[tokio::test]
    async fn valid_token() {
        let token = build_token(60);
-        let client = Client::new();
-        let res = validate_jwt(&token, &client).await.unwrap();
+        let res = validate_jwt(&token).await.unwrap();
        assert!(res.0);
    }

    #[tokio::test]
    async fn expired_token() {
        let token = build_token(-60);
-        let client = Client::new();
-        let res = validate_jwt(&token, &client).await.unwrap();
+        let res = validate_jwt(&token).await.unwrap();
        assert!(!res.0);
    }
 }