forked from neri/datatrash
feat: rate limit ipv6 addresses based on the first /56
This commit is contained in:
parent
42a8cb3e0a
commit
701c86f64c
4 changed files with 406 additions and 406 deletions
792
Cargo.lock
generated
792
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "datatrash"
|
||||
version = "2.4.0"
|
||||
version = "2.4.1"
|
||||
authors = ["neri"]
|
||||
edition = "2021"
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ pub(crate) async fn delete_old_files(
|
|||
.fetch(&db);
|
||||
while let Some(row) = rows.try_next().await? {
|
||||
let file_id: String = row.try_get("file_id").expect("we selected this column");
|
||||
delete_content(&file_id, &files_dir).await?
|
||||
delete_content(&file_id, &files_dir).await?;
|
||||
}
|
||||
|
||||
sqlx::query("DELETE FROM files WHERE valid_till < $1")
|
||||
|
|
|
@ -19,11 +19,21 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
|
|||
|
||||
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
|
||||
let forwarded_for = req.headers().get("x-forwarded-for");
|
||||
if self.proxied && forwarded_for.is_some() {
|
||||
read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)
|
||||
let mut ip = if self.proxied && forwarded_for.is_some() {
|
||||
read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)?
|
||||
} else {
|
||||
PeerIpKeyExtractor.extract(req)
|
||||
PeerIpKeyExtractor.extract(req)?
|
||||
};
|
||||
|
||||
// only keep the first /56 for ipv6 addresses
|
||||
// mask 0xffff_ffff_ffff_ff00_0000_0000_0000_0000
|
||||
if let IpAddr::V6(ipv6) = ip {
|
||||
let mut octets = ipv6.octets();
|
||||
octets[7..16].fill(0);
|
||||
ip = IpAddr::V6(octets.into());
|
||||
}
|
||||
|
||||
Ok(ip)
|
||||
}
|
||||
|
||||
fn exceed_rate_limit_response(
|
||||
|
|
Loading…
Reference in a new issue