didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

feat: add generic pipelock config merging for future extensibility
lint / lint (push) Failing after 1m26s
Details
test / unit (pull_request) Failing after 36s
Details
test / integration (pull_request) Successful in 44s
Details

Browse Source 
- Merge arbitrary pipelock settings from routes into global config
- Allows routes to configure new pipelock options without code changes
- Special-case tls_passthrough and ssrf_ip_allowlist (already aggregated)

Note: Pipelock doesn't currently support per-path/per-host response
scanning rules or response size limits, so response_body_scanning config
is not yet usable. For now, use tls_passthrough for binary download hosts.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-06-04 13:14:59 -04:00
parent 8601c686f3
commit d90b04d343
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bot_bottle/pipelock.py
+9
View File
@@ -223,6 +223,15 @@ def pipelock_build_config(
)
if effective_ssrf_ip_allowlist:
cfg["ssrf"] = {"ip_allowlist": effective_ssrf_ip_allowlist}
# Merge per-route pipelock config (e.g., response_body_scanning settings).
# Routes can specify arbitrary pipelock options that apply globally.
for route in bottle.egress.routes:
for key, value in route.Pipelock.Config.items():
if key not in ("tls_passthrough", "ssrf_ip_allowlist"):
if key not in cfg:
cfg[key] = value
return cfg