update/fix rate limit environment variables

This commit is contained in:
neri 2022-10-15 14:31:54 +02:00
parent 32fdda0b1e
commit 7983557c5a
6 changed files with 21 additions and 20 deletions

2
Cargo.lock generated
View File

@ -416,7 +416,7 @@ dependencies = [
[[package]] [[package]]
name = "datatrash" name = "datatrash"
version = "1.2.2" version = "2.0.0"
dependencies = [ dependencies = [
"actix-files", "actix-files",
"actix-governor", "actix-governor",

View File

@ -1,6 +1,6 @@
[package] [package]
name = "datatrash" name = "datatrash"
version = "1.2.2" version = "2.0.0"
authors = ["neri"] authors = ["neri"]
edition = "2021" edition = "2021"

View File

@ -19,15 +19,15 @@ To run the software directly, use the compiling instructions below.
### General configuration ### General configuration
| environment variable | default value | description | | environment variable | default value | description |
| --------------------- | -------------- | ---------------------------------------------- | | ---------------------------- | -------------- | ---------------------------------------------- |
| STATIC_DIR | ./static | directory to generate "static" files into | | STATIC_DIR | ./static | directory to generate "static" files into |
| FILES_DIR | ./files | directory to save uploaded files into | | FILES_DIR | ./files | directory to save uploaded files into |
| UPLOAD_MAX_BYTES | 8388608 (8MiB) | maximum size for uploaded files | | UPLOAD_MAX_BYTES | 8388608 (8MiB) | maximum size for uploaded files |
| BIND_ADDRESS | 0.0.0.0:8000 | address to bind the server to | | BIND_ADDRESS | 0.0.0.0:8000 | address to bind the server to |
| RATE_LIMIT | true | whether download rate should be limited | | RATE_LIMIT | true | whether download rate should be limited |
| RATE_LIMIT_PROXIED | false | whether rate limit should read x-forwarded-for | | RATE_LIMIT_PROXIED | false | whether rate limit should read x-forwarded-for |
| RATE_LIMIT_PER_SECOND | 60 | seconds to wait between requests | | RATE_LIMIT_REPLENISH_SECONDS | 60 | seconds to wait between requests |
| RATE_LIMIT_BURST | 1440 | allowed request burst | | RATE_LIMIT_BURST | 480 | allowed request burst |
### Database configuration ### Database configuration

View File

@ -13,7 +13,7 @@ pub struct Config {
pub no_auth_limits: Option<NoAuthLimits>, pub no_auth_limits: Option<NoAuthLimits>,
pub enable_rate_limit: bool, pub enable_rate_limit: bool,
pub proxied: bool, pub proxied: bool,
pub rate_limit_per_second: u64, pub rate_limit_replenish_seconds: u64,
pub rate_limit_burst: u32, pub rate_limit_burst: u32,
} }
@ -41,16 +41,17 @@ pub async fn get_config() -> Config {
let no_auth_limits = get_no_auth_limits(); let no_auth_limits = get_no_auth_limits();
// default to 480requests/8h
let enable_rate_limit = matches!(env::var("RATE_LIMIT").as_deref(), Ok("true") | Err(_)); let enable_rate_limit = matches!(env::var("RATE_LIMIT").as_deref(), Ok("true") | Err(_));
let proxied = env::var("PROXIED").as_deref() == Ok("true"); let proxied = env::var("RATE_LIMIT_PROXIED").as_deref() == Ok("true");
let rate_limit_per_second = env::var("RATE_LIMIT_PER_SECOND") let rate_limit_replenish_seconds = env::var("RATE_LIMIT_REPLENISH_SECONDS")
.ok() .ok()
.and_then(|rate_limit| rate_limit.parse().ok()) .and_then(|rate_limit| rate_limit.parse().ok())
.unwrap_or(60); .unwrap_or(60);
let rate_limit_burst = env::var("RATE_LIMIT_BURST") let rate_limit_burst = env::var("RATE_LIMIT_BURST")
.ok() .ok()
.and_then(|rate_limit| rate_limit.parse().ok()) .and_then(|burst| burst.parse().ok())
.unwrap_or(1440); .unwrap_or(480);
Config { Config {
static_dir, static_dir,
@ -59,7 +60,7 @@ pub async fn get_config() -> Config {
no_auth_limits, no_auth_limits,
enable_rate_limit, enable_rate_limit,
proxied, proxied,
rate_limit_per_second, rate_limit_replenish_seconds,
rate_limit_burst, rate_limit_burst,
} }
} }

View File

@ -57,7 +57,7 @@ async fn main() -> std::io::Result<()> {
let config = Data::new(config); let config = Data::new(config);
let governor_conf = GovernorConfigBuilder::default() let governor_conf = GovernorConfigBuilder::default()
.per_second(config.rate_limit_per_second) .per_second(config.rate_limit_replenish_seconds)
.burst_size(config.rate_limit_burst) .burst_size(config.rate_limit_burst)
.key_extractor(ForwardedPeerIpKeyExtractor { .key_extractor(ForwardedPeerIpKeyExtractor {
proxied: config.proxied, proxied: config.proxied,

View File

@ -16,7 +16,7 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> { fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
let forwarded_for = req.headers().get("x-forwarded-for"); let forwarded_for = req.headers().get("x-forwarded-for");
if !self.proxied && forwarded_for.is_some() { if self.proxied && forwarded_for.is_some() {
let forwarded_for = forwarded_for let forwarded_for = forwarded_for
.unwrap() .unwrap()
.to_str() .to_str()