saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-08-26 14:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

init limits for users and non Authed Users

Browse Source
This commit is contained in:
Anthony Stirling 2025-08-12 09:40:59 +01:00
parent 1a51a43962
commit 30937d204e
16 changed files with 1577 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.claude/settings.local.json
View File

@ -10,7 +10,9 @@
"Bash(npm test)",
"Bash(npm test:*)",
"Bash(ls:*)",
"Bash(npx tsc:*)"
"Bash(npx tsc:*)",
"Bash(echo)",
"Bash(rm:*)"
],
"deny": []
}

8
app/core/src/main/resources/application.properties
View File

@ -58,3 +58,11 @@ spring.main.allow-bean-definition-overriding=true
# Set up a consistent temporary directory location
java.io.tmpdir=${stirling.tempfiles.directory:${java.io.tmpdir}/stirling-pdf}
# API Rate Limiting Configuration
api.rate-limit.enabled=true
api.rate-limit.anonymous.enabled=true
api.rate-limit.anonymous.monthly-limit=10
api.rate-limit.anonymous.abuse-threshold=3
api.rate-limit.exclude-settings=true
api.rate-limit.exclude-actuator=true

68
app/proprietary/src/main/java/stirling/software/proprietary/config/ApiRateLimitConfiguration.java Normal file
View File

@ -0,0 +1,68 @@
package stirling.software.proprietary.config;
import java.util.Map;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import stirling.software.common.model.enumeration.Role;
import stirling.software.proprietary.service.ApiRateLimitService;
@Configuration
@ConfigurationProperties(prefix = "api.rate-limit")
@Data
@Slf4j
public class ApiRateLimitConfiguration {
private boolean enabled = true;
private boolean excludeSettings = true;
private boolean excludeActuator = true;
/**
* Default monthly limits by role. Override in application.yml/properties.
* Note: Integer.MAX_VALUE is treated as "unlimited".
*/
private Map<String, Integer> defaultLimits = Map.of(
"ROLE_SYSTEM_ADMIN", Integer.MAX_VALUE,
"ROLE_ORG_ADMIN", 10000,
"ROLE_TEAM_LEAD", 5000,
"ROLE_ADMIN", Integer.MAX_VALUE,
"ROLE_USER", 1000,
"ROLE_DEMO_USER", 100,
"STIRLING-PDF-BACKEND-API-USER", Integer.MAX_VALUE
);
@Bean
public CommandLineRunner initializeDefaultRateLimits(ApiRateLimitService rateLimitService) {
return args -> {
if (!enabled) {
log.info("API rate limiting is disabled");
return;
}
log.info("Initializing default API rate limits...");
initializeDefaults(rateLimitService);
log.info("Default API rate limits initialized successfully");
};
}
private void initializeDefaults(ApiRateLimitService rateLimitService) {
for (Map.Entry<String, Integer> entry : defaultLimits.entrySet()) {
String roleName = entry.getKey();
Integer limit = entry.getValue();
try {
Role.fromString(roleName);
rateLimitService.createOrUpdateRoleDefault(roleName, limit);
log.debug("Set default rate limit for role {} to {}/month",
roleName, limit == Integer.MAX_VALUE ? "unlimited" : limit);
} catch (IllegalArgumentException e) {
log.warn("Skipping unknown role in rate limit config: {}", roleName);
}
}
}
}

213
app/proprietary/src/main/java/stirling/software/proprietary/controller/api/ApiRateLimitController.java Normal file
View File

@ -0,0 +1,213 @@
package stirling.software.proprietary.controller.api;
import java.time.YearMonth;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.*;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.proprietary.model.ApiRateLimitConfig;
import stirling.software.proprietary.model.Organization;
import stirling.software.proprietary.security.model.User;
import stirling.software.proprietary.security.repository.OrganizationRepository;
import stirling.software.proprietary.security.service.UserService;
import stirling.software.proprietary.service.ApiRateLimitService;
@RestController
@RequestMapping("/api/v1/rate-limits")
@RequiredArgsConstructor
@Slf4j
@Tag(name = "API Rate Limits", description = "Endpoints for managing and viewing API rate limits")
public class ApiRateLimitController {
private final ApiRateLimitService rateLimitService;
private final UserService userService;
private final OrganizationRepository organizationRepository;
public record UsageMetricsResponse(
int currentUsage,
int monthlyLimit,
int remaining,
String scope,
String month,
boolean isPooled,
long resetEpochMillis
) {}
public record UpdateLimitRequest(
int monthlyLimit,
boolean isPooled
) {}
@GetMapping("/usage")
@Operation(summary = "Get current usage metrics",
description = "Returns the current API usage metrics for the authenticated user")
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Usage metrics retrieved successfully"),
@ApiResponse(responseCode = "401", description = "Not authenticated")
})
public ResponseEntity<UsageMetricsResponse> getCurrentUsage(Authentication auth) {
User user = getUserFromAuth(auth);
if (user == null) {
return ResponseEntity.status(401).build();
}
ApiRateLimitService.UsageMetrics metrics = rateLimitService.getUsageMetrics(user);
return ResponseEntity.ok(new UsageMetricsResponse(
metrics.currentUsage(),
metrics.monthlyLimit(),
metrics.remaining(),
metrics.scope(),
metrics.month().toString(),
metrics.isPooled(),
getNextMonthResetEpochMillis()
));
}
@GetMapping("/usage/{username}")
@PreAuthorize("hasAnyRole('SYSTEM_ADMIN', 'ORG_ADMIN', 'TEAM_LEAD')")
@Operation(summary = "Get usage metrics for a specific user",
description = "Returns API usage metrics for the specified user (requires admin privileges)")
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Usage metrics retrieved successfully"),
@ApiResponse(responseCode = "403", description = "Insufficient privileges"),
@ApiResponse(responseCode = "404", description = "User not found")
})
public ResponseEntity<UsageMetricsResponse> getUserUsage(
@PathVariable @Parameter(description = "Username to get metrics for") String username,
Authentication auth) {
User requestingUser = getUserFromAuth(auth);
User targetUser = userService.findByUsername(username).orElse(null);
if (targetUser == null) {
return ResponseEntity.notFound().build();
}
if (!requestingUser.canManageUser(targetUser)) {
return ResponseEntity.status(403).build();
}
ApiRateLimitService.UsageMetrics metrics = rateLimitService.getUsageMetrics(targetUser);
return ResponseEntity.ok(new UsageMetricsResponse(
metrics.currentUsage(),
metrics.monthlyLimit(),
metrics.remaining(),
metrics.scope(),
metrics.month().toString(),
metrics.isPooled(),
getNextMonthResetEpochMillis()
));
}
@PutMapping("/user/{username}")
@PreAuthorize("hasAnyRole('SYSTEM_ADMIN', 'ORG_ADMIN')")
@Operation(summary = "Update rate limit for a user",
description = "Sets a custom rate limit for a specific user")
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Rate limit updated successfully"),
@ApiResponse(responseCode = "403", description = "Insufficient privileges"),
@ApiResponse(responseCode = "404", description = "User not found")
})
public ResponseEntity<ApiRateLimitConfig> updateUserLimit(
@PathVariable @Parameter(description = "Username to update") String username,
@RequestBody UpdateLimitRequest request,
Authentication auth) {
User requestingUser = getUserFromAuth(auth);
User targetUser = userService.findByUsername(username).orElse(null);
if (targetUser == null) {
return ResponseEntity.notFound().build();
}
if (!requestingUser.canManageUser(targetUser)) {
return ResponseEntity.status(403).build();
}
ApiRateLimitConfig config = rateLimitService.createOrUpdateUserLimit(
targetUser, request.monthlyLimit());
return ResponseEntity.ok(config);
}
@PutMapping("/organization/{orgId}")
@PreAuthorize("hasAnyRole('SYSTEM_ADMIN', 'ORG_ADMIN')")
@Operation(summary = "Update rate limit for an organization",
description = "Sets a rate limit for an entire organization")
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Rate limit updated successfully"),
@ApiResponse(responseCode = "403", description = "Insufficient privileges"),
@ApiResponse(responseCode = "404", description = "Organization not found")
})
public ResponseEntity<ApiRateLimitConfig> updateOrgLimit(
@PathVariable @Parameter(description = "Organization ID") Long orgId,
@RequestBody UpdateLimitRequest request,
Authentication auth) {
User requestingUser = getUserFromAuth(auth);
Organization org = organizationRepository.findById(orgId).orElse(null);
if (org == null) {
return ResponseEntity.notFound().build();
}
if (!requestingUser.isSystemAdmin()) {
Organization userOrg = requestingUser.getOrganization();
if (userOrg == null || !userOrg.getId().equals(orgId) || !requestingUser.isOrgAdmin()) {
return ResponseEntity.status(403).build();
}
}
ApiRateLimitConfig config = rateLimitService.createOrUpdateOrgLimit(
org, request.monthlyLimit(), request.isPooled());
return ResponseEntity.ok(config);
}
@PutMapping("/role/{roleName}")
@PreAuthorize("hasRole('SYSTEM_ADMIN')")
@Operation(summary = "Update default rate limit for a role",
description = "Sets the default rate limit for all users with a specific role")
@ApiResponses({
@ApiResponse(responseCode = "200", description = "Rate limit updated successfully"),
@ApiResponse(responseCode = "403", description = "Insufficient privileges")
})
public ResponseEntity<ApiRateLimitConfig> updateRoleDefault(
@PathVariable @Parameter(description = "Role name") String roleName,
@RequestBody UpdateLimitRequest request) {
ApiRateLimitConfig config = rateLimitService.createOrUpdateRoleDefault(
roleName, request.monthlyLimit());
return ResponseEntity.ok(config);
}
private User getUserFromAuth(Authentication auth) {
if (auth == null || !auth.isAuthenticated()) {
return null;
}
return userService.findByUsername(auth.getName()).orElse(null);
}
private long getNextMonthResetEpochMillis() {
YearMonth currentMonth = YearMonth.now(ZoneOffset.UTC);
YearMonth nextMonth = currentMonth.plusMonths(1);
ZonedDateTime resetTime = nextMonth.atDay(1).atStartOfDay(ZoneOffset.UTC);
return resetTime.toInstant().toEpochMilli();
}
}

