mackuba.eu / pds-gatekeeper
forked from baileytownsend.dev/pds-gatekeeper
Microservice to bring 2FA to self hosted PDSes
fork atom

Had a global rate limit on 127.0.0.1 due to reverse proxy

baileytownsend.dev ad11a87e 47a4df71

options
unified split
Changed files
+13 -4
Cargo.toml
README.md
justfile
src
main.rs
+1 -1
Cargo.toml
··· 15 15 tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] } 16 16 hyper-util = { version = "0.1.16", features = ["client", "client-legacy"] } 17 17 tower-http = { version = "0.6", features = ["cors", "compression-zstd"] } 18 - tower_governor = "0.8.0" 18 + tower_governor = { version = "0.8.0", features = ["axum", "tracing"] } 19 19 hex = "0.4" 20 20 jwt-compact = { version = "0.8.0", features = ["es256k"] } 21 21 scrypt = "0.11"
+5 -1
README.md
··· 80 80 path /xrpc/com.atproto.server.getSession 81 81 path /xrpc/com.atproto.server.updateEmail 82 82 path /xrpc/com.atproto.server.createSession 83 + path /xrpc/com.atproto.server.createAccount 83 84 path /@atproto/oauth-provider/~api/sign-in 84 85 } 85 86 86 87 handle @gatekeeper { 87 - reverse_proxy http://localhost:8080 88 + reverse_proxy http://localhost:8080 { 89 + #Makes sure the cloudflare ip is proxied and able to be picked up by pds gatekeeper 90 + header_up X-Forwarded-For {http.request.header.CF-Connecting-IP} 91 + } 88 92 } 89 93 90 94 reverse_proxy http://localhost:3000
+1 -1
justfile
··· 2 2 docker buildx build \ 3 3 --platform linux/arm64,linux/amd64 \ 4 4 --tag fatfingers23/pds_gatekeeper:latest \ 5 - --tag fatfingers23/pds_gatekeeper:0.1.0.2 \ 5 + --tag fatfingers23/pds_gatekeeper:0.1.0.3 \ 6 6 --push .
+6 -1
src/main.rs
··· 20 20 use std::{env, net::SocketAddr}; 21 21 use tower_governor::GovernorLayer; 22 22 use tower_governor::governor::GovernorConfigBuilder; 23 + use tower_governor::key_extractor::SmartIpKeyExtractor; 23 24 use tower_http::compression::CompressionLayer; 24 25 use tower_http::cors::{Any, CorsLayer}; 25 26 use tracing::log; ··· 172 173 let create_session_governor_conf = GovernorConfigBuilder::default() 173 174 .per_second(60) 174 175 .burst_size(5) 176 + .key_extractor(SmartIpKeyExtractor) 175 177 .finish() 176 178 .expect("failed to create governor config for create session. this should not happen and is a bug"); 177 179 ··· 179 181 let sign_in_governor_conf = GovernorConfigBuilder::default() 180 182 .per_second(60) 181 183 .burst_size(5) 184 + .key_extractor(SmartIpKeyExtractor) 182 185 .finish() 183 186 .expect( 184 187 "failed to create governor config for sign in. this should not happen and is a bug", ··· 207 210 create_account_governor_conf.burst_size(burst); 208 211 } 209 212 210 - let create_account_governor_conf = create_account_governor_conf.finish().expect( 213 + let create_account_governor_conf = create_account_governor_conf 214 + .key_extractor(SmartIpKeyExtractor) 215 + .finish().expect( 211 216 "failed to create governor config for create account. this should not happen and is a bug", 212 217 ); 213 218