mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-10-31 01:32:25 -05:00
bee8458a2d* feat: add rate limit middleware * chore: update vendor dir * chore: update readme with new dependency * chore: add rate limit infos to swagger.md file * refactor: add ipv6 mask limiter option Add IPv6 CIDR /64 mask * refactor: increase rate limit to 1000 Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800 Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
61 lines
2.4 KiB
Go
61 lines
2.4 KiB
Go
package limiter
|
|
|
|
import (
|
|
"net"
|
|
)
|
|
|
|
// Option is a functional option.
|
|
type Option func(*Options)
|
|
|
|
// Options are limiter options.
|
|
type Options struct {
|
|
// IPv4Mask defines the mask used to obtain a IPv4 address.
|
|
IPv4Mask net.IPMask
|
|
// IPv6Mask defines the mask used to obtain a IPv6 address.
|
|
IPv6Mask net.IPMask
|
|
// TrustForwardHeader enable parsing of X-Real-IP and X-Forwarded-For headers to obtain user IP.
|
|
// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
|
|
// proxy is not configured properly to forward a trustworthy client IP.
|
|
// Please read the section "Limiter behind a reverse proxy" in the README for further information.
|
|
TrustForwardHeader bool
|
|
// ClientIPHeader defines a custom header (likely defined by your CDN or Cloud provider) to obtain user IP.
|
|
// If configured, this option will override "TrustForwardHeader" option.
|
|
// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
|
|
// proxy is not configured properly to forward a trustworthy client IP.
|
|
// Please read the section "Limiter behind a reverse proxy" in the README for further information.
|
|
ClientIPHeader string
|
|
}
|
|
|
|
// WithIPv4Mask will configure the limiter to use given mask for IPv4 address.
|
|
func WithIPv4Mask(mask net.IPMask) Option {
|
|
return func(o *Options) {
|
|
o.IPv4Mask = mask
|
|
}
|
|
}
|
|
|
|
// WithIPv6Mask will configure the limiter to use given mask for IPv6 address.
|
|
func WithIPv6Mask(mask net.IPMask) Option {
|
|
return func(o *Options) {
|
|
o.IPv6Mask = mask
|
|
}
|
|
}
|
|
|
|
// WithTrustForwardHeader will configure the limiter to trust X-Real-IP and X-Forwarded-For headers.
|
|
// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
|
|
// proxy is not configured properly to forward a trustworthy client IP.
|
|
// Please read the section "Limiter behind a reverse proxy" in the README for further information.
|
|
func WithTrustForwardHeader(enable bool) Option {
|
|
return func(o *Options) {
|
|
o.TrustForwardHeader = enable
|
|
}
|
|
}
|
|
|
|
// WithClientIPHeader will configure the limiter to use a custom header to obtain user IP.
|
|
// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
|
|
// proxy is not configured properly to forward a trustworthy client IP.
|
|
// Please read the section "Limiter behind a reverse proxy" in the README for further information.
|
|
func WithClientIPHeader(header string) Option {
|
|
return func(o *Options) {
|
|
o.ClientIPHeader = header
|
|
}
|
|
}
|