104
app/proprietary/src/main/java/stirling/software/proprietary/model/AnonymousApiUsage.java Normal file
View File

@ -0,0 +1,104 @@
package stirling.software.proprietary.model;
import java.io.Serializable;
import java.time.Instant;
import java.time.YearMonth;
import java.util.HashSet;
import java.util.Set;
import jakarta.persistence.*;
import jakarta.validation.constraints.NotNull;
import org.hibernate.annotations.CreationTimestamp;
import org.hibernate.annotations.UpdateTimestamp;
import lombok.*;
import stirling.software.proprietary.model.converter.YearMonthStringConverter;
@Entity
@Table(name = "anonymous_api_usage",
uniqueConstraints = {
@UniqueConstraint(name = "uq_anon_fingerprint_month", columnNames = {"fingerprint", "month"})
},
indexes = {
@Index(name = "idx_anon_fingerprint", columnList = "fingerprint"),
@Index(name = "idx_anon_month", columnList = "month"),
@Index(name = "idx_anon_ip", columnList = "ip_address")
})
@NoArgsConstructor
@AllArgsConstructor
@Builder
@Getter
@Setter
@EqualsAndHashCode(onlyExplicitlyIncluded = true)
@ToString(onlyExplicitlyIncluded = true)
public class AnonymousApiUsage implements Serializable {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@EqualsAndHashCode.Include
@ToString.Include
private Long id;
@NotNull
@Column(name = "fingerprint", nullable = false, length = 128)
@ToString.Include
private String fingerprint;
@NotNull
@Column(name = "month", nullable = false, length = 7)
@Convert(converter = YearMonthStringConverter.class)
private YearMonth month;
@NotNull
@Column(name = "usage_count", nullable = false)
@Builder.Default
private Integer usageCount = 0;
@Column(name = "ip_address", length = 45)
private String ipAddress;
@Column(name = "user_agent", length = 512)
private String userAgent;
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
name = "anonymous_api_related_fingerprints",
joinColumns = @JoinColumn(name = "usage_id")
)
@Column(name = "related_fingerprint")
@Builder.Default
private Set<String> relatedFingerprints = new HashSet<>();
@Column(name = "abuse_score")
@Builder.Default
private Integer abuseScore = 0;
@Column(name = "is_blocked")
@Builder.Default
private Boolean isBlocked = false;
@Column(name = "last_access")
private Instant lastAccess;
@CreationTimestamp
@Column(name = "created_at", updatable = false, nullable = false)
private Instant createdAt;
@UpdateTimestamp
@Column(name = "updated_at", nullable = false)
private Instant updatedAt;
@Version
@Column(name = "version")
private Long version;
@PreUpdate
public void preUpdate() {
this.lastAccess = Instant.now();
}
}

124
app/proprietary/src/main/java/stirling/software/proprietary/model/ApiRateLimitConfig.java Normal file
View File

