Gotenberg/PDF gen implementation (#4574)

* Gotenberg/PDF gen implementation * Security, PDF type enum, propagate client * chore: query cache, clippy, fmt * clippy fixes + tombi * Update env example, add GOTENBERG_CALLBACK_URL * Remove test code * Fix .env, docker-compose * Update purpose of payment * Add internal networking guards to gotenberg webhooks * Fix error * Fix lint
2025-10-20 00:56:26 +01:00
parent 6a70acef25
commit 4b17eb5d35
14 changed files with 421 additions and 13 deletions
--- a/apps/labrinth/src/util/guards.rs
+++ b/apps/labrinth/src/util/guards.rs
@@ -1,4 +1,5 @@
 use actix_web::guard::GuardContext;
+use actix_web::http::header::X_FORWARDED_FOR;

 pub const ADMIN_KEY_HEADER: &str = "Modrinth-Admin";
 pub const MEDAL_KEY_HEADER: &str = "X-Medal-Access-Key";
@@ -42,3 +43,10 @@ pub fn external_notification_key_guard(ctx: &GuardContext) -> bool {
            }),
    }
 }
+
+pub fn internal_network_guard(ctx: &GuardContext) -> bool {
+    ctx.head()
+		.peer_addr
+		.is_some_and(|sock| matches!(sock.ip().to_canonical(), std::net::IpAddr::V4(v4) if v4.is_private()))
+		&& ctx.head().headers().get(X_FORWARDED_FOR).is_none()
+}