From a1a21252d0ad58937e41f16e5fb86f96bebd2a51 Mon Sep 17 00:00:00 2001 From: Angelo Kontaxis Date: Sun, 25 Jan 2026 19:43:06 +0000 Subject: [PATCH] fix: expose ratelimit headers via cors (#496) --- Cargo.lock | 1 + crates/delta/src/main.rs | 9 +++++++++ crates/services/autumn/src/api.rs | 6 ++++++ crates/services/gifbox/Cargo.toml | 1 + crates/services/gifbox/src/routes/mod.rs | 18 +++++++++++++++++- 5 files changed, 34 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 878658d7..f6816950 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6784,6 +6784,7 @@ dependencies = [ "serde", "serde_json", "tokio 1.47.1", + "tower-http 0.5.2", "tracing", "utoipa", "utoipa-scalar", diff --git a/crates/delta/src/main.rs b/crates/delta/src/main.rs index e7c060be..882609cc 100644 --- a/crates/delta/src/main.rs +++ b/crates/delta/src/main.rs @@ -70,6 +70,15 @@ pub async fn web() -> Rocket { .iter() .map(|s| FromStr::from_str(s).unwrap()) .collect(), + expose_headers: [ + "X-Ratelimit-Limit", + "X-Ratelimit-Bucket", + "X-Ratelimit-Remaining", + "X-Ratelimit-Reset-After", + ] + .iter() + .map(|s| s.to_string()) + .collect(), ..Default::default() } .to_cors() diff --git a/crates/services/autumn/src/api.rs b/crates/services/autumn/src/api.rs index 5c567146..d711e533 100644 --- a/crates/services/autumn/src/api.rs +++ b/crates/services/autumn/src/api.rs @@ -34,6 +34,12 @@ pub async fn router() -> Router { let cors = CorsLayer::new() .allow_methods([Method::POST]) .allow_headers(AllowHeaders::mirror_request()) + .expose_headers(vec![ + "X-RateLimit-Limit".try_into().unwrap(), + "X-RateLimit-Bucket".try_into().unwrap(), + "X-RateLimit-Remaining".try_into().unwrap(), + "X-RateLimit-Reset-After".try_into().unwrap(), + ]) .allow_origin(Any); Router::new() diff --git a/crates/services/gifbox/Cargo.toml b/crates/services/gifbox/Cargo.toml index fade557c..6588f8ef 100644 --- a/crates/services/gifbox/Cargo.toml +++ b/crates/services/gifbox/Cargo.toml @@ -36,6 +36,7 @@ revolt-ratelimits = { version = "0.9.4", path = "../../core/ratelimits", feature # Axum / web server axum = { version = "0.7.5" } axum-extra = { version = "0.9", features = ["typed-header"] } +tower-http = { version = "0.5.2", features = ["cors"] } # OpenAPI & documentation generation utoipa-scalar = { version = "0.1.0", features = ["axum"] } diff --git a/crates/services/gifbox/src/routes/mod.rs b/crates/services/gifbox/src/routes/mod.rs index efee317f..e47e19f0 100644 --- a/crates/services/gifbox/src/routes/mod.rs +++ b/crates/services/gifbox/src/routes/mod.rs @@ -1,5 +1,9 @@ use crate::AppState; -use axum::routing::{get, Router}; +use axum::{ + http::Method, + routing::{get, Router}, +}; +use tower_http::cors::{AllowHeaders, Any, CorsLayer}; pub mod categories; pub mod root; @@ -7,9 +11,21 @@ pub mod search; pub mod trending; pub fn router() -> Router { + let cors = CorsLayer::new() + .allow_methods([Method::GET]) + .allow_headers(AllowHeaders::mirror_request()) + .expose_headers(vec![ + "X-RateLimit-Limit".try_into().unwrap(), + "X-RateLimit-Bucket".try_into().unwrap(), + "X-RateLimit-Remaining".try_into().unwrap(), + "X-RateLimit-Reset-After".try_into().unwrap(), + ]) + .allow_origin(Any); + Router::new() .route("/", get(root::root)) .route("/categories", get(categories::categories)) .route("/search", get(search::search)) .route("/trending", get(trending::trending)) + .layer(cors) }