@ -0,0 +1,124 @@
package stirling.software.proprietary.model;
import java.io.Serializable;
import java.time.Instant;
import jakarta.persistence.*;
import jakarta.validation.constraints.Min;
import jakarta.validation.constraints.NotNull;
import org.hibernate.annotations.CreationTimestamp;
import org.hibernate.annotations.UpdateTimestamp;
import lombok.*;
import stirling.software.proprietary.security.model.User;
@Entity
@Table(name = "api_rate_limit_configs",
uniqueConstraints = {
@UniqueConstraint(name = "uq_user_cfg", columnNames = {"scope_type", "user_id"}),
@UniqueConstraint(name = "uq_org_cfg", columnNames = {"scope_type", "org_id"}),
@UniqueConstraint(name = "uq_role_cfg", columnNames = {"scope_type", "role_name"})
},
indexes = {
@Index(name = "idx_cfg_user", columnList = "user_id"),
@Index(name = "idx_cfg_org", columnList = "org_id"),
@Index(name = "idx_cfg_role", columnList = "role_name"),
@Index(name = "idx_cfg_scope", columnList = "scope_type")
})
@NoArgsConstructor
@AllArgsConstructor
@Builder
@Getter
@Setter
@EqualsAndHashCode(onlyExplicitlyIncluded = true)
@ToString(onlyExplicitlyIncluded = true)
public class ApiRateLimitConfig implements Serializable {
private static final long serialVersionUID = 1L;
public enum ScopeType {
USER,
ORGANIZATION,
ROLE_DEFAULT
}
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@EqualsAndHashCode.Include
@ToString.Include
private Long id;
@NotNull
@Column(name = "scope_type", nullable = false, length = 20)
@Enumerated(EnumType.STRING)
private ScopeType scopeType;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id", nullable = true)
private User user;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "org_id", nullable = true)
private Organization organization;
@Column(name = "role_name", nullable = true, length = 50)
private String roleName;
@NotNull
@Min(0)
@Column(name = "monthly_limit", nullable = false)
private Integer monthlyLimit;
@NotNull
@Builder.Default
@Column(name = "is_pooled", nullable = false)
private Boolean isPooled = false;
@NotNull
@Builder.Default
@Column(name = "is_active", nullable = false)
private Boolean isActive = true;
@CreationTimestamp
@Column(name = "created_at", updatable = false, nullable = false)
private Instant createdAt;
@UpdateTimestamp
@Column(name = "updated_at", nullable = false)
private Instant updatedAt;
@Version
@Column(name = "version")
private Long version;
@PrePersist
@PreUpdate
protected void validateScope() {
int nonNullCount = 0;
if (user != null) nonNullCount++;
if (organization != null) nonNullCount++;
if (roleName != null) nonNullCount++;
if (nonNullCount != 1) {
throw new IllegalStateException(
"Exactly one of user, organization, or roleName must be set");
}
if (user != null && scopeType != ScopeType.USER) {
throw new IllegalStateException("ScopeType must be USER when user is set");
}
if (organization != null && scopeType != ScopeType.ORGANIZATION) {
throw new IllegalStateException("ScopeType must be ORGANIZATION when organization is set");
}
if (roleName != null && scopeType != ScopeType.ROLE_DEFAULT) {
throw new IllegalStateException("ScopeType must be ROLE_DEFAULT when roleName is set");
}
if (Boolean.TRUE.equals(isPooled) && scopeType != ScopeType.ORGANIZATION) {
throw new IllegalStateException("isPooled can only be true for ORGANIZATION scope");
}
}
}

106
app/proprietary/src/main/java/stirling/software/proprietary/model/ApiRateLimitUsage.java Normal file
View File

@ -0,0 +1,106 @@
package stirling.software.proprietary.model;
import java.io.Serializable;
import java.time.Instant;
import java.time.YearMonth;
import java.time.ZoneOffset;
import jakarta.persistence.*;
import jakarta.validation.constraints.Min;
import jakarta.validation.constraints.NotNull;
import org.hibernate.annotations.CreationTimestamp;
import org.hibernate.annotations.UpdateTimestamp;
import lombok.*;
import stirling.software.proprietary.security.model.User;
@Entity
@Table(name = "api_rate_limit_usage",
uniqueConstraints = {
@UniqueConstraint(name = "uq_user_month", columnNames = {"user_id", "month_key"}),
@UniqueConstraint(name = "uq_org_month", columnNames = {"org_id", "month_key"})
},
indexes = {
@Index(name = "idx_usage_user_month", columnList = "user_id, month_key"),
@Index(name = "idx_usage_org_month", columnList = "org_id, month_key"),
@Index(name = "idx_usage_month", columnList = "month_key")
})
@NoArgsConstructor
@AllArgsConstructor
@Builder
@Getter
@Setter
@EqualsAndHashCode(onlyExplicitlyIncluded = true)
@ToString(onlyExplicitlyIncluded = true)
public class ApiRateLimitUsage implements Serializable {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
@EqualsAndHashCode.Include
@ToString.Include
private Long id;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id", nullable = true)
private User user;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "org_id", nullable = true)
private Organization organization;
@NotNull
@Column(name = "month_key", nullable = false, length = 7)
@ToString.Include
private YearMonth monthKey;
@NotNull
@Min(0)
@Builder.Default
@Column(name = "usage_count", nullable = false)
private Integer usageCount = 0;
@CreationTimestamp
@Column(name = "created_at", updatable = false, nullable = false)
private Instant createdAt;
@UpdateTimestamp
@Column(name = "updated_at", nullable = false)
private Instant updatedAt;
@Version
@Column(name = "version")
private Long version;
@PrePersist
@PreUpdate
protected void validateScope() {
if ((user == null && organization == null) || (user != null && organization != null)) {
throw new IllegalStateException("Exactly one of user or organization must be set");
}
}
public static YearMonth getCurrentMonth() {
return YearMonth.now(ZoneOffset.UTC);
}
public static ApiRateLimitUsage forUser(User user) {
return ApiRateLimitUsage.builder()
.user(user)
.monthKey(getCurrentMonth())
.usageCount(0)
.build();
}
public static ApiRateLimitUsage forOrganization(Organization org) {
return ApiRateLimitUsage.builder()
.organization(org)
.monthKey(getCurrentMonth())
.usageCount(0)
.build();
}
}

23
app/proprietary/src/main/java/stirling/software/proprietary/model/converter/YearMonthStringConverter.java Normal file
View File

@ -0,0 +1,23 @@
package stirling.software.proprietary.model.converter;
import java.time.YearMonth;
import java.time.format.DateTimeFormatter;
import jakarta.persistence.AttributeConverter;
import jakarta.persistence.Converter;
@Converter(autoApply = true)
public class YearMonthStringConverter implements AttributeConverter<YearMonth, String> {
private static final DateTimeFormatter FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM");
@Override
public String convertToDatabaseColumn(YearMonth yearMonth) {
return yearMonth != null ? yearMonth.format(FORMATTER) : null;
}
@Override
public YearMonth convertToEntityAttribute(String dbData) {
return dbData != null ? YearMonth.parse(dbData, FORMATTER) : null;
}
}

78
app/proprietary/src/main/java/stirling/software/proprietary/repository/AnonymousApiUsageRepository.java Normal file
View File

