From cb10c84809008135069a11d449dbb60392ae650d Mon Sep 17 00:00:00 2001
From: NotAShelf <raf@notashelf.dev>
Date: Sun, 8 Mar 2026 01:06:57 +0300
Subject: [PATCH] chore: update example config with ratelimit opts; format TOML

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iefb657f4564caa8fd9a0ec375522c4726a6a6964
---
 .cargo/config.toml   |  8 ++---
 .deny.toml           | 76 ++++++++++++++++++++++----------------------
 .rustfmt.toml        | 47 ++++++++++++++-------------
 pinakes.example.toml | 37 ++++++++++++++++++---
 4 files changed, 96 insertions(+), 72 deletions(-)

diff --git a/.cargo/config.toml b/.cargo/config.toml
index bf15bbc..abd0872 100644
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -3,9 +3,9 @@ build-std = ["std", "panic_abort", "core", "alloc"]
 
 [build]
 rustflags = [
-    "-Clto",
-    "-Zvirtual-function-elimination",
-    "-Zlocation-detail=none",
+  "-Clto",
+  "-Zvirtual-function-elimination",
+  "-Zlocation-detail=none",
 ]
 
 
@@ -23,5 +23,3 @@ codegen-units = 1
 panic = "abort"
 strip = true
 incremental = false
-
-
diff --git a/.deny.toml b/.deny.toml
index 06a92b5..5613325 100644
--- a/.deny.toml
+++ b/.deny.toml
@@ -23,13 +23,13 @@
 # dependencies not shared by any other crates, would be ignored, as the target
 # list here is effectively saying which targets you are building for.
 targets = [
-    # The triple can be any string, but only the target triples built in to
-    # rustc (as of 1.40) can be checked against actual config expressions
-    #"x86_64-unknown-linux-musl",
-    # You can also specify which target_features you promise are enabled for a
-    # particular target. target_features are currently not validated against
-    # the actual valid features supported by the target architecture.
-    #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
+  # The triple can be any string, but only the target triples built in to
+  # rustc (as of 1.40) can be checked against actual config expressions
+  #"x86_64-unknown-linux-musl",
+  # You can also specify which target_features you promise are enabled for a
+  # particular target. target_features are currently not validated against
+  # the actual valid features supported by the target architecture.
+  #{ triple = "wasm32-unknown-unknown", features = ["atomics"] },
 ]
 # When creating the dependency graph used as the source of truth when checks are
 # executed, this field can be used to prune crates from the graph, removing them
@@ -70,23 +70,23 @@ feature-depth = 1
 # A list of advisory IDs to ignore. Note that ignored advisories will still
 # output a note when they are encountered.
 ignore = [
-    # Dioxus pulls a whole bunch of GTK3 dependencies that are all deprecated and
-    # marked insecure. Unfortunately, there doesn't seem to be a GTK4 migration
-    # in sight, so we'll have to ignore them for now.
-    { id = "RUSTSEC-2024-0370", reason = "Used by GTK3 and there is no alternative!"},
-    { id = "RUSTSEC-2024-0411", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0412", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0413", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0415", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0416", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0418", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0419", reason = "Used by Dioxus and there is no alternative!"},
-    { id = "RUSTSEC-2024-0420", reason = "Used by Dioxus and there is no alternative!"}
+  # Dioxus pulls a whole bunch of GTK3 dependencies that are all deprecated and
+  # marked insecure. Unfortunately, there doesn't seem to be a GTK4 migration
+  # in sight, so we'll have to ignore them for now.
+  { id = "RUSTSEC-2024-0370", reason = "Used by GTK3 and there is no alternative!" },
+  { id = "RUSTSEC-2024-0411", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0412", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0413", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0415", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0416", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0418", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0419", reason = "Used by Dioxus and there is no alternative!" },
+  { id = "RUSTSEC-2024-0420", reason = "Used by Dioxus and there is no alternative!" },
 
