Jonathan Miller
37d59e7b59
Generic: Repo Health / Scripts governance (push) Blocked by required conditions
Generic: Repo Health / Repository health (push) Blocked by required conditions
Generic: Repo Health / Report Issues (push) Blocked by required conditions
Generic: Repo Health / Site Health (push) Has been skipped
Generic: Repo Health / Access control (push) Successful in 2s
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Universal: PR Check / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions
Generic: Repo Health / Repository health (pull_request) Blocked by required conditions
Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions
Generic: Repo Health / Site Health (pull_request) Has been skipped
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Generic: Repo Health / Access control (pull_request) Successful in 2s
PR RC Release / Build RC Release (pull_request) Successful in 3s
Universal: PR Check / Validate PR (pull_request) Failing after 8s
Branch Cleanup / Delete merged branch (pull_request) Failing after 1s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Successful in 2m55s
Add CDN system that serves release assets via a dedicated hostname (e.g., cdn.mokoconsulting.tech) with per-asset public/private toggles, IP/referrer allowlists, and aggressive caching headers. - Host-based routing intercepts CDN domain before auth middleware - Per-attachment cdn_public flag controls CDN visibility - Releases in an update stream are excluded from CDN (update server takes precedence) - CORS, ETag, Cache-Control headers for downstream CDN compatibility - IP/CIDR and referrer domain allowlists for abuse prevention
35 lines
1.2 KiB
Go
35 lines
1.2 KiB
Go
// Copyright 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
// SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
package setting
|
|
|
|
import "time"
|
|
|
|
// CDN holds configuration for the built-in CDN asset delivery system.
|
|
var CDN = struct {
|
|
Enabled bool
|
|
Domain string // e.g. "cdn.mokoconsulting.tech"
|
|
CacheTTL time.Duration // Cache-Control max-age for CDN responses
|
|
AllowedOrigins []string // CORS origins allowed to fetch CDN assets
|
|
AllowedIPs []string // IP/CIDR allowlist (empty = allow all)
|
|
AllowedDomains []string // Referrer domain allowlist (empty = allow all)
|
|
MaxFileSize int64 // max file size to serve (bytes)
|
|
}{
|
|
Enabled: false,
|
|
Domain: "",
|
|
CacheTTL: 24 * time.Hour,
|
|
MaxFileSize: 100 * 1024 * 1024, // 100MB
|
|
}
|
|
|
|
func loadCDNFrom(cfg ConfigProvider) {
|
|
sec := cfg.Section("cdn")
|
|
CDN.Enabled = sec.Key("ENABLED").MustBool(false)
|
|
CDN.Domain = sec.Key("DOMAIN").String()
|
|
CDN.CacheTTL = sec.Key("CACHE_TTL").MustDuration(CDN.CacheTTL)
|
|
CDN.MaxFileSize = sec.Key("MAX_FILE_SIZE").MustInt64(CDN.MaxFileSize)
|
|
|
|
CDN.AllowedOrigins = sec.Key("ALLOWED_ORIGINS").Strings(",")
|
|
CDN.AllowedIPs = sec.Key("ALLOWED_IPS").Strings(",")
|
|
CDN.AllowedDomains = sec.Key("ALLOWED_DOMAINS").Strings(",")
|
|
}
|