@ -0,0 +1,78 @@
package stirling.software.proprietary.repository;
import java.time.YearMonth;
import java.util.List;
import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;
import stirling.software.proprietary.model.AnonymousApiUsage;
@Repository
public interface AnonymousApiUsageRepository extends JpaRepository<AnonymousApiUsage, Long> {
Optional<AnonymousApiUsage> findByFingerprintAndMonth(String fingerprint, YearMonth month);
@Query("SELECT a FROM AnonymousApiUsage a WHERE a.fingerprint = :fingerprint AND a.month = :month AND a.isBlocked = false")
Optional<AnonymousApiUsage> findActiveByFingerprintAndMonth(@Param("fingerprint") String fingerprint, @Param("month") YearMonth month);
@Query("SELECT a FROM AnonymousApiUsage a WHERE a.ipAddress = :ipAddress AND a.month = :month")
List<AnonymousApiUsage> findByIpAddressAndMonth(@Param("ipAddress") String ipAddress, @Param("month") YearMonth month);
@Query("SELECT a FROM AnonymousApiUsage a WHERE :fingerprint IN (SELECT rf FROM a.relatedFingerprints rf) AND a.month = :month")
List<AnonymousApiUsage> findRelatedUsages(@Param("fingerprint") String fingerprint, @Param("month") YearMonth month);
@Query("SELECT COALESCE(SUM(a.usageCount), 0) FROM AnonymousApiUsage a WHERE a.ipAddress = :ipAddress AND a.month = :month")
Integer getTotalUsageByIpAndMonth(@Param("ipAddress") String ipAddress, @Param("month") YearMonth month);
@Modifying
@Query("UPDATE AnonymousApiUsage a SET a.usageCount = a.usageCount + 1, a.lastAccess = CURRENT_TIMESTAMP WHERE a.id = :id AND a.usageCount < :limit")
int incrementUsage(@Param("id") Long id, @Param("limit") int limit);
@Modifying
@Query("UPDATE AnonymousApiUsage a SET a.isBlocked = true WHERE a.fingerprint = :fingerprint")
void blockFingerprint(@Param("fingerprint") String fingerprint);
@Modifying
@Query("UPDATE AnonymousApiUsage a SET a.abuseScore = a.abuseScore + :increment WHERE a.id = :id")
void incrementAbuseScore(@Param("id") Long id, @Param("increment") int increment);
@Query("SELECT COUNT(DISTINCT a.fingerprint) FROM AnonymousApiUsage a WHERE a.ipAddress = :ipAddress AND a.month = :month")
Long countDistinctFingerprintsForIp(@Param("ipAddress") String ipAddress, @Param("month") YearMonth month);
@Modifying
@Query(value = "INSERT INTO anonymous_api_usage (fingerprint, month, usage_count, ip_address, user_agent, abuse_score, is_blocked, last_access, created_at, updated_at, version) " +
"VALUES (:fingerprint, :month, 1, :ipAddress, :userAgent, 0, false, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0) " +
"ON CONFLICT (fingerprint, month) DO UPDATE SET " +
"usage_count = anonymous_api_usage.usage_count + 1, " +
"last_access = CURRENT_TIMESTAMP, " +
"updated_at = CURRENT_TIMESTAMP " +
"WHERE anonymous_api_usage.usage_count < :limit",
nativeQuery = true)
int upsertAndIncrement(@Param("fingerprint") String fingerprint,
@Param("month") String month,
@Param("ipAddress") String ipAddress,
@Param("userAgent") String userAgent,
@Param("limit") int limit);
@Query(value = "INSERT INTO anonymous_api_usage (fingerprint, month, usage_count, ip_address, user_agent, " +
"abuse_score, is_blocked, last_access, created_at, updated_at, version) " +
"VALUES (:fingerprint, :month, 1, :ipAddress, :userAgent, 0, false, CURRENT_TIMESTAMP, " +
"CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0) " +
"ON CONFLICT (fingerprint, month) DO UPDATE SET " +
"usage_count = anonymous_api_usage.usage_count + 1, " +
"last_access = CURRENT_TIMESTAMP, " +
"updated_at = CURRENT_TIMESTAMP " +
"WHERE anonymous_api_usage.usage_count < :limit " +
"RETURNING usage_count",
nativeQuery = true)
Integer upsertAndIncrementReturningCount(@Param("fingerprint") String fingerprint,
@Param("month") String month,
@Param("ipAddress") String ipAddress,
@Param("userAgent") String userAgent,
@Param("limit") int limit);
}

34
app/proprietary/src/main/java/stirling/software/proprietary/repository/ApiRateLimitConfigRepository.java Normal file
View File

@ -0,0 +1,34 @@
package stirling.software.proprietary.repository;
import java.util.List;
import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;
import stirling.software.proprietary.model.ApiRateLimitConfig;
import stirling.software.proprietary.model.ApiRateLimitConfig.ScopeType;
import stirling.software.proprietary.model.Organization;
import stirling.software.proprietary.security.model.User;
@Repository
public interface ApiRateLimitConfigRepository extends JpaRepository<ApiRateLimitConfig, Long> {
Optional<ApiRateLimitConfig> findByUserAndIsActiveTrue(User user);
Optional<ApiRateLimitConfig> findByOrganizationAndIsActiveTrue(Organization organization);
Optional<ApiRateLimitConfig> findByScopeTypeAndRoleNameAndIsActiveTrue(ScopeType scopeType, String roleName);
@Query("""
SELECT c
FROM ApiRateLimitConfig c
WHERE c.isActive = true
AND c.scopeType = stirling.software.proprietary.model.ApiRateLimitConfig$ScopeType.ROLE_DEFAULT
AND c.roleName = :roleName
""")
Optional<ApiRateLimitConfig> findDefaultForRole(@Param("roleName") String roleName);
}

73
app/proprietary/src/main/java/stirling/software/proprietary/repository/ApiRateLimitUsageRepository.java Normal file
View File

@ -0,0 +1,73 @@
package stirling.software.proprietary.repository;
import java.time.YearMonth;
import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import stirling.software.proprietary.model.ApiRateLimitUsage;
import stirling.software.proprietary.model.Organization;
import stirling.software.proprietary.security.model.User;
@Repository
public interface ApiRateLimitUsageRepository extends JpaRepository<ApiRateLimitUsage, Long> {
Optional<ApiRateLimitUsage> findByUserAndMonthKey(User user, YearMonth monthKey);
Optional<ApiRateLimitUsage> findByOrganizationAndMonthKey(Organization organization, YearMonth monthKey);
default int getUserUsageOrZero(User user, YearMonth monthKey) {
return findByUserAndMonthKey(user, monthKey)
.map(ApiRateLimitUsage::getUsageCount)
.orElse(0);
}
default int getOrgUsageOrZero(Organization org, YearMonth monthKey) {
return findByOrganizationAndMonthKey(org, monthKey)
.map(ApiRateLimitUsage::getUsageCount)
.orElse(0);
}
@Modifying(flushAutomatically = true, clearAutomatically = false)
@Transactional
@Query(
value = """
INSERT INTO api_rate_limit_usage (user_id, month_key, usage_count, created_at, updated_at, version)
VALUES (:#{#user.id}, :monthKey, :inc, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0)
ON CONFLICT (user_id, month_key) DO UPDATE
SET usage_count = api_rate_limit_usage.usage_count + :inc,
updated_at = CURRENT_TIMESTAMP,
version = api_rate_limit_usage.version + 1
WHERE api_rate_limit_usage.usage_count + :inc <= :maxLimit
""",
nativeQuery = true
)
int upsertAndIncrementUserUsage(@Param("user") User user,
@Param("monthKey") String monthKey,
@Param("inc") int increment,
@Param("maxLimit") int maxLimit);
@Modifying(flushAutomatically = true, clearAutomatically = false)
@Transactional
@Query(
value = """
INSERT INTO api_rate_limit_usage (org_id, month_key, usage_count, created_at, updated_at, version)
VALUES (:#{#org.id}, :monthKey, :inc, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0)
ON CONFLICT (org_id, month_key) DO UPDATE
SET usage_count = api_rate_limit_usage.usage_count + :inc,
updated_at = CURRENT_TIMESTAMP,
version = api_rate_limit_usage.version + 1
WHERE api_rate_limit_usage.usage_count + :inc <= :maxLimit
""",
nativeQuery = true
)
int upsertAndIncrementOrgUsage(@Param("org") Organization org,
@Param("monthKey") String monthKey,
@Param("inc") int increment,
@Param("maxLimit") int maxLimit);
}

