scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-02 20:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Allow support for trusted IPs to disable throttling (#11226)

Browse Source 
Co-authored-by: Pranav <pranav@chatwoot.com>
This commit is contained in:
ElvioRibeiro
2025-05-08 20:10:30 -03:00
committed by GitHub
parent 823c3df27f
commit c73f8aefc5
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@@ -2,7 +2,7 @@
# https://www.chatwoot.com/docs/self-hosted/configuration/environment-variables/#rails-production-variables # https://www.chatwoot.com/docs/self-hosted/configuration/environment-variables/#rails-production-variables
# Used to verify the integrity of signed cookies. so ensure a secure value is set # Used to verify the integrity of signed cookies. so ensure a secure value is set
# SECRET_KEY_BASE should be alphanumeric. Avoid special characters or symbols. # SECRET_KEY_BASE should be alphanumeric. Avoid special characters or symbols.
# Use `rake secret` to generate this variable # Use `rake secret` to generate this variable
SECRET_KEY_BASE=replace_with_lengthy_secure_hex SECRET_KEY_BASE=replace_with_lengthy_secure_hex
@@ -216,6 +216,8 @@ ANDROID_SHA256_CERT_FINGERPRINT=AC:73:8E:DE:EB:56:EA:CC:10:87:02:A7:65:37:7B:38:
# ENABLE_RACK_ATTACK=true # ENABLE_RACK_ATTACK=true
# RACK_ATTACK_LIMIT=300 # RACK_ATTACK_LIMIT=300
# ENABLE_RACK_ATTACK_WIDGET_API=true # ENABLE_RACK_ATTACK_WIDGET_API=true
# Comma-separated list of trusted IPs that bypass Rack Attack throttling rules
# RACK_ATTACK_ALLOWED_IPS=127.0.0.1,::1,192.168.0.10
## Running chatwoot as an API only server ## Running chatwoot as an API only server
## setting this value to true will disable the frontend dashboard endpoints ## setting this value to true will disable the frontend dashboard endpoints
@@ -257,4 +259,3 @@ AZURE_APP_SECRET=
# Set to true if you want to remove stale contact inboxes # Set to true if you want to remove stale contact inboxes
# contact_inboxes with no conversation older than 90 days will be removed # contact_inboxes with no conversation older than 90 days will be removed
# REMOVE_STALE_CONTACT_INBOX_JOB_STATUS=false # REMOVE_STALE_CONTACT_INBOX_JOB_STATUS=false

16
config/initializers/rack_attack.rb
View File

@@ -21,8 +21,9 @@ class Rack::Attack
end end
def allowed_ip? def allowed_ip?
allowed_ips = ['127.0.0.1', '::1'] default_allowed_ips = ['127.0.0.1', '::1']
allowed_ips.include?(remote_ip) env_allowed_ips = ENV.fetch('RACK_ATTACK_ALLOWED_IPS', '').split(',').map(&:strip)
(default_allowed_ips + env_allowed_ips).include?(remote_ip)
end end
# Rails would allow requests to paths with extentions, so lets compare against the path with extention stripped # Rails would allow requests to paths with extentions, so lets compare against the path with extention stripped
@@ -32,6 +33,17 @@ class Rack::Attack
end end
end end
### Safelist IPs from Environment Variable ###
#
# This block ensures requests from any IP present in RACK_ATTACK_ALLOWED_IPS
# will bypass Rack::Attacks throttling rules.
#
# Example: RACK_ATTACK_ALLOWED_IPS="127.0.0.1,::1,192.168.0.10"
Rack::Attack.safelist('trusted IPs') do |req|
req.allowed_ip?
end
### Throttle Spammy Clients ### ### Throttle Spammy Clients ###
# If any single client IP is making tons of requests, then they're # If any single client IP is making tons of requests, then they're