mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 12:40:31 +00:00
devitway
7f8e3cfe68
- Add enabled field to RateLimitConfig (default: true, env: NORA_RATE_LIMIT_ENABLED) - Skip rate limiter layers entirely when disabled - Replace PeerIpKeyExtractor with SmartIpKeyExtractor for upload/general routes to correctly identify clients behind reverse proxies and Docker bridge networks - Keep PeerIpKeyExtractor for auth routes (stricter brute-force protection) Root cause: PeerIpKeyExtractor saw all Docker bridge traffic as single IP (172.17.0.1), exhausting GCRA bucket for all clients simultaneously. With burst=1M, recovery time reached 84000+ seconds.