neri
/
datatrash
1
0
Fork 1
Code Issues 7 Pull Requests Releases Wiki Activity

feat: rate limit ipv6 addresses based on the first /56

This commit is contained in:
neri 2023-11-16 13:59:12 +01:00
parent 42a8cb3e0a
commit 701c86f64c
4 changed files with 406 additions and 406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

792
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "datatrash"
version = "2.4.0"
version = "2.4.1"
authors = ["neri"]
edition = "2021"

2
src/deleter.rs
View File

@ -24,7 +24,7 @@ pub(crate) async fn delete_old_files(
.fetch(&db);
while let Some(row) = rows.try_next().await? {
let file_id: String = row.try_get("file_id").expect("we selected this column");
delete_content(&file_id, &files_dir).await?
delete_content(&file_id, &files_dir).await?;
}
sqlx::query("DELETE FROM files WHERE valid_till < $1")

16
src/rate_limit.rs
View File

@ -19,11 +19,21 @@ impl KeyExtractor for ForwardedPeerIpKeyExtractor {
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
let forwarded_for = req.headers().get("x-forwarded-for");
if self.proxied && forwarded_for.is_some() {
read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)
let mut ip = if self.proxied && forwarded_for.is_some() {
read_forwareded_for(forwarded_for).map_err(SimpleKeyExtractionError::new)?
} else {
PeerIpKeyExtractor.extract(req)
PeerIpKeyExtractor.extract(req)?
};
// only keep the first /56 for ipv6 addresses
// mask 0xffff_ffff_ffff_ff00_0000_0000_0000_0000
if let IpAddr::V6(ipv6) = ip {
let mut octets = ipv6.octets();
octets[7..16].fill(0);
ip = IpAddr::V6(octets.into());
}
Ok(ip)
}
fn exceed_rate_limit_response(