Configurable block and allowlist for both endpoints(encrypt, decrypt)

[whotwagner]

Some people are facing the threat that they don't want that people can host malicious text using a service of their domain. They might want to allow people to only view secrets but not post secrets.

We can easily create configurable block and allowlists for rack-attack. We already have rack-attack for ratelimiting.

[armins]

When creation of a secret is disabled for my ip, what will be blocked?
Only the POST route? Or even the '/' route?

Imho the '/' should be disabled, too.
Additionally there should be a info written like "creating a secret is disabled"

Currently, when i reveal a secret there is a link to create another secret - this should be only listed if i can create another secret imho.

[whotwagner]

I would create a config like:

blocklist:
  - ip: 8.8.8.8
    type: [create|read|both]

allowlist:
  - ip: 127.0.0.1
  - ip: 192.168.0.0/24
    type: create
  - ip: 172.17.0.0/24
    type: read

And depending if type is read or create or both, the ip will be appended on the lists for all sites that are necessary for read, all sites that are necessary for create or both