diff --git a/src/config/defaults.rs b/src/config/defaults.rs index 41573a4..d5eed59 100644 --- a/src/config/defaults.rs +++ b/src/config/defaults.rs @@ -92,6 +92,18 @@ pub(crate) fn default_metrics_whitelist() -> Vec { ] } +pub(crate) fn default_api_listen() -> String { + "127.0.0.1:9091".to_string() +} + +pub(crate) fn default_api_whitelist() -> Vec { + default_metrics_whitelist() +} + +pub(crate) fn default_api_request_body_limit_bytes() -> usize { + 64 * 1024 +} + pub(crate) fn default_prefer_4() -> u8 { 4 } diff --git a/src/config/hot_reload.rs b/src/config/hot_reload.rs index 902811c..29a6d70 100644 --- a/src/config/hot_reload.rs +++ b/src/config/hot_reload.rs @@ -115,6 +115,15 @@ fn warn_non_hot_changes(old: &ProxyConfig, new: &ProxyConfig) { old.server.port, new.server.port ); } + if old.server.api.enabled != new.server.api.enabled + || old.server.api.listen != new.server.api.listen + || old.server.api.whitelist != new.server.api.whitelist + || old.server.api.auth_header != new.server.api.auth_header + || old.server.api.request_body_limit_bytes != new.server.api.request_body_limit_bytes + || old.server.api.read_only != new.server.api.read_only + { + warn!("config reload: server.api changed; restart required"); + } if old.censorship.tls_domain != new.censorship.tls_domain { warn!( "config reload: censorship.tls_domain changed ('{}' → '{}'); restart required", diff --git a/src/config/load.rs b/src/config/load.rs index c051b8e..825824d 100644 --- a/src/config/load.rs +++ b/src/config/load.rs @@ -1,7 +1,7 @@ #![allow(deprecated)] use std::collections::HashMap; -use std::net::IpAddr; +use std::net::{IpAddr, SocketAddr}; use std::path::Path; use rand::Rng; @@ -398,6 +398,18 @@ impl ProxyConfig { )); } + if config.server.api.request_body_limit_bytes == 0 { + return Err(ProxyError::Config( + "server.api.request_body_limit_bytes must be > 0".to_string(), + )); + } + + if config.server.api.listen.parse::().is_err() { + return Err(ProxyError::Config( + "server.api.listen must be in IP:PORT format".to_string(), + )); + } + if config.general.effective_me_pool_force_close_secs() > 0 && config.general.effective_me_pool_force_close_secs() < config.general.me_pool_drain_ttl_secs @@ -695,6 +707,12 @@ mod tests { assert_eq!(cfg.general.update_every, default_update_every()); assert_eq!(cfg.server.listen_addr_ipv4, default_listen_addr_ipv4()); assert_eq!(cfg.server.listen_addr_ipv6, default_listen_addr_ipv6_opt()); + assert_eq!(cfg.server.api.listen, default_api_listen()); + assert_eq!(cfg.server.api.whitelist, default_api_whitelist()); + assert_eq!( + cfg.server.api.request_body_limit_bytes, + default_api_request_body_limit_bytes() + ); assert_eq!(cfg.access.users, default_access_users()); } @@ -776,6 +794,12 @@ mod tests { let server = ServerConfig::default(); assert_eq!(server.listen_addr_ipv6, Some(default_listen_addr_ipv6())); + assert_eq!(server.api.listen, default_api_listen()); + assert_eq!(server.api.whitelist, default_api_whitelist()); + assert_eq!( + server.api.request_body_limit_bytes, + default_api_request_body_limit_bytes() + ); let access = AccessConfig::default(); assert_eq!(access.users, default_access_users());