5
app/proprietary/src/main/java/stirling/software/proprietary/security/configuration/SecurityConfiguration.java
View File

@ -38,6 +38,7 @@ import stirling.software.proprietary.security.CustomAuthenticationSuccessHandler
import stirling.software.proprietary.security.CustomLogoutSuccessHandler;
import stirling.software.proprietary.security.database.repository.JPATokenRepositoryImpl;
import stirling.software.proprietary.security.database.repository.PersistentLoginRepository;
import stirling.software.proprietary.security.filter.ApiRateLimitFilter;
import stirling.software.proprietary.security.filter.FirstLoginFilter;
import stirling.software.proprietary.security.filter.IPRateLimitingFilter;
import stirling.software.proprietary.security.filter.UserAuthenticationFilter;
@ -70,6 +71,7 @@ public class SecurityConfiguration {
private final UserAuthenticationFilter userAuthenticationFilter;
private final LoginAttemptService loginAttemptService;
private final FirstLoginFilter firstLoginFilter;
private final ApiRateLimitFilter apiRateLimitFilter;
private final SessionPersistentRegistry sessionRegistry;
private final PersistentLoginRepository persistentLoginRepository;
private final GrantedAuthoritiesMapper oAuth2userAuthoritiesMapper;
@ -88,6 +90,7 @@ public class SecurityConfiguration {
UserAuthenticationFilter userAuthenticationFilter,
LoginAttemptService loginAttemptService,
FirstLoginFilter firstLoginFilter,
ApiRateLimitFilter apiRateLimitFilter,
SessionPersistentRegistry sessionRegistry,
@Autowired(required = false) GrantedAuthoritiesMapper oAuth2userAuthoritiesMapper,
@Autowired(required = false)
@ -104,6 +107,7 @@ public class SecurityConfiguration {
this.userAuthenticationFilter = userAuthenticationFilter;
this.loginAttemptService = loginAttemptService;
this.firstLoginFilter = firstLoginFilter;
this.apiRateLimitFilter = apiRateLimitFilter;
this.sessionRegistry = sessionRegistry;
this.persistentLoginRepository = persistentLoginRepository;
this.oAuth2userAuthoritiesMapper = oAuth2userAuthoritiesMapper;
@ -177,6 +181,7 @@ public class SecurityConfiguration {
}
http.addFilterBefore(rateLimitingFilter(), UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(apiRateLimitFilter, UserAuthenticationFilter.class);
http.addFilterAfter(firstLoginFilter, UsernamePasswordAuthenticationFilter.class);
http.sessionManagement(
sessionManagement ->

222
app/proprietary/src/main/java/stirling/software/proprietary/security/filter/ApiRateLimitFilter.java Normal file
View File

@ -0,0 +1,222 @@
package stirling.software.proprietary.security.filter;
import java.io.IOException;
import java.time.YearMonth;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.proprietary.security.matcher.ApiJobEndpointMatcher;
import stirling.software.proprietary.security.model.User;
import stirling.software.proprietary.security.service.UserService;
import stirling.software.proprietary.service.ApiRateLimitService;
@Component
@Order(1)
@RequiredArgsConstructor
@Slf4j
public class ApiRateLimitFilter extends OncePerRequestFilter {
private final ApiRateLimitService rateLimitService;
private final UserService userService;
private final ApiJobEndpointMatcher apiJobEndpointMatcher;
private final ObjectMapper objectMapper;
@Value("${api.rate-limit.enabled:true}")
private boolean rateLimitEnabled;
@Value("${api.rate-limit.anonymous.enabled:true}")
private boolean anonymousRateLimitEnabled;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
if (!shouldApplyRateLimit(request)) {
filterChain.doFilter(request, response);
return;
}
User user = getCurrentUser();
ApiRateLimitService.RateLimitStatus status;
if (user == null) {
// Handle anonymous users
if (!anonymousRateLimitEnabled) {
filterChain.doFilter(request, response);
return;
}
String ipAddress = getClientIpAddress(request);
String userAgent = request.getHeader("User-Agent");
status = rateLimitService.checkAndIncrementAnonymousUsage(ipAddress, userAgent);
addRateLimitHeaders(response, status);
if (!status.allowed()) {
handleAnonymousRateLimitExceeded(response, status);
return;
}
} else {
// Handle authenticated users
status = rateLimitService.checkAndIncrementUsage(user);
addRateLimitHeaders(response, status);
if (!status.allowed()) {
handleRateLimitExceeded(response, user, status);
return;
}
}
filterChain.doFilter(request, response);
}
private boolean shouldApplyRateLimit(HttpServletRequest request) {
if (!rateLimitEnabled) {
return false;
}
// Use the shared matcher to determine if this endpoint should be rate-limited
return apiJobEndpointMatcher.matches(request);
}
// TODO: improve with Redis and async in future V2.1
private User getCurrentUser() {
try {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
return null;
}
String username = authentication.getName();
if ("anonymousUser".equals(username)) {
return null;
}
return userService.findByUsername(username).orElse(null);
} catch (Exception e) {
log.error("Error getting user for rate limiting: {}", e.getMessage());
return null;
}
}
private void addRateLimitHeaders(HttpServletResponse response, ApiRateLimitService.RateLimitStatus status) {
// Use standard RateLimit headers (IETF draft-ietf-httpapi-ratelimit-headers)
response.setHeader("RateLimit-Limit", String.valueOf(status.monthlyLimit()));
response.setHeader("RateLimit-Remaining", String.valueOf(status.remaining()));
response.setHeader("RateLimit-Reset", String.valueOf(getNextMonthResetEpochMillis() / 1000)); // Unix timestamp in seconds
response.setHeader("RateLimit-Policy", String.format("%d;w=%d;comment=\"%s\"",
status.monthlyLimit(), getSecondsUntilReset(), status.scope()));
}
private long getNextMonthResetEpochMillis() {
YearMonth currentMonth = YearMonth.now(ZoneOffset.UTC);
YearMonth nextMonth = currentMonth.plusMonths(1);
ZonedDateTime resetTime = nextMonth.atDay(1).atStartOfDay(ZoneOffset.UTC);
return resetTime.toInstant().toEpochMilli();
}
private long getSecondsUntilReset() {
return (getNextMonthResetEpochMillis() - System.currentTimeMillis()) / 1000;
}
private void handleRateLimitExceeded(HttpServletResponse response, User user,
ApiRateLimitService.RateLimitStatus status) throws IOException {
log.warn("Rate limit exceeded for user: {} - {}", user.getUsername(), status.reason());
response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
var errorResponse = new RateLimitErrorResponse(
"Rate limit exceeded",
status.reason(),
status.currentUsage(),
status.monthlyLimit(),
status.scope(),
getNextMonthResetEpochMillis()
);
response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
}
private record RateLimitErrorResponse(
String error,
String message,
int currentUsage,
int monthlyLimit,
String scope,
long resetEpochMillis
) {}
private String getClientIpAddress(HttpServletRequest request) {
// Check for proxy headers
String[] headers = {
"X-Forwarded-For",
"X-Real-IP",
"Proxy-Client-IP",
"WL-Proxy-Client-IP",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_VIA",
"REMOTE_ADDR"
};
for (String header : headers) {
String ip = request.getHeader(header);
if (ip != null && !ip.isEmpty() && !"unknown".equalsIgnoreCase(ip)) {
// Handle comma-separated IPs (in case of multiple proxies)
int commaIndex = ip.indexOf(',');
if (commaIndex > 0) {
ip = ip.substring(0, commaIndex).trim();
}
return ip;
}
}
// Fallback to remote address
return request.getRemoteAddr();
}
private void handleAnonymousRateLimitExceeded(HttpServletResponse response,
ApiRateLimitService.RateLimitStatus status) throws IOException {
log.warn("Anonymous rate limit exceeded - {}", status.reason());
response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
var errorResponse = new RateLimitErrorResponse(
"Rate limit exceeded",
status.reason() + " - Please login for higher limits",
status.currentUsage(),
status.monthlyLimit(),
status.scope(),
getNextMonthResetEpochMillis()
);
response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
}
}

