diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2025-01-27 19:21:13 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-01-27 19:21:13 +0100 |
| commit | 904829094816fb38d8f1e1d2c19c4c9c014baa88 (patch) | |
| tree | ef481d04b884011b838a03c8b3dd58b955c7eaec /internal/api | |
| parent | [chore] some tidy ups (#3677) (diff) | |
| download | gotosocial-904829094816fb38d8f1e1d2c19c4c9c014baa88.tar.xz | |
[chore] skip `trusted-proxies` warning if ip excepted from rate limiting (#3699)
* [chore] skip `trusted-proxies` warning if ip excepted from rate limiting
* weep
* typo
* fix env parsing test
Diffstat (limited to 'internal/api')
| -rw-r--r-- | internal/api/util/template.go | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/internal/api/util/template.go b/internal/api/util/template.go index f58563660..990874028 100644 --- a/internal/api/util/template.go +++ b/internal/api/util/template.go @@ -18,12 +18,13 @@ package util import ( - "net" "net/http" + "net/netip" "github.com/gin-gonic/gin" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/log" ) // WebPage encapsulates variables for @@ -137,7 +138,15 @@ func injectTrustedProxiesRec( return } - ip := net.ParseIP(clientIP) + ip, err := netip.ParseAddr(clientIP) + if err != nil { + log.Warnf( + c.Request.Context(), + "gin returned invalid clientIP %s: %v", + clientIP, err, + ) + } + if !ip.IsPrivate() { // Upstream set a remote IP // header but final clientIP @@ -147,8 +156,18 @@ func injectTrustedProxiesRec( return } + except := config.GetAdvancedRateLimitExceptionsParsed() + for _, prefix := range except { + if prefix.Contains(ip) { + // This ip is exempt from + // rate limiting, so don't + // inject the suggestion. + return + } + } + // Private IP, guess if Docker. - if dockerSubnet.Contains(ip) { + if DockerSubnet.Contains(ip) { // Suggest a CIDR that likely // covers this Docker subnet, // eg., 172.17.0.0 -> 172.17.255.255. @@ -163,16 +182,10 @@ func injectTrustedProxiesRec( obj["trustedProxiesRec"] = trustedProxiesRec } -// dockerSubnet is a CIDR that lets one make hazy guesses +// DockerSubnet is a CIDR that lets one make hazy guesses // as to whether an address is within the ranges Docker // uses for subnets, ie., 172.16.0.0 -> 172.31.255.255. -var dockerSubnet = func() *net.IPNet { - _, subnet, err := net.ParseCIDR("172.16.0.0/12") - if err != nil { - panic(err) - } - return subnet -}() +var DockerSubnet = netip.MustParsePrefix("172.16.0.0/12") // templateErrorPage renders the given // HTTP code, error, and request ID |