chore: update example config with ratelimit opts; format TOML

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iefb657f4564caa8fd9a0ec375522c4726a6a6964

.cargo/config.toml

@@ -23,5 +23,3 @@ codegen-units = 1
 panic = "abort"
 strip = true
 incremental = false
-
-

.deny.toml

@@ -81,7 +81,7 @@ ignore = [
   { id = "RUSTSEC-2024-0416", reason = "Used by Dioxus and there is no alternative!" },
   { id = "RUSTSEC-2024-0418", reason = "Used by Dioxus and there is no alternative!" },
   { id = "RUSTSEC-2024-0419", reason = "Used by Dioxus and there is no alternative!" },
-    { id = "RUSTSEC-2024-0420", reason = "Used by Dioxus and there is no alternative!"}
+  { id = "RUSTSEC-2024-0420", reason = "Used by Dioxus and there is no alternative!" },
 
   #"RUSTSEC-0000-0000",
   #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },

.rustfmt.toml

@@ -24,4 +24,3 @@ unstable_features            = true
 use_field_init_shorthand = true
 use_try_shorthand = true
 wrap_comments = true
-

pinakes.example.toml

@@ -95,10 +95,9 @@ port = 3000
 # session_timeout_secs = 86400
 
 # Enable CORS (Cross-Origin Resource Sharing)
+# When enabled with origins, replaces default localhost origins
 # Default: false
 # cors_enabled = true
-
-# Allowed CORS origins (if CORS is enabled)
 # cors_origins = ["http://localhost:5173", "https://app.example.com"]
 
 # Enable TLS/HTTPS
@@ -198,6 +197,10 @@ sidebar_collapsed = false
 
 ## User Accounts & Authentication
 [accounts]
+# Session expiry in hours
+# Default: 24
+# session_expiry_hours = 24
+
 # Require email verification for new accounts
 # Default: false
 # require_email_verification = false
@@ -222,6 +225,22 @@ sidebar_collapsed = false
 # Default: 900 (15 minutes)
 # lockout_duration_secs = 900
 
+## Rate Limiting Configuration
+## All rate limits are per-IP. Values control token bucket parameters:
+## per_second = interval in seconds between token replenishment
+## burst_size = maximum tokens (concurrent requests) allowed
+# [rate_limits]
+# global_per_second = 1       # ~100 req/sec with burst_size=100
+# global_burst_size = 100
+# login_per_second = 12       # ~5 req/min with burst_size=5
+# login_burst_size = 5
+# search_per_second = 6       # ~10 req/min with burst_size=10
+# search_burst_size = 10
+# stream_per_second = 60      # 1 per minute, max 5 concurrent
+# stream_burst_size = 5
+# share_per_second = 2        # Share token access rate limit
+# share_burst_size = 20
+
 ## Background Jobs Configuration
 [jobs]
 # Number of concurrent background job workers
@@ -232,6 +251,11 @@ worker_count = 2
 # Default: 60
 cache_ttl_secs = 60
 
+# Maximum time a job can run before being cancelled (in seconds)
+# Set to 0 to disable timeout
+# Default: 3600 (1 hour)
+# job_timeout_secs = 3600
+
 ## Metadata Enrichment Configuration
 [enrichment]
 # Enable automatic metadata enrichment from online sources
@@ -333,11 +357,14 @@ enabled = false
 # retention_days = 90
 
 ## Webhook Configuration
-# Send HTTP notifications for events
+# Send HTTP notifications for events.
+# Supported events: media.created, media.updated, media.deleted,
+#                   scan.completed, import.completed, test
+# Use "*" to receive all events.
 # [[webhooks]]
 # url = "https://example.com/webhook"
-# events = ["media.imported", "media.deleted", "tag.created"]
-# secret = "webhook-secret-for-signature"  # Optional HMAC secret
+# events = ["media.created", "media.deleted", "scan.completed"]
+# secret = "webhook-secret-for-signature"  # Optional BLAKE3 HMAC secret
 
 ## Scheduled Tasks
 # Configure periodic background tasks