feat/security
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m44s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m44s
Reviewed-on: #2
This commit was merged in pull request #2.
This commit is contained in:
@@ -3,6 +3,7 @@ package server
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
@@ -153,3 +154,39 @@ func (app *App) maxRequestBodyBytes() int64 {
|
||||
}
|
||||
return limit + 10*1024*1024
|
||||
}
|
||||
|
||||
func (app *App) enforceUploadRateLimit(ctx *gin.Context, size int64) bool {
|
||||
if !app.securityFeaturesEnabled() || app.securityGuard == nil {
|
||||
return true
|
||||
}
|
||||
ip := app.clientIP(ctx)
|
||||
if app.securityGuard.IsWhitelisted(ip) || app.securityGuard.IsAdminWhitelisted(ip) {
|
||||
return true
|
||||
}
|
||||
allowed, requestCount, totalBytes := app.securityGuard.AllowUpload(
|
||||
ip,
|
||||
size,
|
||||
app.config.SecurityUploadWindowSeconds,
|
||||
app.config.SecurityUploadMaxRequests,
|
||||
app.config.SecurityUploadMaxBytes,
|
||||
)
|
||||
if allowed {
|
||||
return true
|
||||
}
|
||||
|
||||
app.logActivity("security.upload_limit", "high", "Upload rate limit exceeded", ctx, map[string]string{
|
||||
"requests": strconv.Itoa(requestCount),
|
||||
"bytes": strconv.FormatInt(totalBytes, 10),
|
||||
})
|
||||
app.createAlert(
|
||||
"Upload rate limit triggered",
|
||||
"medium",
|
||||
"security",
|
||||
"430",
|
||||
"security.upload.rate_limit",
|
||||
"Per-IP upload rate limit blocked request.",
|
||||
map[string]string{"ip": ip, "requests": strconv.Itoa(requestCount)},
|
||||
)
|
||||
ctx.JSON(http.StatusTooManyRequests, gin.H{"error": "Too many uploads from this IP. Try again later."})
|
||||
return false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user