penal-colony/kafka
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: fix build errors, add honest Google UA, sanitize error msgs

Browse source 
- Fix config validation: upstream URLs allow private IPs (self-hosted)
- Fix util.SafeURLScheme to return parsed URL
- Replace spoofed GSA User-Agent with honest Kafka UA
- Sanitize all engine error messages (strip response bodies)
- Replace unused body reads with io.Copy(io.Discard, ...) for reuse
- Fix pre-existing braveapi_test using wrong struct type
- Fix ratelimit test reference to limiter variable
- Update ratelimit tests for new trusted proxy behavior
This commit is contained in:
Franz Kafka 2026-03-22 16:27:49 +00:00
parent da367a1bfd
commit b3e3123612
17 changed files with 32 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/middleware/ratelimit.go
View file

@ -80,7 +80,7 @@ func RateLimit(cfg RateLimitConfig, logger *slog.Logger) func(http.Handler) http
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ip := l.extractIP(r)
ip := limiter.extractIP(r)
if !limiter.allow(ip) {
retryAfter := int(limiter.window.Seconds())