GKaszewski/thoughts
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(bootstrap): configurable HOST, CORS_ORIGINS, and optional rate limiting
Some checks failed
lint / lint (push) Has been cancelled
Details
test / unit (push) Has been cancelled
Details
test / integration (push) Has been cancelled
Details
lint / lint (pull_request) Failing after 5m3s
Details
test / unit (pull_request) Successful in 16m6s
Details
test / integration (pull_request) Failing after 17m45s
Details

Browse Source
This commit is contained in:
Gabriel Kaszewski
2026-05-14 15:37:38 +02:00
parent 9b47779e63
commit 38b4774a63
4 changed files with 74 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/bootstrap/Cargo.toml
View File

@@ -27,3 +27,5 @@ tower-http = { workspace = true }
tracing = { workspace = true }
tracing-subscriber = { workspace = true }
dotenvy = { workspace = true }
tower_governor = "0.8"
http = "1"

6
crates/bootstrap/src/config.rs
View File

@@ -8,6 +8,9 @@ pub struct Config {
pub allow_registration: bool,
/// true when RUST_ENV != "production" — enables AP debug mode
pub debug: bool,
pub host: String,
pub cors_origins: String,
pub rate_limit: Option<u32>,
}
impl Config {
@@ -31,6 +34,9 @@ impl Config {
debug: std::env::var("RUST_ENV")
.map(|v| v != "production")
.unwrap_or(true),
host: std::env::var("HOST").unwrap_or_else(|_| "0.0.0.0".into()),
cors_origins: std::env::var("CORS_ORIGINS").unwrap_or_else(|_| "*".into()),
rate_limit: std::env::var("RATE_LIMIT").ok().and_then(|v| v.parse().ok()),
}
}
}

65
crates/bootstrap/src/main.rs
View File

@@ -1,7 +1,9 @@
mod config;
mod factory;
use tower_http::cors::CorsLayer;
use std::net::SocketAddr;
use std::sync::Arc;
use tower_http::cors::{AllowOrigin, CorsLayer};
use tracing_subscriber::EnvFilter;
#[tokio::main]
@@ -14,12 +16,63 @@ async fn main() {
let infra = factory::build(&cfg).await;
let app = presentation::routes::router(&infra.fed_config)
.with_state(infra.state)
.layer(CorsLayer::permissive());
// CORS
let cors = if cfg.cors_origins.trim() == "*" {
CorsLayer::permissive()
} else {
let origins: Vec<http::HeaderValue> = cfg
.cors_origins
.split(',')
.map(|o| o.trim())
.filter_map(|o| o.parse().ok())
.collect();
CorsLayer::new()
.allow_origin(AllowOrigin::list(origins))
.allow_methods(tower_http::cors::Any)
.allow_headers(tower_http::cors::Any)
};
let addr = format!("0.0.0.0:{}", cfg.port);
let base = presentation::routes::router(&infra.fed_config)
.with_state(infra.state)
.layer(cors);
let addr = format!("{}:{}", cfg.host, cfg.port);
tracing::info!("Listening on {addr}");
let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
axum::serve(listener, app).await.unwrap();
if let Some(rate_limit) = cfg.rate_limit {
use tower_governor::{governor::GovernorConfigBuilder, GovernorLayer}; // crate: tower_governor
// per_millisecond sets the token replenishment interval.
// rate_limit = max requests/minute => replenish every (60000 / rate_limit) ms.
let ms = (60_000u64).saturating_div(rate_limit as u64).max(1);
let governor_conf = Arc::new(
GovernorConfigBuilder::default()
.per_millisecond(ms)
.burst_size(rate_limit)
.use_headers()
.finish()
.expect("valid rate limit config"),
);
let limiter = governor_conf.limiter().clone();
tokio::spawn(async move {
let mut interval =
tokio::time::interval(std::time::Duration::from_secs(60));
loop {
interval.tick().await;
limiter.retain_recent();
}
});
let app = base.layer(GovernorLayer::new(governor_conf));
axum::serve(
listener,
app.into_make_service_with_connect_info::<SocketAddr>(),
)
.await
.unwrap();
} else {
axum::serve(listener, base).await.unwrap();
}
}