update/fix rate limit environment variables

This commit is contained in:
neri 2022-10-15 14:31:54 +02:00
parent 32fdda0b1e
commit 7983557c5a
6 changed files with 21 additions and 20 deletions

2
Cargo.lock generated
View File

@ -416,7 +416,7 @@ dependencies = [
[[package]]
name = "datatrash"
version = "1.2.2"
version = "2.0.0"
dependencies = [
"actix-files",
"actix-governor",

View File

@ -1,6 +1,6 @@
[package]
name = "datatrash"
version = "1.2.2"
version = "2.0.0"
authors = ["neri"]
edition = "2021"

View File

@ -19,15 +19,15 @@ To run the software directly, use the compiling instructions below.
### General configuration
| environment variable | default value | description |
| --------------------- | -------------- | ---------------------------------------------- |
| ---------------------------- | -------------- | ---------------------------------------------- |
| STATIC_DIR | ./static | directory to generate "static" files into |
| FILES_DIR | ./files | directory to save uploaded files into |
| UPLOAD_MAX_BYTES | 8388608 (8MiB) | maximum size for uploaded files |
| BIND_ADDRESS | 0.0.0.0:8000 | address to bind the server to |
| RATE_LIMIT | true | whether download rate should be limited |
| RATE_LIMIT_PROXIED | false | whether rate limit should read x-forwarded-for |
| RATE_LIMIT_PER_SECOND | 60 | seconds to wait between requests |
| RATE_LIMIT_BURST | 1440 | allowed request burst |
| RATE_LIMIT_REPLENISH_SECONDS | 60 | seconds to wait between requests |
| RATE_LIMIT_BURST | 480 | allowed request burst |
### Database configuration

View File

@ -13,7 +13,7 @@ pub struct Config {
pub no_auth_limits: Option<NoAuthLimits>,
pub enable_rate_limit: bool,
pub proxied: bool,
pub rate_limit_per_second: u64,
pub rate_limit_replenish_seconds: u64,
pub rate_limit_burst: u32,
}
@ -41,16 +41,17 @@ pub async fn get_config() -> Config {
let no_auth_limits = get_no_auth_limits();
// default to 480requests/8h
let enable_rate_limit = matches!(env::var("RATE_LIMIT").as_deref(), Ok("true") | Err(_));
let proxied = env::var("PROXIED").as_deref() == Ok("true");
let rate_limit_per_second = env::var("RATE_LIMIT_PER_SECOND")
let proxied = env::var("RATE_LIMIT_PROXIED").as_deref() == Ok("true");
let rate_limit_replenish_seconds = env::var("RATE_LIMIT_REPLENISH_SECONDS")
.ok()
.and_then(|rate_limit| rate_limit.parse().ok())
.unwrap_or(60);
let rate_limit_burst = env::var("RATE_LIMIT_BURST")
.ok()
.and_then(|rate_limit| rate_limit.parse().ok())
.unwrap_or(1440);
.and_then(|burst| burst.parse().ok())
.unwrap_or(480);
Config {
static_dir,
@ -59,7 +60,7 @@ pub async fn get_config() -> Config {
no_auth_limits,
enable_rate_limit,
proxied,
rate_limit_per_second,
rate_limit_replenish_seconds,
rate_limit_burst,
}
}

View File

@ -57,7 +57,7 @@ async fn main() -> std::io::Result<()> {
let config = Data::new(config);
let governor_conf = GovernorConfigBuilder::default()
.per_second(config.rate_limit_per_second)
.per_second(config.rate_limit_replenish_seconds)
.burst_size(config.rate_limit_burst)
.key_extractor(ForwardedPeerIpKeyExtractor {
proxied: config.proxied,

View File

@ -16,7 +16,7 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
let forwarded_for = req.headers().get("x-forwarded-for");
if !self.proxied && forwarded_for.is_some() {
if self.proxied && forwarded_for.is_some() {
let forwarded_for = forwarded_for
.unwrap()
.to_str()