github.com/ulule/limiter/v3@v3.11.3-0.20230613131926-4cb9c1da4633/options.go (about)

     1  package limiter
     2  
     3  import (
     4  	"net"
     5  )
     6  
     7  // Option is a functional option.
     8  type Option func(*Options)
     9  
    10  // Options are limiter options.
    11  type Options struct {
    12  	// IPv4Mask defines the mask used to obtain a IPv4 address.
    13  	IPv4Mask net.IPMask
    14  	// IPv6Mask defines the mask used to obtain a IPv6 address.
    15  	IPv6Mask net.IPMask
    16  	// TrustForwardHeader enable parsing of X-Real-IP and X-Forwarded-For headers to obtain user IP.
    17  	// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
    18  	// proxy is not configured properly to forward a trustworthy client IP.
    19  	// Please read the section "Limiter behind a reverse proxy" in the README for further information.
    20  	TrustForwardHeader bool
    21  	// ClientIPHeader defines a custom header (likely defined by your CDN or Cloud provider) to obtain user IP.
    22  	// If configured, this option will override "TrustForwardHeader" option.
    23  	// Please be advised that using this option could be insecure (ie: spoofed) if your reverse
    24  	// proxy is not configured properly to forward a trustworthy client IP.
    25  	// Please read the section "Limiter behind a reverse proxy" in the README for further information.
    26  	ClientIPHeader string
    27  }
    28  
    29  // WithIPv4Mask will configure the limiter to use given mask for IPv4 address.
    30  func WithIPv4Mask(mask net.IPMask) Option {
    31  	return func(o *Options) {
    32  		o.IPv4Mask = mask
    33  	}
    34  }
    35  
    36  // WithIPv6Mask will configure the limiter to use given mask for IPv6 address.
    37  func WithIPv6Mask(mask net.IPMask) Option {
    38  	return func(o *Options) {
    39  		o.IPv6Mask = mask
    40  	}
    41  }
    42  
    43  // WithTrustForwardHeader will configure the limiter to trust X-Real-IP and X-Forwarded-For headers.
    44  // Please be advised that using this option could be insecure (ie: spoofed) if your reverse
    45  // proxy is not configured properly to forward a trustworthy client IP.
    46  // Please read the section "Limiter behind a reverse proxy" in the README for further information.
    47  func WithTrustForwardHeader(enable bool) Option {
    48  	return func(o *Options) {
    49  		o.TrustForwardHeader = enable
    50  	}
    51  }
    52  
    53  // WithClientIPHeader will configure the limiter to use a custom header to obtain user IP.
    54  // Please be advised that using this option could be insecure (ie: spoofed) if your reverse
    55  // proxy is not configured properly to forward a trustworthy client IP.
    56  // Please read the section "Limiter behind a reverse proxy" in the README for further information.
    57  func WithClientIPHeader(header string) Option {
    58  	return func(o *Options) {
    59  		o.ClientIPHeader = header
    60  	}
    61  }