feat(smart-proxy): add hot-reloadable global ingress security policy across Rust and TypeScript proxy layers

2026-04-26 15:11:10 +00:00
parent 8fa3a51b03
commit af4908b63f
53 changed files with 2350 additions and 1196 deletions
@@ -31,7 +31,8 @@ impl ConnectionTracker {
    pub fn try_accept(&self, ip: &IpAddr) -> bool {
        // Check per-IP connection limit
        if let Some(max) = self.max_per_ip {
-            let count = self.active
+            let count = self
+                .active
                .get(ip)
                .map(|c| c.value().load(Ordering::Relaxed))
                .unwrap_or(0);
@@ -48,7 +49,10 @@ impl ConnectionTracker {
            let timestamps = entry.value_mut();

            // Remove timestamps older than 1 minute
-            while timestamps.front().is_some_and(|t| now.duration_since(*t) >= one_minute) {
+            while timestamps
+                .front()
+                .is_some_and(|t| now.duration_since(*t) >= one_minute)
+            {
                timestamps.pop_front();
            }

@@ -111,7 +115,6 @@ impl ConnectionTracker {
    pub fn tracked_ips(&self) -> usize {
        self.active.len()
    }
-
 }

 #[cfg(test)]