forked from neri/datatrash
feat: rate limit ipv6 addresses based on the first /56
This commit is contained in:
parent
42a8cb3e0a
commit
701c86f64c
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "datatrash"
|
name = "datatrash"
|
||||||
version = "2.4.0"
|
version = "2.4.1"
|
||||||
authors = ["neri"]
|
authors = ["neri"]
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ pub(crate) async fn delete_old_files(
|
||||||
.fetch(&db);
|
.fetch(&db);
|
||||||
while let Some(row) = rows.try_next().await? {
|
while let Some(row) = rows.try_next().await? {
|
||||||
let file_id: String = row.try_get("file_id").expect("we selected this column");
|
let file_id: String = row.try_get("file_id").expect("we selected this column");
|
||||||
delete_content(&file_id, &files_dir).await?
|
delete_content(&file_id, &files_dir).await?;
|
||||||
}
|
}
|
||||||
|
|
||||||
sqlx::query("DELETE FROM files WHERE valid_till < $1")
|
sqlx::query("DELETE FROM files WHERE valid_till < $1")
|
||||||
|
|
|
@ -19,11 +19,21 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
|
||||||
|
|
||||||
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
|
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
|
||||||
let forwarded_for = req.headers().get("x-forwarded-for");
|
let forwarded_for = req.headers().get("x-forwarded-for");
|
||||||
if self.proxied && forwarded_for.is_some() {
|
let mut ip = if self.proxied && forwarded_for.is_some() {
|
||||||
read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)
|
read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)?
|
||||||
} else {
|
} else {
|
||||||
PeerIpKeyExtractor.extract(req)
|
PeerIpKeyExtractor.extract(req)?
|
||||||
|
};
|
||||||
|
|
||||||
|
// only keep the first /56 for ipv6 addresses
|
||||||
|
// mask 0xffff_ffff_ffff_ff00_0000_0000_0000_0000
|
||||||
|
if let IpAddr::V6(ipv6) = ip {
|
||||||
|
let mut octets = ipv6.octets();
|
||||||
|
octets[7..16].fill(0);
|
||||||
|
ip = IpAddr::V6(octets.into());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Ok(ip)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn exceed_rate_limit_response(
|
fn exceed_rate_limit_response(
|
||||||
|
|
Loading…
Reference in New Issue