Skip to content

Commit

Permalink
Merge pull request #39 from Informatik-Projekt-Kurs/IPK-191-Remove-Us…
Browse files Browse the repository at this point in the history 
…er-GET-from-rate-limiter

Removed requests from '/api/user/get' from getting stopped by the IP-ratelimiter
  • Loading branch information
@Gugi-Games
Gugi-Games authored Apr 3, 2024
2 parents 6c7e8a1 + 6ad19d4 commit 57174c4
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 7 deletions.
3 changes: 1 addition & 2 deletions src/main/java/com/MeetMate/security/JwtAuthenticationFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.jetbrains.annotations.NotNull;
import org.springframework.core.Ordered;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
Expand Down Expand Up @@ -45,7 +44,7 @@ protected void doFilterInternal(

if (userEmail != null
&& SecurityContextHolder.getContext().getAuthentication()
== null) { // check f if user is already authenticated
== null) { // check f if user is already authenticated
UserDetails userDetails = userDetailsService.loadUserByUsername(userEmail);

if (jwtService.isTokenValid(jwt, userDetails)) {
Expand Down
5 changes: 3 additions & 2 deletions src/main/java/com/MeetMate/security/JwtService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import jakarta.persistence.EntityNotFoundException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

import java.security.Key;
import java.util.Date;
import java.util.function.Function;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

@Service
public class JwtService {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/MeetMate/security/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
.permitAll() // Whitelist
.anyRequest()
.authenticated() // Everything else should be authenticated
)
)
.sessionManagement(
sessionManagement ->
sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
Expand Down
9 changes: 7 additions & 2 deletions src/main/java/com/MeetMate/throttle/IPRateLimiter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.jetbrains.annotations.NotNull;
import org.springframework.core.Ordered;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

Expand All @@ -17,7 +16,7 @@

@Component
@RequiredArgsConstructor
public class IPRateLimiter extends OncePerRequestFilter {
public class IPRateLimiter extends OncePerRequestFilter {

private final HashMap<String, LinkedList<Long>> requests = new HashMap<>();
private final int maxRequests = 2;
Expand All @@ -30,6 +29,12 @@ protected void doFilterInternal(
@NotNull FilterChain filterChain)
throws ServletException, IOException {

String url = request.getRequestURI();
if (url.equals("/api/user/get")) {
filterChain.doFilter(request, response);
return;
}

String ip = request.getRemoteAddr();

if (requests.containsKey(ip))
Expand Down

0 comments on commit 57174c4

Please sign in to comment.