From 7983557c5af89d767714c1bd52e9ad1305bacc39 Mon Sep 17 00:00:00 2001
From: neri <neri@ctdo.de>
Date: Sat, 15 Oct 2022 14:31:54 +0200
Subject: [PATCH] update/fix rate limit environment variables

---
 Cargo.lock        |  2 +-
 Cargo.toml        |  2 +-
 README.md         | 20 ++++++++++----------
 src/config.rs     | 13 +++++++------
 src/main.rs       |  2 +-
 src/rate_limit.rs |  2 +-
 6 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 7c8a21b..601710f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -416,7 +416,7 @@ dependencies = [
 
 [[package]]
 name = "datatrash"
-version = "1.2.2"
+version = "2.0.0"
 dependencies = [
  "actix-files",
  "actix-governor",
diff --git a/Cargo.toml b/Cargo.toml
index 239912c..36dd045 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "datatrash"
-version = "1.2.2"
+version = "2.0.0"
 authors = ["neri"]
 edition = "2021"
 
diff --git a/README.md b/README.md
index 22abbd4..af22160 100644
--- a/README.md
+++ b/README.md
@@ -18,16 +18,16 @@ To run the software directly, use the compiling instructions below.
 
 ### General configuration
 
-| environment variable  | default value  | description                                    |
-| --------------------- | -------------- | ---------------------------------------------- |
-| STATIC_DIR            | ./static       | directory to generate "static" files into      |
-| FILES_DIR             | ./files        | directory to save uploaded files into          |
-| UPLOAD_MAX_BYTES      | 8388608 (8MiB) | maximum size for uploaded files                |
-| BIND_ADDRESS          | 0.0.0.0:8000   | address to bind the server to                  |
-| RATE_LIMIT            | true           | whether download rate should be limited        |
-| RATE_LIMIT_PROXIED    | false          | whether rate limit should read x-forwarded-for |
-| RATE_LIMIT_PER_SECOND | 60             | seconds to wait between requests               |
-| RATE_LIMIT_BURST      | 1440           | allowed request burst                          |
+| environment variable         | default value  | description                                    |
+| ---------------------------- | -------------- | ---------------------------------------------- |
+| STATIC_DIR                   | ./static       | directory to generate "static" files into      |
+| FILES_DIR                    | ./files        | directory to save uploaded files into          |
+| UPLOAD_MAX_BYTES             | 8388608 (8MiB) | maximum size for uploaded files                |
+| BIND_ADDRESS                 | 0.0.0.0:8000   | address to bind the server to                  |
+| RATE_LIMIT                   | true           | whether download rate should be limited        |
+| RATE_LIMIT_PROXIED           | false          | whether rate limit should read x-forwarded-for |
+| RATE_LIMIT_REPLENISH_SECONDS | 60             | seconds to wait between requests               |
+| RATE_LIMIT_BURST             | 480            | allowed request burst                          |
 
 ### Database configuration
 
diff --git a/src/config.rs b/src/config.rs
index 9379134..b293f4d 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -13,7 +13,7 @@ pub struct Config {
     pub no_auth_limits: Option<NoAuthLimits>,
     pub enable_rate_limit: bool,
     pub proxied: bool,
-    pub rate_limit_per_second: u64,
+    pub rate_limit_replenish_seconds: u64,
     pub rate_limit_burst: u32,
 }
 
@@ -41,16 +41,17 @@ pub async fn get_config() -> Config {
 
     let no_auth_limits = get_no_auth_limits();
 
+    // default to 480requests/8h
     let enable_rate_limit = matches!(env::var("RATE_LIMIT").as_deref(), Ok("true") | Err(_));
-    let proxied = env::var("PROXIED").as_deref() == Ok("true");
-    let rate_limit_per_second = env::var("RATE_LIMIT_PER_SECOND")
+    let proxied = env::var("RATE_LIMIT_PROXIED").as_deref() == Ok("true");
+    let rate_limit_replenish_seconds = env::var("RATE_LIMIT_REPLENISH_SECONDS")
         .ok()
         .and_then(|rate_limit| rate_limit.parse().ok())
         .unwrap_or(60);
     let rate_limit_burst = env::var("RATE_LIMIT_BURST")
         .ok()
-        .and_then(|rate_limit| rate_limit.parse().ok())
-        .unwrap_or(1440);
+        .and_then(|burst| burst.parse().ok())
+        .unwrap_or(480);
 
     Config {
         static_dir,
@@ -59,7 +60,7 @@ pub async fn get_config() -> Config {
         no_auth_limits,
         enable_rate_limit,
         proxied,
-        rate_limit_per_second,
+        rate_limit_replenish_seconds,
         rate_limit_burst,
     }
 }
diff --git a/src/main.rs b/src/main.rs
index 6f4c45c..cc9aa5c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -57,7 +57,7 @@ async fn main() -> std::io::Result<()> {
     let config = Data::new(config);
 
     let governor_conf = GovernorConfigBuilder::default()
-        .per_second(config.rate_limit_per_second)
+        .per_second(config.rate_limit_replenish_seconds)
         .burst_size(config.rate_limit_burst)
         .key_extractor(ForwardedPeerIpKeyExtractor {
             proxied: config.proxied,
diff --git a/src/rate_limit.rs b/src/rate_limit.rs
index 4718ab2..b27a311 100644
--- a/src/rate_limit.rs
+++ b/src/rate_limit.rs
@@ -16,7 +16,7 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
 
     fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
         let forwarded_for = req.headers().get("x-forwarded-for");
-        if !self.proxied && forwarded_for.is_some() {
+        if self.proxied && forwarded_for.is_some() {
             let forwarded_for = forwarded_for
                 .unwrap()
                 .to_str()