[feature] request blocking by http headers (#2409)

2025-12-12 10:18:06 -06:00 · 2023-12-18 14:18:25 +00:00 · 2023-12-18 14:18:25 +00:00 · 8ebb7775a3
commit 8ebb7775a3
parent 07bd848028
36 changed files with 2561 additions and 81 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -163,6 +163,7 @@ type Configuration struct {
 	AdvancedThrottlingRetryAfter time.Duration `name:"advanced-throttling-retry-after" usage:"Retry-After duration response to send for throttled requests."`
 	AdvancedSenderMultiplier     int           `name:"advanced-sender-multiplier" usage:"Multiplier to use per cpu for batching outgoing fedi messages. 0 or less turns batching off (not recommended)."`
 	AdvancedCSPExtraURIs         []string      `name:"advanced-csp-extra-uris" usage:"Additional URIs to allow when building content-security-policy for media + images."`
+	AdvancedHeaderFilterMode     string        `name:"advanced-header-filter-mode" usage:"Set incoming request header filtering mode."`

 	// HTTPClient configuration vars.
 	HTTPClient HTTPClientConfiguration `name:"http-client"`
--- a/internal/config/const.go
+++ b/internal/config/const.go
@ -17,10 +17,16 @@

 package config

-// Instance federation mode determines how this
-// instance federates with others (if at all).
 const (
+	// Instance federation mode determines how this
+	// instance federates with others (if at all).
 	InstanceFederationModeBlocklist = "blocklist"
 	InstanceFederationModeAllowlist = "allowlist"
 	InstanceFederationModeDefault   = InstanceFederationModeBlocklist
+
+	// Request header filter mode determines how
+	// this instance will perform request filtering.
+	RequestHeaderFilterModeAllow    = "allow"
+	RequestHeaderFilterModeBlock    = "block"
+	RequestHeaderFilterModeDisabled = ""
 )
--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
@ -135,6 +135,7 @@ var Defaults = Configuration{
 	AdvancedThrottlingRetryAfter: time.Second * 30,
 	AdvancedSenderMultiplier:     2, // 2 senders per CPU
 	AdvancedCSPExtraURIs:         []string{},
+	AdvancedHeaderFilterMode:     RequestHeaderFilterModeDisabled,

 	Cache: CacheConfiguration{
 		// Rough memory target that the total
--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@ -158,6 +158,7 @@ func (s *ConfigState) AddServerFlags(cmd *cobra.Command) {
 		cmd.Flags().Duration(AdvancedThrottlingRetryAfterFlag(), cfg.AdvancedThrottlingRetryAfter, fieldtag("AdvancedThrottlingRetryAfter", "usage"))
 		cmd.Flags().Int(AdvancedSenderMultiplierFlag(), cfg.AdvancedSenderMultiplier, fieldtag("AdvancedSenderMultiplier", "usage"))
 		cmd.Flags().StringSlice(AdvancedCSPExtraURIsFlag(), cfg.AdvancedCSPExtraURIs, fieldtag("AdvancedCSPExtraURIs", "usage"))
+		cmd.Flags().String(AdvancedHeaderFilterModeFlag(), cfg.AdvancedHeaderFilterMode, fieldtag("AdvancedHeaderFilterMode", "usage"))

 		cmd.Flags().String(RequestIDHeaderFlag(), cfg.RequestIDHeader, fieldtag("RequestIDHeader", "usage"))
 	})
--- a/internal/config/helpers.gen.go
+++ b/internal/config/helpers.gen.go
@ -2600,6 +2600,31 @@ func GetAdvancedCSPExtraURIs() []string { return global.GetAdvancedCSPExtraURIs(
 // SetAdvancedCSPExtraURIs safely sets the value for global configuration 'AdvancedCSPExtraURIs' field
 func SetAdvancedCSPExtraURIs(v []string) { global.SetAdvancedCSPExtraURIs(v) }

+// GetAdvancedHeaderFilterMode safely fetches the Configuration value for state's 'AdvancedHeaderFilterMode' field
+func (st *ConfigState) GetAdvancedHeaderFilterMode() (v string) {
+	st.mutex.RLock()
+	v = st.config.AdvancedHeaderFilterMode
+	st.mutex.RUnlock()
+	return
+}
+
+// SetAdvancedHeaderFilterMode safely sets the Configuration value for state's 'AdvancedHeaderFilterMode' field
+func (st *ConfigState) SetAdvancedHeaderFilterMode(v string) {
+	st.mutex.Lock()
+	defer st.mutex.Unlock()
+	st.config.AdvancedHeaderFilterMode = v
+	st.reloadToViper()
+}
+
+// AdvancedHeaderFilterModeFlag returns the flag name for the 'AdvancedHeaderFilterMode' field
+func AdvancedHeaderFilterModeFlag() string { return "advanced-header-filter-mode" }
+
+// GetAdvancedHeaderFilterMode safely fetches the value for global configuration 'AdvancedHeaderFilterMode' field
+func GetAdvancedHeaderFilterMode() string { return global.GetAdvancedHeaderFilterMode() }
+
+// SetAdvancedHeaderFilterMode safely sets the value for global configuration 'AdvancedHeaderFilterMode' field
+func SetAdvancedHeaderFilterMode(v string) { global.SetAdvancedHeaderFilterMode(v) }
+
 // GetHTTPClientAllowIPs safely fetches the Configuration value for state's 'HTTPClient.AllowIPs' field
 func (st *ConfigState) GetHTTPClientAllowIPs() (v []string) {
 	st.mutex.RLock()