Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
f6a5b2f
feat(node): add per-IP write-surface rate brake and apply to write_ro…
Jul 13, 2026
7d680dc
feat(node): extend the per-IP write brake to the remaining write sinks
Jul 13, 2026
665b4ff
test(node): adversarial TrustedProxy verification through the write b…
Jul 13, 2026
69a98cf
feat(node): purge-spam admin subcommand for the empty-burst cleanup
Jul 13, 2026
13e59b4
fix(review): make purge-spam empty-check reject git-discovery reads
Jul 13, 2026
458fe50
fix(review): normalization-consistent purge, brake helper, CLI + cove…
Jul 13, 2026
27b4a2a
test(review): close the reasoned-not-run gaps by execution
Jul 13, 2026
98150db
fix(node): reject path-traversal repo names in purge-spam before remo…
beardthelion Jul 15, 2026
1688bdc
fix(node): delete child rows transactionally in delete_repo_by_id
beardthelion Jul 15, 2026
4943430
fix(node): reap write_rate_limiter in the periodic cleanup loop
beardthelion Jul 15, 2026
1305167
fix(node): hold the per-repo advisory lock across purge recheck+delete
beardthelion Jul 15, 2026
aab70ec
fix(node): count purge-spam disk-removal failures separately from del…
beardthelion Jul 15, 2026
cecca67
fix(node): warn on unparseable rate-limit env vars instead of silentl…
beardthelion Jul 15, 2026
f4d5bec
docs(node): document GITLAWB_IPFS_API/TIGRIS_BUCKET/METRICS_ADDR/SHUT…
beardthelion Jul 15, 2026
6da0cf5
test(node): exercise the dry-run guard with a real on-disk candidate …
beardthelion Jul 15, 2026
ffdc167
style(node): cargo fmt for the #196 fix set
beardthelion Jul 15, 2026
010c625
fix(node): pin the writer's advisory-lock connection in RepoWriteGuard
Jul 15, 2026
c192c1f
refactor(node): introduce ObjectStore trait seam over TigrisClient
Jul 15, 2026
2155c95
fix(node): make purge-spam Tigris-authoritative and archive-deleting
Jul 15, 2026
8842272
fix(review): don't hold/leak the pool connection in acquire_write
Jul 15, 2026
1d011be
fix(node): make advisory-lock guards drop-safe and reorder acquire_write
Jul 16, 2026
2f679d0
fix(node): complete a fully-received push after client disconnect
Jul 16, 2026
c3fedad
fix(node): serialize archive uploads under the per-repo advisory lock
Jul 16, 2026
f3cf6fc
fix(node): let purge-spam reach repos that exist only as archives
Jul 16, 2026
2b10fa0
refactor(node): dedup limiter setup + write-brake test driver; fix .e…
Jul 16, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,19 @@ GITLAWB_PUBLIC_URL=https://your-node.example.com
# ── Server ────────────────────────────────────────────────────────────────
GITLAWB_HOST=0.0.0.0
GITLAWB_PORT=7545
# Optional address to bind a Prometheus /metrics exposition endpoint on (e.g.
# 127.0.0.1:9091). Leave empty (default) to disable. Bind to localhost or a
# private interface — the metrics endpoint is unauthenticated.
GITLAWB_METRICS_ADDR=
# Max seconds to wait for in-flight requests to drain on shutdown before the
# server returns 503 to anything still in flight and exits. Default: 30.
GITLAWB_SHUTDOWN_GRACE_SECS=30

# ── Storage ───────────────────────────────────────────────────────────────
GITLAWB_REPOS_DIR=/data/repos
# Tigris (S3-compatible) bucket for repo storage. Leave empty (default) to
# disable Tigris and use local-only storage.
GITLAWB_TIGRIS_BUCKET=

# PostgreSQL connection URL. Required.
# When using the bundled docker-compose, this is wired automatically.
Expand All @@ -39,6 +49,9 @@ GITLAWB_DB_RETRY_INITIAL_SECS=5
GITLAWB_DB_RETRY_MAX_SECS=60

# ── IPFS pinning (Pinata) ─────────────────────────────────────────────────
# URL of a local IPFS/Kubo node HTTP API (e.g. http://127.0.0.1:5001). Leave
# empty (default) to disable local IPFS.
GITLAWB_IPFS_API=
# Get a JWT at https://app.pinata.cloud/developers/api-keys
GITLAWB_PINATA_JWT=
GITLAWB_PINATA_UPLOAD_URL=https://uploads.pinata.cloud/v3/files
Expand Down Expand Up @@ -127,6 +140,20 @@ GITLAWB_PUSH_RATE_LIMIT=600
# the client IP. 0 disables. Default 120.
GITLAWB_CREATE_RATE_LIMIT=120

# ── Write rate limiting (non-creation authenticated writes) ───────────────
# Max non-creation write requests per client IP per hour: issue/PR comments,
# labels, stars, merges, protect/unprotect, replicas, visibility, tasks,
# bounties, profile, and all GraphQL HTTP requests. The brake wraps the whole
# /graphql route, so queries and the playground GET consume this bucket too, not
# only mutations (GraphQL WebSocket subscriptions are excluded). Its own bucket,
# separate from the creation and push brakes. Uses GITLAWB_TRUSTED_PROXY to
# resolve the client IP.
# NOTE: this is a per-IP aggregate across ALL those write actions, so behind a
# shared NAT/egress IP (or with GITLAWB_TRUSTED_PROXY unset) many users collapse
# onto one bucket — raise this for automation-heavy or multi-user single-IP
# deployments. 0 disables. Default 600.
GITLAWB_WRITE_RATE_LIMIT=600

# ── Peer-sync rate limiting (per client IP, uses GITLAWB_TRUSTED_PROXY below) ─
# /api/v1/peers/announce and /api/v1/sync/notify accept unsigned requests from
# known peers and run at higher frequency, so a generous bucket. Separate from
Expand Down
11 changes: 6 additions & 5 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions crates/gitlawb-node/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ path = "src/main.rs"

[dependencies]
gitlawb-core = { path = "../gitlawb-core" }
async-trait = "0.1"
ed25519-dalek = { workspace = true }
base64 = { workspace = true }
tokio = { workspace = true }
Expand Down
Loading
Loading