discours.io/quoter
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82668768d01b17d45d977e350ca570df0347f207
quoter/src/handlers/mod.rs
Untone 82668768d0 🔒 Implement comprehensive security and DDoS protection 
### Security Features:
- **Rate Limiting**: Redis-based IP tracking with configurable limits
  - General: 100 requests/minute (5min block)
  - Upload: 10 requests/5min (10min block)
  - Auth: 20 requests/15min (30min block)
- **Request Validation**: Path length, header count, suspicious patterns
- **Attack Detection**: Admin paths, script injections, bot patterns
- **Enhanced JWT**: Format validation, length checks, character filtering
- **IP Tracking**: X-Forwarded-For and X-Real-IP support

### Security Headers:
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- X-XSS-Protection: 1; mode=block
- Content-Security-Policy with strict rules
- Strict-Transport-Security with includeSubDomains

### CORS Hardening:
- Limited to specific domains: discours.io, new.discours.io
- Restricted methods: GET, POST, OPTIONS only
- Essential headers only

### Infrastructure:
- Security middleware for all requests
- Local cache + Redis for performance
- Comprehensive logging and monitoring
- Progressive blocking for repeat offenders

### Documentation:
- Complete security guide (docs/security.md)
- Configuration examples
- Incident response procedures
- Monitoring recommendations

Version bump to 0.6.0 for major security enhancement.
2025-09-02 11:40:43 +03:00

12 lines
254 B
Rust
Raw Blame History

mod common;
mod proxy;
mod serve_file;
mod upload;
mod user;
mod universal;
pub use universal::universal_handler;
// Общий лимит квоты на пользователя: 12 ГБ
pub const MAX_USER_QUOTA_BYTES: u64 = 12 * 1024 * 1024 * 1024;
Reference in New Issue View Git Blame Copy Permalink