removed unnecessary pointer indirection, added rate limiter middleware

2026-04-24 01:38:50 +02:00 · 2024-11-03 07:07:30 +08:00
parent 3bf520541b
commit 8df28628ec
17 changed files with 167 additions and 79 deletions
--- a/internal/net/http/middleware/real_ip.go
+++ b/internal/net/http/middleware/real_ip.go
@@ -10,7 +10,7 @@ import (
 // https://nginx.org/en/docs/http/ngx_http_realip_module.html

 type realIP struct {
-	*realIPOpts
+	realIPOpts
 	m *Middleware
 }

@@ -30,16 +30,13 @@ type realIPOpts struct {
 	Recursive bool `json:"recursive"`
 }

-var RealIP = &realIP{
-	m: &Middleware{withOptions: NewRealIP},
-}
-
-var realIPOptsDefault = func() *realIPOpts {
-	return &realIPOpts{
+var (
+	RealIP            = &Middleware{withOptions: NewRealIP}
+	realIPOptsDefault = realIPOpts{
 		Header: "X-Real-IP",
 		From:   []*types.CIDR{},
 	}
-}
+)

 func NewRealIP(opts OptionsRaw) (*Middleware, E.Error) {
 	riWithOpts := new(realIP)
@@ -47,11 +44,14 @@ func NewRealIP(opts OptionsRaw) (*Middleware, E.Error) {
 		impl:   riWithOpts,
 		before: Rewrite(riWithOpts.setRealIP),
 	}
-	riWithOpts.realIPOpts = realIPOptsDefault()
-	err := Deserialize(opts, riWithOpts.realIPOpts)
+	riWithOpts.realIPOpts = realIPOptsDefault
+	err := Deserialize(opts, &riWithOpts.realIPOpts)
 	if err != nil {
 		return nil, err
 	}
+	if len(riWithOpts.From) == 0 {
+		return nil, E.New("no allowed CIDRs").Subject("from")
+	}
 	return riWithOpts.m, nil
 }

@@ -70,9 +70,10 @@ func (ri *realIP) setRealIP(req *Request) {
 	if err != nil {
 		clientIPStr = req.RemoteAddr
 	}
-	clientIP := net.ParseIP(clientIPStr)

-	var isTrusted = false
+	clientIP := net.ParseIP(clientIPStr)
+	isTrusted := false
+
 	for _, CIDR := range ri.From {
 		if CIDR.Contains(clientIP) {
 			isTrusted = true