Module headers 

Header helpers used by axum-bound handlers: optimistic-locking ETag parsing/emission, W3C traceparent extraction, RFC 7239 Forwarded client-IP extraction, and context enrichment that bundles those.

Functions

enrich_context_from_headers

Enrich a CoolContext with the request id (from traceparent) and the client IP (from Forwarded/X-Forwarded-For). Malformed traceparent headers are silently ignored here — the auth/header-validation layer is the right place to reject them, not the enrichment seam.

parse_client_ip

Extract the most-specific client IP available from the request headers, falling back to none. Prefers Forwarded (RFC 7239) over the legacy X-Forwarded-For. Banks running behind a single trusted L7 take the leftmost entry; deeper proxy chains must verify and rewrite at the edge.

parse_if_match_version

Parse an If-Match header carrying a strong ETag of the form "<int>". Returns None if the header is absent. Returns an error if the header is present but malformed (weak validators, non-integer payloads, etc.).

parse_traceparent

Extract a W3C traceparent header, returning the trace-id portion when the header is present and well-formed. Returns Ok(None) when absent — callers should mint their own request id in that case so every audit row carries something. The trace-id is the second hyphen-delimited segment per W3C Trace Context; this implementation does not validate the flags/version segments since banks usually rebuild traceparent at the edge anyway.

set_version_etag

Insert an ETag header onto a response, formatted as a strong validator over the integer optimistic-locking version.