From 7983557c5af89d767714c1bd52e9ad1305bacc39 Mon Sep 17 00:00:00 2001 From: neri Date: Sat, 15 Oct 2022 14:31:54 +0200 Subject: [PATCH] update/fix rate limit environment variables --- Cargo.lock | 2 +- Cargo.toml | 2 +- README.md | 20 ++++++++++---------- src/config.rs | 13 +++++++------ src/main.rs | 2 +- src/rate_limit.rs | 2 +- 6 files changed, 21 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7c8a21b..601710f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -416,7 +416,7 @@ dependencies = [ [[package]] name = "datatrash" -version = "1.2.2" +version = "2.0.0" dependencies = [ "actix-files", "actix-governor", diff --git a/Cargo.toml b/Cargo.toml index 239912c..36dd045 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "datatrash" -version = "1.2.2" +version = "2.0.0" authors = ["neri"] edition = "2021" diff --git a/README.md b/README.md index 22abbd4..af22160 100644 --- a/README.md +++ b/README.md @@ -18,16 +18,16 @@ To run the software directly, use the compiling instructions below. ### General configuration -| environment variable | default value | description | -| --------------------- | -------------- | ---------------------------------------------- | -| STATIC_DIR | ./static | directory to generate "static" files into | -| FILES_DIR | ./files | directory to save uploaded files into | -| UPLOAD_MAX_BYTES | 8388608 (8MiB) | maximum size for uploaded files | -| BIND_ADDRESS | 0.0.0.0:8000 | address to bind the server to | -| RATE_LIMIT | true | whether download rate should be limited | -| RATE_LIMIT_PROXIED | false | whether rate limit should read x-forwarded-for | -| RATE_LIMIT_PER_SECOND | 60 | seconds to wait between requests | -| RATE_LIMIT_BURST | 1440 | allowed request burst | +| environment variable | default value | description | +| ---------------------------- | -------------- | ---------------------------------------------- | +| STATIC_DIR | ./static | directory to generate "static" files into | +| FILES_DIR | ./files | directory to save uploaded files into | +| UPLOAD_MAX_BYTES | 8388608 (8MiB) | maximum size for uploaded files | +| BIND_ADDRESS | 0.0.0.0:8000 | address to bind the server to | +| RATE_LIMIT | true | whether download rate should be limited | +| RATE_LIMIT_PROXIED | false | whether rate limit should read x-forwarded-for | +| RATE_LIMIT_REPLENISH_SECONDS | 60 | seconds to wait between requests | +| RATE_LIMIT_BURST | 480 | allowed request burst | ### Database configuration diff --git a/src/config.rs b/src/config.rs index 9379134..b293f4d 100644 --- a/src/config.rs +++ b/src/config.rs @@ -13,7 +13,7 @@ pub struct Config { pub no_auth_limits: Option, pub enable_rate_limit: bool, pub proxied: bool, - pub rate_limit_per_second: u64, + pub rate_limit_replenish_seconds: u64, pub rate_limit_burst: u32, } @@ -41,16 +41,17 @@ pub async fn get_config() -> Config { let no_auth_limits = get_no_auth_limits(); + // default to 480requests/8h let enable_rate_limit = matches!(env::var("RATE_LIMIT").as_deref(), Ok("true") | Err(_)); - let proxied = env::var("PROXIED").as_deref() == Ok("true"); - let rate_limit_per_second = env::var("RATE_LIMIT_PER_SECOND") + let proxied = env::var("RATE_LIMIT_PROXIED").as_deref() == Ok("true"); + let rate_limit_replenish_seconds = env::var("RATE_LIMIT_REPLENISH_SECONDS") .ok() .and_then(|rate_limit| rate_limit.parse().ok()) .unwrap_or(60); let rate_limit_burst = env::var("RATE_LIMIT_BURST") .ok() - .and_then(|rate_limit| rate_limit.parse().ok()) - .unwrap_or(1440); + .and_then(|burst| burst.parse().ok()) + .unwrap_or(480); Config { static_dir, @@ -59,7 +60,7 @@ pub async fn get_config() -> Config { no_auth_limits, enable_rate_limit, proxied, - rate_limit_per_second, + rate_limit_replenish_seconds, rate_limit_burst, } } diff --git a/src/main.rs b/src/main.rs index 6f4c45c..cc9aa5c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -57,7 +57,7 @@ async fn main() -> std::io::Result<()> { let config = Data::new(config); let governor_conf = GovernorConfigBuilder::default() - .per_second(config.rate_limit_per_second) + .per_second(config.rate_limit_replenish_seconds) .burst_size(config.rate_limit_burst) .key_extractor(ForwardedPeerIpKeyExtractor { proxied: config.proxied, diff --git a/src/rate_limit.rs b/src/rate_limit.rs index 4718ab2..b27a311 100644 --- a/src/rate_limit.rs +++ b/src/rate_limit.rs @@ -16,7 +16,7 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor { fn extract(&self, req: &ServiceRequest) -> Result { let forwarded_for = req.headers().get("x-forwarded-for"); - if !self.proxied && forwarded_for.is_some() { + if self.proxied && forwarded_for.is_some() { let forwarded_for = forwarded_for .unwrap() .to_str()