58
app/proprietary/src/main/java/stirling/software/proprietary/security/filter/UserAuthenticationFilter.java
View File

@ -5,6 +5,7 @@ import java.util.List;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
@ -32,6 +33,8 @@ import stirling.software.proprietary.security.model.User;
import stirling.software.proprietary.security.saml2.CustomSaml2AuthenticatedPrincipal;
import stirling.software.proprietary.security.service.UserService;
import stirling.software.proprietary.security.session.SessionPersistentRegistry;
import stirling.software.proprietary.security.matcher.ApiJobEndpointMatcher;
import stirling.software.proprietary.service.ApiRateLimitService;
@Slf4j
@Component
@ -41,16 +44,25 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
private final UserService userService;
private final SessionPersistentRegistry sessionPersistentRegistry;
private final boolean loginEnabledValue;
private final ApiRateLimitService rateLimitService;
private final ApiJobEndpointMatcher apiJobEndpointMatcher;
@Value("${api.rate-limit.anonymous.enabled:true}")
private boolean anonymousApiEnabled;
public UserAuthenticationFilter(
@Lazy ApplicationProperties.Security securityProp,
@Lazy UserService userService,
SessionPersistentRegistry sessionPersistentRegistry,
@Qualifier("loginEnabled") boolean loginEnabledValue) {
@Qualifier("loginEnabled") boolean loginEnabledValue,
@Lazy ApiRateLimitService rateLimitService,
ApiJobEndpointMatcher apiJobEndpointMatcher) {
this.securityProp = securityProp;
this.userService = userService;
this.sessionPersistentRegistry = sessionPersistentRegistry;
this.loginEnabledValue = loginEnabledValue;
this.rateLimitService = rateLimitService;
this.apiJobEndpointMatcher = apiJobEndpointMatcher;
}
@Override
@ -110,11 +122,27 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
}
}
// If we still don't have any authentication, deny the request
// If we still don't have any authentication, check if anonymous API access is allowed
if (authentication == null || !authentication.isAuthenticated()) {
String method = request.getMethod();
String contextPath = request.getContextPath();
// Check if this is an API job endpoint and anonymous access is enabled
if (anonymousApiEnabled && apiJobEndpointMatcher.matches(request)) {
// Check anonymous rate limit
String ipAddress = getClientIpAddress(request);
String userAgent = request.getHeader("User-Agent");
ApiRateLimitService.UsageMetrics metrics = rateLimitService
.getAnonymousUsageMetrics(ipAddress, userAgent);
if (metrics.remaining() > 0) {
// Allow anonymous API access - rate limiting will be enforced by ApiRateLimitFilter
filterChain.doFilter(request, response);
return;
}
}
if ("GET".equalsIgnoreCase(method) && !(contextPath + "/login").equals(requestURI)) {
response.sendRedirect(contextPath + "/login"); // redirect to the login page
return;
@ -125,6 +153,8 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
"Authentication required. Please provide a X-API-KEY in request"
+ " header.\n"
+ "This is found in Settings -> Account Settings -> API Key\n"
+ "Anonymous users have limited API access ("
+ rateLimitService.getAnonymousMonthlyLimit() + " requests/month)\n"
+ "Alternatively you can disable authentication if this is"
+ " unexpected");
return;
@ -255,4 +285,28 @@ public class UserAuthenticationFilter extends OncePerRequestFilter {
return false;
}
private String getClientIpAddress(HttpServletRequest request) {
// Check for proxy headers
String[] headers = {
"X-Forwarded-For",
"X-Real-IP",
"Proxy-Client-IP",
"WL-Proxy-Client-IP"
};
for (String header : headers) {
String ip = request.getHeader(header);
if (ip != null && !ip.isEmpty() && !"unknown".equalsIgnoreCase(ip)) {
// Handle comma-separated IPs
int commaIndex = ip.indexOf(',');
if (commaIndex > 0) {
ip = ip.substring(0, commaIndex).trim();
}
return ip;
}
}
return request.getRemoteAddr();
}
}

93
app/proprietary/src/main/java/stirling/software/proprietary/security/matcher/ApiJobEndpointMatcher.java Normal file
View File

@ -0,0 +1,93 @@
package stirling.software.proprietary.security.matcher;
import java.lang.reflect.Method;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerExecutionChain;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.common.annotations.AutoJobPostMapping;
/**
* Shared matcher component to determine if a request should be subject to
* anonymous API access and rate limiting. This ensures consistent behavior
* between UserAuthenticationFilter and ApiRateLimitFilter.
*/
@Component
@RequiredArgsConstructor
@Slf4j
public class ApiJobEndpointMatcher {
private final RequestMappingHandlerMapping handlerMapping;
@Value("${api.rate-limit.exclude-settings:true}")
private boolean excludeSettings;
@Value("${api.rate-limit.exclude-actuator:true}")
private boolean excludeActuator;
/**
* Determines if a request matches the criteria for API job endpoints
* that should be rate-limited and allowed for anonymous access.
*
* @param request the HTTP request to check
* @return true if the request is a POST to an @AutoJobPostMapping endpoint
*/
public boolean matches(HttpServletRequest request) {
// Only POST requests are considered
if (!"POST".equalsIgnoreCase(request.getMethod())) {
return false;
}
String path = request.getRequestURI();
// Apply exclusion rules
if (excludeActuator && path != null && path.startsWith("/actuator")) {
return false;
}
if (excludeSettings && isSettingsEndpoint(path)) {
return false;
}
// Check if the handler method has @AutoJobPostMapping annotation
return hasAutoJobPostMapping(request);
}
private boolean hasAutoJobPostMapping(HttpServletRequest request) {
try {
HandlerExecutionChain chain = handlerMapping.getHandler(request);
if (chain == null) {
return false;
}
Object handler = chain.getHandler();
if (!(handler instanceof HandlerMethod handlerMethod)) {
return false;
}
Method method = handlerMethod.getMethod();
return method.isAnnotationPresent(AutoJobPostMapping.class);
} catch (Exception e) {
log.trace("Could not resolve handler for {}: {}", request.getRequestURI(), e.getMessage());
return false;
}
}
private boolean isSettingsEndpoint(String path) {
return path != null && (
path.contains("/settings") ||
path.contains("/update-enable-analytics") ||
path.contains("/config") ||
path.contains("/preferences")
);
}
}

