fix: always rate limit, fall back to client IP when header absent#447
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis pull request refactors the rate-limiting middleware to extract bucket-key derivation into a unified Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions Comment |
…ing-bypassable-when-header-absent-gotrue
…ing-bypassable-when-header-absent-gotrue
…ing-bypassable-when-header-absent-gotrue
…ing-bypassable-when-header-absent-gotrue
- Summary
limitHandleronly rate-limited whenRateLimitHeaderwas configured AND the client sent that header, which meant unset config disabled rate limiting entirely and missing headers shared one empty-string bucket. This always rate-limits, preferring the configured header and falling back to the client IP vianet.SplitHostPort(req.RemoteAddr)when the header is absent.chi/middleware.RealIPalready rewritesRemoteAddrfromX-Forwarded-For, so this stays correct behind a proxy.- Test plan
- Description for the changelog
Always rate limit requests, falling back to the client IP when the configured header is missing.
- A picture of a cute animal (not mandatory but encouraged)