gotosocial/vendor/github.com/ulule/limiter/v3/options.go

package limiter

import (
	"net"
)

// Option is a functional option.
type Option func(*Options)

// Options are limiter options.
type Options struct {
	// IPv4Mask defines the mask used to obtain a IPv4 address.
	IPv4Mask net.IPMask
	// IPv6Mask defines the mask used to obtain a IPv6 address.
	IPv6Mask net.IPMask
	// TrustForwardHeader enable parsing of X-Real-IP and X-Forwarded-For headers to obtain user IP.
	// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
	// proxy is not configured properly to forward a trustworthy client IP.
	// Please read the section "Limiter behind a reverse proxy" in the README for further information.
	TrustForwardHeader bool
	// ClientIPHeader defines a custom header (likely defined by your CDN or Cloud provider) to obtain user IP.
	// If configured, this option will override "TrustForwardHeader" option.
	// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
	// proxy is not configured properly to forward a trustworthy client IP.
	// Please read the section "Limiter behind a reverse proxy" in the README for further information.
	ClientIPHeader string
}

// WithIPv4Mask will configure the limiter to use given mask for IPv4 address.
func WithIPv4Mask(mask net.IPMask) Option {
	return func(o *Options) {
		o.IPv4Mask = mask
	}
}

// WithIPv6Mask will configure the limiter to use given mask for IPv6 address.
func WithIPv6Mask(mask net.IPMask) Option {
	return func(o *Options) {
		o.IPv6Mask = mask
	}
}

// WithTrustForwardHeader will configure the limiter to trust X-Real-IP and X-Forwarded-For headers.
// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
// proxy is not configured properly to forward a trustworthy client IP.
// Please read the section "Limiter behind a reverse proxy" in the README for further information.
func WithTrustForwardHeader(enable bool) Option {
	return func(o *Options) {
		o.TrustForwardHeader = enable
	}
}

// WithClientIPHeader will configure the limiter to use a custom header to obtain user IP.
// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
// proxy is not configured properly to forward a trustworthy client IP.
// Please read the section "Limiter behind a reverse proxy" in the README for further information.
func WithClientIPHeader(header string) Option {
	return func(o *Options) {
		o.ClientIPHeader = header
	}
}
[feature] add rate limit middleware (#741) * feat: add rate limit middleware * chore: update vendor dir * chore: update readme with new dependency * chore: add rate limit infos to swagger.md file * refactor: add ipv6 mask limiter option Add IPv6 CIDR /64 mask * refactor: increase rate limit to 1000 Address https://github.com/superseriousbusiness/gotosocial/pull/741#discussion_r945584800 Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com> 2022-08-31 11:06:14 +01:00			`package limiter`

			`import (`
			`"net"`
			`)`

			`// Option is a functional option.`
			`type Option func(*Options)`

			`// Options are limiter options.`
			`type Options struct {`
			`// IPv4Mask defines the mask used to obtain a IPv4 address.`
			`IPv4Mask net.IPMask`
			`// IPv6Mask defines the mask used to obtain a IPv6 address.`
			`IPv6Mask net.IPMask`
			`// TrustForwardHeader enable parsing of X-Real-IP and X-Forwarded-For headers to obtain user IP.`
			`// Please be advised that using this option could be insecure (ie: spoofed) if your reverse`
			`// proxy is not configured properly to forward a trustworthy client IP.`
			`// Please read the section "Limiter behind a reverse proxy" in the README for further information.`
			`TrustForwardHeader bool`
			`// ClientIPHeader defines a custom header (likely defined by your CDN or Cloud provider) to obtain user IP.`
			`// If configured, this option will override "TrustForwardHeader" option.`
			`// Please be advised that using this option could be insecure (ie: spoofed) if your reverse`
			`// proxy is not configured properly to forward a trustworthy client IP.`
			`// Please read the section "Limiter behind a reverse proxy" in the README for further information.`
			`ClientIPHeader string`
			`}`

			`// WithIPv4Mask will configure the limiter to use given mask for IPv4 address.`
			`func WithIPv4Mask(mask net.IPMask) Option {`
			`return func(o *Options) {`
			`o.IPv4Mask = mask`
			`}`
			`}`

			`// WithIPv6Mask will configure the limiter to use given mask for IPv6 address.`
			`func WithIPv6Mask(mask net.IPMask) Option {`
			`return func(o *Options) {`
			`o.IPv6Mask = mask`
			`}`
			`}`

			`// WithTrustForwardHeader will configure the limiter to trust X-Real-IP and X-Forwarded-For headers.`
			`// Please be advised that using this option could be insecure (ie: spoofed) if your reverse`
			`// proxy is not configured properly to forward a trustworthy client IP.`
			`// Please read the section "Limiter behind a reverse proxy" in the README for further information.`
			`func WithTrustForwardHeader(enable bool) Option {`
			`return func(o *Options) {`
			`o.TrustForwardHeader = enable`
			`}`
			`}`

			`// WithClientIPHeader will configure the limiter to use a custom header to obtain user IP.`
			`// Please be advised that using this option could be insecure (ie: spoofed) if your reverse`
			`// proxy is not configured properly to forward a trustworthy client IP.`
			`// Please read the section "Limiter behind a reverse proxy" in the README for further information.`
			`func WithClientIPHeader(header string) Option {`
			`return func(o *Options) {`
			`o.ClientIPHeader = header`
			`}`
			`}`