366
app/proprietary/src/main/java/stirling/software/proprietary/service/ApiRateLimitService.java Normal file
View File

@ -0,0 +1,366 @@
package stirling.software.proprietary.service;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.YearMonth;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.common.model.enumeration.Role;
import stirling.software.proprietary.model.AnonymousApiUsage;
import stirling.software.proprietary.model.ApiRateLimitConfig;
import stirling.software.proprietary.model.ApiRateLimitUsage;
import stirling.software.proprietary.model.Organization;
import stirling.software.proprietary.repository.AnonymousApiUsageRepository;
import stirling.software.proprietary.repository.ApiRateLimitConfigRepository;
import stirling.software.proprietary.repository.ApiRateLimitUsageRepository;
import stirling.software.proprietary.security.model.User;
@Service
@RequiredArgsConstructor
@Slf4j
public class ApiRateLimitService {
private final ApiRateLimitConfigRepository configRepository;
private final ApiRateLimitUsageRepository usageRepository;
private final AnonymousApiUsageRepository anonymousUsageRepository;
@Value("${api.rate-limit.anonymous.enabled:true}")
private boolean anonymousRateLimitEnabled;
@Value("${api.rate-limit.anonymous.monthly-limit:10}")
private int anonymousMonthlyLimit;
@Value("${api.rate-limit.anonymous.abuse-threshold:3}")
private int abuseThreshold;
public record RateLimitStatus(
boolean allowed,
int currentUsage,
int monthlyLimit,
int remaining,
String scope,
String reason
) {}
public record UsageMetrics(
int currentUsage,
int monthlyLimit,
int remaining,
String scope,
YearMonth month,
boolean isPooled
) {}
// TODO: improve with Redis and async in future V2.1
@Transactional
public RateLimitStatus checkAndIncrementUsage(User user) {
if (user == null) {
return new RateLimitStatus(false, 0, 0, 0, "NONE", "No user provided");
}
Organization org = user.getOrganization();
String roleName = user.getUserRole().getRoleId();
YearMonth currentMonth = YearMonth.now(ZoneOffset.UTC);
String monthKey = currentMonth.toString();
Optional<ApiRateLimitConfig> configOpt = resolveEffectiveConfig(user, org, roleName);
if (configOpt.isEmpty()) {
log.warn("No rate limit config found for user: {}, org: {}, role: {}",
user.getUsername(), org != null ? org.getName() : "null", roleName);
return new RateLimitStatus(true, 0, Integer.MAX_VALUE, Integer.MAX_VALUE,
"UNLIMITED", "No rate limit configured");
}
ApiRateLimitConfig config = configOpt.get();
if (!config.getIsActive()) {
return new RateLimitStatus(true, 0, Integer.MAX_VALUE, Integer.MAX_VALUE,
"DISABLED", "Rate limiting disabled");
}
String scope = determineScope(config);
int monthlyLimit = config.getMonthlyLimit();
boolean success;
int currentUsage;
switch (config.getScopeType()) {
case USER -> {
success = usageRepository.upsertAndIncrementUserUsage(
user, monthKey, 1, monthlyLimit) > 0;
currentUsage = usageRepository.getUserUsageOrZero(user, currentMonth);
}
case ORGANIZATION -> {
if (org == null) {
return new RateLimitStatus(false, 0, 0, 0, scope,
"User has no organization but org-level limit is configured");
}
boolean pooled = Boolean.TRUE.equals(config.getIsPooled());
if (pooled) {
success = usageRepository.upsertAndIncrementOrgUsage(
org, monthKey, 1, monthlyLimit) > 0;
currentUsage = usageRepository.getOrgUsageOrZero(org, currentMonth);
scope = "ORG:" + org.getName() + " (pooled)";
} else {
// per-user limit defined by org policy
success = usageRepository.upsertAndIncrementUserUsage(
user, monthKey, 1, monthlyLimit) > 0;
currentUsage = usageRepository.getUserUsageOrZero(user, currentMonth);
scope = "ORG:" + org.getName() + " (per-user)";
}
}
case ROLE_DEFAULT -> {
success = usageRepository.upsertAndIncrementUserUsage(
user, monthKey, 1, monthlyLimit) > 0;
currentUsage = usageRepository.getUserUsageOrZero(user, currentMonth);
}
default -> {
log.error("Unknown scope type: {}", config.getScopeType());
return new RateLimitStatus(false, 0, 0, 0, scope, "Invalid configuration");
}
}
int remaining = Math.max(0, monthlyLimit - currentUsage);
if (!success) {
return new RateLimitStatus(false, currentUsage, monthlyLimit, 0, scope,
"Monthly limit exceeded");
}
return new RateLimitStatus(true, currentUsage, monthlyLimit, remaining, scope, "OK");
}
@Transactional(readOnly = true)
public UsageMetrics getUsageMetrics(User user) {
if (user == null) {
return new UsageMetrics(0, Integer.MAX_VALUE, Integer.MAX_VALUE,
"NONE", YearMonth.now(ZoneOffset.UTC), false);
}
Organization org = user.getOrganization();
String roleName = user.getUserRole().getRoleId();
YearMonth currentMonth = YearMonth.now(ZoneOffset.UTC);
Optional<ApiRateLimitConfig> configOpt = resolveEffectiveConfig(user, org, roleName);
if (configOpt.isEmpty() || !configOpt.get().getIsActive()) {
return new UsageMetrics(0, Integer.MAX_VALUE, Integer.MAX_VALUE,
"UNLIMITED", currentMonth, false);
}
ApiRateLimitConfig config = configOpt.get();
String scope = determineScope(config);
int monthlyLimit = config.getMonthlyLimit();
boolean isPooled = Boolean.TRUE.equals(config.getIsPooled());
int currentUsage = switch (config.getScopeType()) {
case USER, ROLE_DEFAULT -> usageRepository.getUserUsageOrZero(user, currentMonth);
case ORGANIZATION -> {
if (org != null && isPooled) {
yield usageRepository.getOrgUsageOrZero(org, currentMonth);
} else if (org != null) {
yield usageRepository.getUserUsageOrZero(user, currentMonth);
} else {
yield 0;
}
}
};
int remaining = Math.max(0, monthlyLimit - currentUsage);
return new UsageMetrics(currentUsage, monthlyLimit, remaining, scope, currentMonth, isPooled);
}
@Transactional
public ApiRateLimitConfig createOrUpdateUserLimit(User user, int monthlyLimit) {
ApiRateLimitConfig config = configRepository.findByUserAndIsActiveTrue(user)
.orElse(ApiRateLimitConfig.builder()
.scopeType(ApiRateLimitConfig.ScopeType.USER)
.user(user)