-    #"RUSTSEC-0000-0000",
-    #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
-    #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
-    #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
+  #"RUSTSEC-0000-0000",
+  #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
+  #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
+  #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.
@@ -120,9 +120,9 @@ confidence-threshold = 0.8
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
-    # Each entry is the crate and version constraint, and its specific allow
-    # list
-    #{ allow = ["Zlib"], crate = "adler32" },
+  # Each entry is the crate and version constraint, and its specific allow
+  # list
+  #{ allow = ["Zlib"], crate = "adler32" },
 ]
 
 # Some crates don't have (easily) machine readable licensing information,
@@ -153,7 +153,7 @@ ignore = false
 # is only published to private registries, and ignore is true, the crate will
 # not have its license(s) checked
 registries = [
-    #"https://sekretz.com/registry
+  #"https://sekretz.com/registry
 ]
 
 # This section is considered when running `cargo deny check bans`.
@@ -180,8 +180,8 @@ workspace-default-features = "allow"
 external-default-features = "allow"
 # List of crates that are allowed. Use with care!
 allow = [
-    #"ansi_term@0.11.0",
-    #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
+  #"ansi_term@0.11.0",
+  #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" },
 ]
 # If true, workspace members are automatically allowed even when using deny-by-default
 # This is useful for organizations that want to deny all external dependencies by default
@@ -189,11 +189,11 @@ allow = [
 allow-workspace = false
 # List of crates to deny
 deny = [
-    #"ansi_term@0.11.0",
-    #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
-    # Wrapper crates can optionally be specified to allow the crate when it
-    # is a direct dependency of the otherwise banned crate
-    #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
+  #"ansi_term@0.11.0",
+  #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason it is banned" },
+  # Wrapper crates can optionally be specified to allow the crate when it
+  # is a direct dependency of the otherwise banned crate
+  #{ crate = "ansi_term@0.11.0", wrappers = ["this-crate-directly-depends-on-ansi_term"] },
 ]
 
 # List of features to allow/deny
@@ -221,16 +221,16 @@ deny = [
 
 # Certain crates/versions that will be skipped when doing duplicate detection.
 skip = [
-    #"ansi_term@0.11.0",
-    #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
+  #"ansi_term@0.11.0",
+  #{ crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" },
 ]
 # Similarly to `skip` allows you to skip certain crates during duplicate
 # detection. Unlike skip, it also includes the entire tree of transitive
 # dependencies starting at the specified crate, up to a certain depth, which is
 # by default infinite.
 skip-tree = [
-    #"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
-    #{ crate = "ansi_term@0.11.0", depth = 20 },
+  #"ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies
+  #{ crate = "ansi_term@0.11.0", depth = 20 },
 ]
 
 # This section is considered when running `cargo deny check sources`.
diff --git a/.rustfmt.toml b/.rustfmt.toml
index 8af4b10..324bf8b 100644
--- a/.rustfmt.toml
+++ b/.rustfmt.toml
@@ -1,27 +1,26 @@
-condense_wildcard_suffixes   = true
+condense_wildcard_suffixes = true
 doc_comment_code_block_width = 80
-edition                      = "2024"               # Keep in sync with Cargo.toml.
+edition = "2024"                      # Keep in sync with Cargo.toml.
 enum_discrim_align_threshold = 60
-force_explicit_abi           = false
-force_multiline_blocks       = true
-format_code_in_doc_comments  = true
-format_macro_matchers        = true
-format_strings               = true
-group_imports                = "StdExternalCrate"
-hex_literal_case             = "Upper"
-imports_granularity          = "Crate"
-imports_layout               = "HorizontalVertical"
-inline_attribute_width       = 60
-match_block_trailing_comma   = true
-max_width                    = 80
-newline_style                = "Unix"
-normalize_comments           = true
-normalize_doc_attributes     = true
-overflow_delimited_expr      = true
+force_explicit_abi = false
+force_multiline_blocks = true
+format_code_in_doc_comments = true
+format_macro_matchers = true
+format_strings = true
+group_imports = "StdExternalCrate"
+hex_literal_case = "Upper"
+imports_granularity = "Crate"
+imports_layout = "HorizontalVertical"
+inline_attribute_width = 60
+match_block_trailing_comma = true
+max_width = 80
+newline_style = "Unix"
+normalize_comments = true
+normalize_doc_attributes = true
+overflow_delimited_expr = true
 struct_field_align_threshold = 60
-tab_spaces                   = 2
-unstable_features            = true
-use_field_init_shorthand     = true
-use_try_shorthand            = true
-wrap_comments                = true
-
+tab_spaces = 2
+unstable_features = true
+use_field_init_shorthand = true
+use_try_shorthand = true
+wrap_comments = true
diff --git a/pinakes.example.toml b/pinakes.example.toml
index 57c9e38..0a3c7c7 100644
--- a/pinakes.example.toml
+++ b/pinakes.example.toml
@@ -95,10 +95,9 @@ port = 3000
 # session_timeout_secs = 86400
 
