From 352d8ff65959bbce5475941f5d33dbcc46a6da72 Mon Sep 17 00:00:00 2001 From: Mick Grove Date: Mon, 14 Jul 2025 17:22:51 -0700 Subject: [PATCH] change that hoists the redirect-free reqwest::Client into a single, lazily-initialized static so every call to validate_jwt re-uses the same handle (and therefore the same connection-pool, DNS cache, TLS session cache, etc) --- src/validation.rs | 2 +- src/validation/jwt.rs | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/validation.rs b/src/validation.rs index 172888d..6cb3711 100644 --- a/src/validation.rs +++ b/src/validation.rs @@ -688,7 +688,7 @@ async fn timed_validate_single_match<'a>( return; } - match jwt::validate_jwt(&token, client).await { + match jwt::validate_jwt(&token).await { Ok((ok, msg)) => { m.validation_success = ok; m.validation_response_body = msg; diff --git a/src/validation/jwt.rs b/src/validation/jwt.rs index ca0ac43..6449fd2 100644 --- a/src/validation/jwt.rs +++ b/src/validation/jwt.rs @@ -46,7 +46,7 @@ struct Claims { aud: Option, } -pub async fn validate_jwt(token: &str, client: &Client) -> Result<(bool, String)> { +pub async fn validate_jwt(token: &str) -> Result<(bool, String)> { // --- insecure payload decode ------------------------------------------------- let claims: Claims = { let payload_b64 = token.split('.').nth(1).ok_or_else(|| anyhow!("invalid JWT format"))?; @@ -199,16 +199,14 @@ mod tests { #[tokio::test] async fn valid_token() { let token = build_token(60); - let client = Client::new(); - let res = validate_jwt(&token, &client).await.unwrap(); + let res = validate_jwt(&token).await.unwrap(); assert!(res.0); } #[tokio::test] async fn expired_token() { let token = build_token(-60); - let client = Client::new(); - let res = validate_jwt(&token, &client).await.unwrap(); + let res = validate_jwt(&token).await.unwrap(); assert!(!res.0); } }