From 904829094816fb38d8f1e1d2c19c4c9c014baa88 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 27 Jan 2025 19:21:13 +0100
Subject: [chore] skip `trusted-proxies` warning if ip excepted from rate
 limiting (#3699)

* [chore] skip `trusted-proxies` warning if ip excepted from rate limiting

* weep

* typo

* fix env parsing test
---
 internal/middleware/ratelimit.go | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'internal/middleware/ratelimit.go')

diff --git a/internal/middleware/ratelimit.go b/internal/middleware/ratelimit.go
index 352a30c22..a259cd575 100644
--- a/internal/middleware/ratelimit.go
+++ b/internal/middleware/ratelimit.go
@@ -48,7 +48,7 @@ const rateLimitPeriod = 5 * time.Minute
 //
 // If the config AdvancedRateLimitRequests value is <= 0, then a noop
 // handler will be returned, which performs no rate limiting.
-func RateLimit(limit int, exceptions []string) gin.HandlerFunc {
+func RateLimit(limit int, except []netip.Prefix) gin.HandlerFunc {
 	if limit <= 0 {
 		// Rate limiting is disabled.
 		// Return noop middleware.
@@ -63,12 +63,6 @@ func RateLimit(limit int, exceptions []string) gin.HandlerFunc {
 		},
 	)
 
-	// Convert exceptions IP ranges into prefixes.
-	exceptPrefs := make([]netip.Prefix, len(exceptions))
-	for i, str := range exceptions {
-		exceptPrefs[i] = netip.MustParsePrefix(str)
-	}
-
 	// It's prettymuch impossible to effectively
 	// rate limit the immense IPv6 address space
 	// unless we mask some of the bytes.
@@ -88,7 +82,7 @@ func RateLimit(limit int, exceptions []string) gin.HandlerFunc {
 
 		// Check if this IP is exempt from rate
 		// limits and skip further checks if so.
-		for _, prefix := range exceptPrefs {
+		for _, prefix := range except {
 			if prefix.Contains(clientIP) {
 				c.Next()
 				return
-- 
cgit v1.2.3