 # Enable CORS (Cross-Origin Resource Sharing)
+# When enabled with origins, replaces default localhost origins
 # Default: false
 # cors_enabled = true
-
-# Allowed CORS origins (if CORS is enabled)
 # cors_origins = ["http://localhost:5173", "https://app.example.com"]
 
 # Enable TLS/HTTPS
@@ -198,6 +197,10 @@ sidebar_collapsed = false
 
 ## User Accounts & Authentication
 [accounts]
+# Session expiry in hours
+# Default: 24
+# session_expiry_hours = 24
+
 # Require email verification for new accounts
 # Default: false
 # require_email_verification = false
@@ -222,6 +225,22 @@ sidebar_collapsed = false
 # Default: 900 (15 minutes)
 # lockout_duration_secs = 900
 
+## Rate Limiting Configuration
+## All rate limits are per-IP. Values control token bucket parameters:
+## per_second = interval in seconds between token replenishment
+## burst_size = maximum tokens (concurrent requests) allowed
+# [rate_limits]
+# global_per_second = 1       # ~100 req/sec with burst_size=100
+# global_burst_size = 100
+# login_per_second = 12       # ~5 req/min with burst_size=5
+# login_burst_size = 5
+# search_per_second = 6       # ~10 req/min with burst_size=10
+# search_burst_size = 10
+# stream_per_second = 60      # 1 per minute, max 5 concurrent
+# stream_burst_size = 5
+# share_per_second = 2        # Share token access rate limit
+# share_burst_size = 20
+
 ## Background Jobs Configuration
 [jobs]
 # Number of concurrent background job workers
@@ -232,6 +251,11 @@ worker_count = 2
 # Default: 60
 cache_ttl_secs = 60
 
+# Maximum time a job can run before being cancelled (in seconds)
+# Set to 0 to disable timeout
+# Default: 3600 (1 hour)
+# job_timeout_secs = 3600
+
 ## Metadata Enrichment Configuration
 [enrichment]
 # Enable automatic metadata enrichment from online sources
@@ -333,11 +357,14 @@ enabled = false
 # retention_days = 90
 
 ## Webhook Configuration
-# Send HTTP notifications for events
+# Send HTTP notifications for events.
+# Supported events: media.created, media.updated, media.deleted,
+#                   scan.completed, import.completed, test
+# Use "*" to receive all events.
 # [[webhooks]]
 # url = "https://example.com/webhook"
-# events = ["media.imported", "media.deleted", "tag.created"]
-# secret = "webhook-secret-for-signature"  # Optional HMAC secret
+# events = ["media.created", "media.deleted", "scan.completed"]
+# secret = "webhook-secret-for-signature"  # Optional BLAKE3 HMAC secret
 
 ## Scheduled Tasks
 # Configure periodic background tasks