logikonline
4d1424df80
- Add X-Request-ID header middleware for request tracing - Extracts from incoming headers or generates short UUID - Included in all error responses for debugging - Add rate limit headers (X-RateLimit-Limit/Remaining/Reset) - Currently informational, configurable via API.RateLimitPerHour - Prepared for future enforcement - Add chunk checksum verification for uploads - Optional X-Chunk-Checksum header with SHA-256 hash - Verifies data integrity during chunked uploads - Standardize error responses with RFC 7807 Problem Details - Added type, title, status, detail, instance fields - Maintains backward compatibility with legacy fields 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
53 lines
1.6 KiB
Go
53 lines
1.6 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
// RateLimitHeaders is the header names for rate limit information
|
|
const (
|
|
RateLimitHeader = "X-RateLimit-Limit"
|
|
RateLimitRemainingHeader = "X-RateLimit-Remaining"
|
|
RateLimitResetHeader = "X-RateLimit-Reset"
|
|
)
|
|
|
|
// RateLimitInfo returns a middleware that sets rate limit headers.
|
|
// This is currently informational only - actual rate limiting enforcement
|
|
// can be added in the future based on the RateLimitEnabled setting.
|
|
func RateLimitInfo() func(http.Handler) http.Handler {
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
|
// Set informational rate limit headers
|
|
// These tell clients what to expect even if enforcement isn't active
|
|
limit := setting.API.RateLimitPerHour
|
|
|
|
// Calculate reset time (next hour boundary)
|
|
now := time.Now()
|
|
resetTime := now.Truncate(time.Hour).Add(time.Hour)
|
|
|
|
w.Header().Set(RateLimitHeader, strconv.Itoa(limit))
|
|
|
|
// When rate limiting is not enforced, remaining equals limit
|
|
// Future: implement actual tracking per user/IP
|
|
remaining := limit
|
|
if setting.API.RateLimitEnabled {
|
|
// TODO: Implement actual rate limit tracking
|
|
// For now, just show full quota when enabled
|
|
remaining = limit
|
|
}
|
|
|
|
w.Header().Set(RateLimitRemainingHeader, strconv.Itoa(remaining))
|
|
w.Header().Set(RateLimitResetHeader, strconv.FormatInt(resetTime.Unix(), 10))
|
|
|
|
next.ServeHTTP(w, req)
|
|
})
|
|
}
|
|
}
|