diff options
| author |  nya1 <nya1git@imap.cc> | 2022-08-31 12:06:14 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-08-31 12:06:14 +0200 |
| commit | bee8458a2d12bdd42079fcb2c4ca88ebeafe305b (patch) | |
| tree | c114acf28a460c1ebaa85965c89f2e7fb540eecc /vendor/github.com/ulule/limiter/v3/options.go | |
| parent | [feature] Sort follow requests, followers, and following by updated_at (#774) (diff) | |
| download | gotosocial-bee8458a2d12bdd42079fcb2c4ca88ebeafe305b.tar.xz | |
[feature] add rate limit middleware (#741)
* feat: add rate limit middleware
* chore: update vendor dir
* chore: update readme with new dependency
* chore: add rate limit infos to swagger.md file
* refactor: add ipv6 mask limiter option
Add IPv6 CIDR /64 mask
* refactor: increase rate limit to 1000
Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800
Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
Diffstat (limited to 'vendor/github.com/ulule/limiter/v3/options.go')
| -rw-r--r-- | vendor/github.com/ulule/limiter/v3/options.go | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/vendor/github.com/ulule/limiter/v3/options.go b/vendor/github.com/ulule/limiter/v3/options.go new file mode 100644 index 000000000..d8a44eab3 --- /dev/null +++ b/vendor/github.com/ulule/limiter/v3/options.go @@ -0,0 +1,61 @@ +package limiter + +import ( + "net" +) + +// Option is a functional option. +type Option func(*Options) + +// Options are limiter options. +type Options struct { + // IPv4Mask defines the mask used to obtain a IPv4 address. + IPv4Mask net.IPMask + // IPv6Mask defines the mask used to obtain a IPv6 address. + IPv6Mask net.IPMask + // TrustForwardHeader enable parsing of X-Real-IP and X-Forwarded-For headers to obtain user IP. + // Please be advised that using this option could be insecure (ie: spoofed) if your reverse + // proxy is not configured properly to forward a trustworthy client IP. + // Please read the section "Limiter behind a reverse proxy" in the README for further information. + TrustForwardHeader bool + // ClientIPHeader defines a custom header (likely defined by your CDN or Cloud provider) to obtain user IP. + // If configured, this option will override "TrustForwardHeader" option. + // Please be advised that using this option could be insecure (ie: spoofed) if your reverse + // proxy is not configured properly to forward a trustworthy client IP. + // Please read the section "Limiter behind a reverse proxy" in the README for further information. + ClientIPHeader string +} + +// WithIPv4Mask will configure the limiter to use given mask for IPv4 address. +func WithIPv4Mask(mask net.IPMask) Option { + return func(o *Options) { + o.IPv4Mask = mask + } +} + +// WithIPv6Mask will configure the limiter to use given mask for IPv6 address. +func WithIPv6Mask(mask net.IPMask) Option { + return func(o *Options) { + o.IPv6Mask = mask + } +} + +// WithTrustForwardHeader will configure the limiter to trust X-Real-IP and X-Forwarded-For headers. +// Please be advised that using this option could be insecure (ie: spoofed) if your reverse +// proxy is not configured properly to forward a trustworthy client IP. +// Please read the section "Limiter behind a reverse proxy" in the README for further information. +func WithTrustForwardHeader(enable bool) Option { + return func(o *Options) { + o.TrustForwardHeader = enable + } +} + +// WithClientIPHeader will configure the limiter to use a custom header to obtain user IP. +// Please be advised that using this option could be insecure (ie: spoofed) if your reverse +// proxy is not configured properly to forward a trustworthy client IP. +// Please read the section "Limiter behind a reverse proxy" in the README for further information. +func WithClientIPHeader(header string) Option { + return func(o *Options) { + o.ClientIPHeader = header + } +} |