From e647880669b79cd968231cf85dc037a18e8bfd9c Mon Sep 17 00:00:00 2001 From: bndw Date: Sat, 14 Feb 2026 21:50:10 -0800 Subject: fix: prioritize proxy headers for rate limiting Check X-Forwarded-For and X-Real-IP headers before peer info to correctly identify clients behind reverse proxies. Previously, rate limiting would apply globally when behind Caddy/nginx because all requests appeared to come from the proxy's IP address. This fix is critical for production deployments behind reverse proxies. --- go.mod | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'go.mod') diff --git a/go.mod b/go.mod index d5730eb..7096c03 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module northwest.io/muxstr -go 1.24.0 +go 1.25 require ( connectrpc.com/connect v1.19.1 @@ -18,17 +18,18 @@ require ( replace northwest.io/nostr => ../nwio_nostr require ( + fiatjaf.com/nostr v0.0.0-20260211144128-7a4b71b39b12 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect - github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 // indirect + github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect + github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/decred/dcrd/crypto/blake256 v1.0.0 // indirect - github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect + github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/kr/text v0.2.0 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/nbd-wtf/go-nostr v0.52.3 // indirect github.com/ncruces/go-strftime v1.0.0 // indirect github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.66.1 // indirect -- cgit v1.2.3