Remove plans/ directory (P0/P1/P2 work complete)

This commit is contained in:
2026-05-27 02:12:21 -05:00
parent 0c1840d223
commit 0dbb2e02ed
33 changed files with 1906 additions and 990 deletions
+7 -7
View File
@@ -18,9 +18,9 @@ type Config struct {
MaxConcurrentRequests int64 `yaml:"max_concurrent_requests" default:"200"`
MaxRequestsPerClient int64 `yaml:"max_requests_per_client" default:"5"`
// P1 hardening limits (security/correctness)
MaxObjectSize string `yaml:"max_object_size" default:"0"` // 0=unlimited; e.g. "256MB" protects against OOM from huge/malicious upstream responses (P1-01)
TrustedProxies []string `yaml:"trusted_proxies"` // CIDR list; empty=never trust X-Forwarded-For (safe default, P1-02). See README security notes.
// Hardening limits (security/correctness)
MaxObjectSize string `yaml:"max_object_size" default:"0"` // 0=unlimited; e.g. "256MB" protects against OOM from huge/malicious upstream responses
TrustedProxies []string `yaml:"trusted_proxies"` // CIDR list; empty=never trust X-Forwarded-For (safe default). See README security notes.
// Cache configuration
Cache CacheConfig `yaml:"cache"`
@@ -114,8 +114,8 @@ func SaveDefaultConfig(configPath string) error {
ListenAddress: ":80",
MaxConcurrentRequests: 50, // Reduced for home user (less concurrent load)
MaxRequestsPerClient: 3, // Reduced for home user (more conservative per client)
MaxObjectSize: "0", // 0=unlimited; set e.g. "512MB" for DoS protection on large bodies (P1-01)
TrustedProxies: []string{}, // Conservative default: never trust XFF (P1-02 spoof prevention)
MaxObjectSize: "0", // 0=unlimited; set e.g. "512MB" for DoS protection on large bodies
TrustedProxies: []string{}, // Conservative default: never trust XFF (spoof prevention)
Cache: CacheConfig{
Memory: MemoryConfig{
Size: "1GB", // Recommended for systems that can spare 1GB RAM for caching
@@ -186,7 +186,7 @@ func (c Config) Validate() error {
return fmt.Errorf("disk cache enabled but no path specified")
}
// P1 light validation for security/resource fields (mirrors existing GC + path checks; fails fast before New)
// Light validation for security/resource fields (mirrors existing GC + path checks; fails fast before New)
if c.MaxObjectSize != "" && c.MaxObjectSize != "0" {
if _, err := units.FromHumanSize(c.MaxObjectSize); err != nil {
return fmt.Errorf("invalid max_object_size: %w", err)
@@ -207,7 +207,7 @@ func (c Config) Validate() error {
return fmt.Errorf("invalid trusted_proxies CIDR: %s", p)
}
}
if c.MaxConcurrentRequests < 0 || c.MaxRequestsPerClient < 0 { // already covered above but explicit for P1 knobs
if c.MaxConcurrentRequests < 0 || c.MaxRequestsPerClient < 0 { // already covered above but explicit for the concurrency knobs
// covered by earlier checks
}