ricardo/NALU
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: configure ForwardedHeaders so playground rate limit uses real client IP
All checks were successful
NALU Deployment Pipeline / Run Tests (push) Successful in 1m27s
Details
NALU Deployment Pipeline / PR Validation (push) Has been skipped
Details
NALU Deployment Pipeline / Build and Push Image (push) Successful in 1m48s
Details
NALU Deployment Pipeline / Deploy naluai.dev (push) Successful in 47s
Details
NALU Deployment Pipeline / Cleanup Old Resources (push) Successful in 12s
Details

Browse Source 
Without this, RemoteIpAddress was always 127.0.0.1 (nginx),
making the 10-calls/day limit shared across all users instead of per-IP.
Clears KnownNetworks/KnownProxies to trust Cloudflare's X-Forwarded-For.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Ricardo Carneiro 2026-05-15 22:57:07 -03:00
parent 12591d90f9
commit 843782249e
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Nalu.Web/Program.cs
View File

@ -257,6 +257,16 @@ StripeConfiguration.ApiKey = builder.Configuration["Stripe:SecretKey"];
var app = builder.Build(); var app = builder.Build();
// ── Forwarded headers (Cloudflare → nginx → app) ─────────────────────────────
var fwdOpts = new ForwardedHeadersOptions
{
ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedFor |
Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto
};
fwdOpts.KnownNetworks.Clear(); // trust all proxies — Cloudflare IPs vary widely
fwdOpts.KnownProxies.Clear();
app.UseForwardedHeaders(fwdOpts);
// Initialize MongoDB indexes on startup // Initialize MongoDB indexes on startup
var mongo = app.Services.GetRequiredService<MongoDbContext>(); var mongo = app.Services.GetRequiredService<MongoDbContext>();
await mongo.InitializeAsync(); await mongo.InitializeAsync();