.build());
config.setMonthlyLimit(monthlyLimit);
config.setIsActive(true);
config.setIsPooled(false);
return configRepository.save(config);
}
@Transactional
public ApiRateLimitConfig createOrUpdateOrgLimit(Organization org, int monthlyLimit, boolean isPooled) {
ApiRateLimitConfig config = configRepository.findByOrganizationAndIsActiveTrue(org)
.orElse(ApiRateLimitConfig.builder()
.scopeType(ApiRateLimitConfig.ScopeType.ORGANIZATION)
.organization(org)
.build());
config.setMonthlyLimit(monthlyLimit);
config.setIsActive(true);
config.setIsPooled(isPooled);
return configRepository.save(config);
}
@Transactional
public ApiRateLimitConfig createOrUpdateRoleDefault(String roleName, int monthlyLimit) {
ApiRateLimitConfig config = configRepository.findDefaultForRole(roleName)
.orElse(ApiRateLimitConfig.builder()
.scopeType(ApiRateLimitConfig.ScopeType.ROLE_DEFAULT)
.roleName(roleName)
.build());
config.setMonthlyLimit(monthlyLimit);
config.setIsActive(true);
config.setIsPooled(false);
return configRepository.save(config);
}
private String determineScope(ApiRateLimitConfig config) {
return switch (config.getScopeType()) {
case USER -> "USER:" + config.getUser().getUsername();
case ORGANIZATION -> "ORG:" + config.getOrganization().getName() +
(Boolean.TRUE.equals(config.getIsPooled()) ? " (pooled)" : "");
case ROLE_DEFAULT -> "ROLE:" + config.getRoleName();
};
}
@Transactional
public RateLimitStatus checkAndIncrementAnonymousUsage(String ipAddress, String userAgent) {
if (!anonymousRateLimitEnabled) {
return new RateLimitStatus(true, 0, Integer.MAX_VALUE, Integer.MAX_VALUE,
"ANONYMOUS_DISABLED", "Anonymous rate limiting disabled");
}
YearMonth currentMonth = YearMonth.now(ZoneOffset.UTC);
String fingerprint = generateFingerprint(ipAddress, userAgent);
// Check for abuse patterns
if (detectAbuse(fingerprint, ipAddress, currentMonth)) {
log.warn("Abuse detected for anonymous user - IP: {}, Fingerprint: {}", ipAddress, fingerprint);
return new RateLimitStatus(false, 0, 0, 0, "ANONYMOUS_BLOCKED",
"Access blocked due to suspicious activity");
}
// Atomic upsert and increment operation that returns the new count
Integer newCount = anonymousUsageRepository.upsertAndIncrementReturningCount(
fingerprint, currentMonth.toString(), ipAddress, userAgent, anonymousMonthlyLimit);
if (newCount == null) {
// Limit exceeded (WHERE clause prevented update)
return new RateLimitStatus(false, anonymousMonthlyLimit, anonymousMonthlyLimit, 0,
"ANONYMOUS", "Monthly limit exceeded for anonymous access");
}
int remaining = Math.max(0, anonymousMonthlyLimit - newCount);
return new RateLimitStatus(true, newCount, anonymousMonthlyLimit, remaining,
"ANONYMOUS", "OK");
}
private boolean detectAbuse(String fingerprint, String ipAddress, YearMonth month) {
// Check if fingerprint is already blocked
Optional<AnonymousApiUsage> blockedUsage = anonymousUsageRepository
.findByFingerprintAndMonth(fingerprint, month);
if (blockedUsage.isPresent() && Boolean.TRUE.equals(blockedUsage.get().getIsBlocked())) {
return true;
}
// Check for multiple fingerprints from same IP (credential changing)
Long distinctFingerprints = anonymousUsageRepository
.countDistinctFingerprintsForIp(ipAddress, month);
if (distinctFingerprints > abuseThreshold) {
// Block all fingerprints associated with this IP
List<AnonymousApiUsage> ipUsages = anonymousUsageRepository
.findByIpAddressAndMonth(ipAddress, month);
for (AnonymousApiUsage ipUsage : ipUsages) {
ipUsage.setIsBlocked(true);
ipUsage.setAbuseScore(ipUsage.getAbuseScore() + 10);
// Link fingerprints as related
ipUsage.getRelatedFingerprints().add(fingerprint);
}
anonymousUsageRepository.saveAll(ipUsages);
return true;
}
// Check total usage across all fingerprints for this IP
Integer totalIpUsage = anonymousUsageRepository
.getTotalUsageByIpAndMonth(ipAddress, month);
if (totalIpUsage > anonymousMonthlyLimit * 2) {
// Excessive usage from single IP
return true;
}
return false;
}
private String generateFingerprint(String ipAddress, String userAgent) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
String data = ipAddress + "|" + (userAgent != null ? userAgent : "unknown");
byte[] hash = md.digest(data.getBytes());
return Base64.getEncoder().encodeToString(hash);
} catch (NoSuchAlgorithmException e) {
log.error("Failed to generate fingerprint", e);
return ipAddress; // Fallback to IP
}
}
public int getAnonymousMonthlyLimit() {
return anonymousMonthlyLimit;
}
public UsageMetrics getAnonymousUsageMetrics(String ipAddress, String userAgent) {
if (!anonymousRateLimitEnabled) {
return new UsageMetrics(0, Integer.MAX_VALUE, Integer.MAX_VALUE,
"ANONYMOUS_DISABLED", YearMonth.now(ZoneOffset.UTC), false);
}
YearMonth currentMonth = YearMonth.now(ZoneOffset.UTC);
String fingerprint = generateFingerprint(ipAddress, userAgent);
Optional<AnonymousApiUsage> usageOpt = anonymousUsageRepository
.findByFingerprintAndMonth(fingerprint, currentMonth);
if (usageOpt.isEmpty()) {
return new UsageMetrics(0, anonymousMonthlyLimit, anonymousMonthlyLimit,
"ANONYMOUS", currentMonth, false);
}
AnonymousApiUsage usage = usageOpt.get();
int remaining = Math.max(0, anonymousMonthlyLimit - usage.getUsageCount());
return new UsageMetrics(usage.getUsageCount(), anonymousMonthlyLimit, remaining,
"ANONYMOUS", currentMonth, false);
}
private Optional<ApiRateLimitConfig> resolveEffectiveConfig(User user, Organization org, String roleName) {
// Priority: User > Organization > Role
Optional<ApiRateLimitConfig> userConfig = configRepository.findByUserAndIsActiveTrue(user);
if (userConfig.isPresent()) {
return userConfig;
}
if (org != null) {
Optional<ApiRateLimitConfig> orgConfig = configRepository.findByOrganizationAndIsActiveTrue(org);
if (orgConfig.isPresent()) {
return orgConfig;
}
}
return configRepository.findByScopeTypeAndRoleNameAndIsActiveTrue(
ApiRateLimitConfig.ScopeType.ROLE_DEFAULT, roleName);
}
}