feat: rate limit ipv6 addresses based on the first /56

Cargo.lock

@@ -551,7 +551,7 @@ dependencies = [
 
 [[package]]
 name = "datatrash"
-version = "2.4.0"
+version = "2.4.1"
 dependencies = [
  "actix-files",
  "actix-governor",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "datatrash"
-version = "2.4.0"
+version = "2.4.1"
 authors = ["neri"]
 edition = "2021"
 

src/deleter.rs

@@ -24,7 +24,7 @@ pub(crate) async fn delete_old_files(
             .fetch(&db);
         while let Some(row) = rows.try_next().await? {
             let file_id: String = row.try_get("file_id").expect("we selected this column");
-            delete_content(&file_id, &files_dir).await?
+            delete_content(&file_id, &files_dir).await?;
         }
 
         sqlx::query("DELETE FROM files WHERE valid_till < $1")

src/rate_limit.rs

@@ -19,11 +19,21 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
 
     fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
         let forwarded_for = req.headers().get("x-forwarded-for");
-        if self.proxied && forwarded_for.is_some() {
-            read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)
+        let mut ip = if self.proxied && forwarded_for.is_some() {
+            read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)?
         } else {
-            PeerIpKeyExtractor.extract(req)
+            PeerIpKeyExtractor.extract(req)?
+        };
+
+        // only keep the first /56 for ipv6 addresses
+        // mask 0xffff_ffff_ffff_ff00_0000_0000_0000_0000
+        if let IpAddr::V6(ipv6) = ip {
+            let mut octets = ipv6.octets();
+            octets[7..16].fill(0);
+            ip = IpAddr::V6(octets.into());
         }
+
+        Ok(ip)
     }
 
     fn exceed_rate_limit_response(