gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

options.go (2473B)

      1 package limiter
      2 
      3 import (
      4 	"net"
      5 )
      6 
      7 // Option is a functional option.
      8 type Option func(*Options)
      9 
     10 // Options are limiter options.
     11 type Options struct {
     12 	// IPv4Mask defines the mask used to obtain a IPv4 address.
     13 	IPv4Mask net.IPMask
     14 	// IPv6Mask defines the mask used to obtain a IPv6 address.
     15 	IPv6Mask net.IPMask
     16 	// TrustForwardHeader enable parsing of X-Real-IP and X-Forwarded-For headers to obtain user IP.
     17 	// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
     18 	// proxy is not configured properly to forward a trustworthy client IP.
     19 	// Please read the section "Limiter behind a reverse proxy" in the README for further information.
     20 	TrustForwardHeader bool
     21 	// ClientIPHeader defines a custom header (likely defined by your CDN or Cloud provider) to obtain user IP.
     22 	// If configured, this option will override "TrustForwardHeader" option.
     23 	// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
     24 	// proxy is not configured properly to forward a trustworthy client IP.
     25 	// Please read the section "Limiter behind a reverse proxy" in the README for further information.
     26 	ClientIPHeader string
     27 }
     28 
     29 // WithIPv4Mask will configure the limiter to use given mask for IPv4 address.
     30 func WithIPv4Mask(mask net.IPMask) Option {
     31 	return func(o *Options) {
     32 		o.IPv4Mask = mask
     33 	}
     34 }
     35 
     36 // WithIPv6Mask will configure the limiter to use given mask for IPv6 address.
     37 func WithIPv6Mask(mask net.IPMask) Option {
     38 	return func(o *Options) {
     39 		o.IPv6Mask = mask
     40 	}
     41 }
     42 
     43 // WithTrustForwardHeader will configure the limiter to trust X-Real-IP and X-Forwarded-For headers.
     44 // Please be advised that using this option could be insecure (ie: spoofed) if your reverse
     45 // proxy is not configured properly to forward a trustworthy client IP.
     46 // Please read the section "Limiter behind a reverse proxy" in the README for further information.
     47 func WithTrustForwardHeader(enable bool) Option {
     48 	return func(o *Options) {
     49 		o.TrustForwardHeader = enable
     50 	}
     51 }
     52 
     53 // WithClientIPHeader will configure the limiter to use a custom header to obtain user IP.
     54 // Please be advised that using this option could be insecure (ie: spoofed) if your reverse
     55 // proxy is not configured properly to forward a trustworthy client IP.
     56 // Please read the section "Limiter behind a reverse proxy" in the README for further information.
     57 func WithClientIPHeader(header string) Option {
     58 	return func(o *Options) {
     59 		o.ClientIPHeader = header
     60 	}
     61 }