diff --git a/src/main/java/com/MeetMate/security/JwtAuthenticationFilter.java b/src/main/java/com/MeetMate/security/JwtAuthenticationFilter.java index a279fb1..b73df70 100644 --- a/src/main/java/com/MeetMate/security/JwtAuthenticationFilter.java +++ b/src/main/java/com/MeetMate/security/JwtAuthenticationFilter.java @@ -6,7 +6,6 @@ import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import org.jetbrains.annotations.NotNull; -import org.springframework.core.Ordered; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; @@ -45,7 +44,7 @@ protected void doFilterInternal( if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() - == null) { // check f if user is already authenticated + == null) { // check f if user is already authenticated UserDetails userDetails = userDetailsService.loadUserByUsername(userEmail); if (jwtService.isTokenValid(jwt, userDetails)) { diff --git a/src/main/java/com/MeetMate/security/JwtService.java b/src/main/java/com/MeetMate/security/JwtService.java index 1e55955..b73c073 100644 --- a/src/main/java/com/MeetMate/security/JwtService.java +++ b/src/main/java/com/MeetMate/security/JwtService.java @@ -8,11 +8,12 @@ import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.security.Keys; import jakarta.persistence.EntityNotFoundException; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Service; + import java.security.Key; import java.util.Date; import java.util.function.Function; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.stereotype.Service; @Service public class JwtService { diff --git a/src/main/java/com/MeetMate/security/SecurityConfig.java b/src/main/java/com/MeetMate/security/SecurityConfig.java index 2cbf510..51dd9d2 100644 --- a/src/main/java/com/MeetMate/security/SecurityConfig.java +++ b/src/main/java/com/MeetMate/security/SecurityConfig.java @@ -30,7 +30,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws .permitAll() // Whitelist .anyRequest() .authenticated() // Everything else should be authenticated - ) + ) .sessionManagement( sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) diff --git a/src/main/java/com/MeetMate/throttle/IPRateLimiter.java b/src/main/java/com/MeetMate/throttle/IPRateLimiter.java index bf2b8f7..33eb841 100644 --- a/src/main/java/com/MeetMate/throttle/IPRateLimiter.java +++ b/src/main/java/com/MeetMate/throttle/IPRateLimiter.java @@ -6,7 +6,6 @@ import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import org.jetbrains.annotations.NotNull; -import org.springframework.core.Ordered; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; @@ -17,7 +16,7 @@ @Component @RequiredArgsConstructor -public class IPRateLimiter extends OncePerRequestFilter { +public class IPRateLimiter extends OncePerRequestFilter { private final HashMap> requests = new HashMap<>(); private final int maxRequests = 2; @@ -30,6 +29,12 @@ protected void doFilterInternal( @NotNull FilterChain filterChain) throws ServletException, IOException { + String url = request.getRequestURI(); + if (url.equals("/api/user/get")) { + filterChain.doFilter(request, response); + return; + } + String ip = request.getRemoteAddr(); if (requests.containsKey(ip))