Module handshake 

Handshake Defender (pre-upgrade DoS guard).

Purpose:

• Stop abuse before WebSocket upgrade.
• Per-IP + global leaky-bucket limiter.
• Returns HTTP 429 with Retry-After header hint.
• Note: cleanup is probabilistic and inline; under extreme IP churn it can briefly block the caller. A background cleaner is preferable for very high churn.

Structs

HandshakeDefender

A lightweight in-memory handshake rate limiter.

LeakyBucket

Simple leaky bucket (capacity/refill, best-effort).

Functions

retry_after_header_secs

Helper: format Retry-After duration.