Delete network before building + Prevent increase too many requests

axonivy-market · Dec 27, 2024 · 5db7f07 · 5db7f07
1 parent 63b8b15
commit 5db7f07
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 0 deletions.
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -44,6 +44,9 @@ jobs:
           rm -rf ./marketplace-service/*
           rm -rf ./publish/*
           rm -rf ./config/*
+      - name: Delete old network
+        run: |
+          docker network rm marketplace-network
 
   build-and-deploy:
     name: Build and bring up docker containers
@@ -112,6 +115,10 @@ jobs:
           xml ed -L -u "//_:project/_:version" -v "${{ inputs.release_version }}" $POM_FILE
           sed -i 's/"version": "[^"]*"/"version": "${{ inputs.release_version }}"/' $PACKAGE_FILE
 
+      - name: Create new network
+        run: |
+          docker network create -d bridge marketplace-network
+
       - name: Build and bring up containers without cache
         working-directory: ${{ env.BASE_WORKING_DIR }}/publish
         run: |

diff --git a/marketplace-service/pom.xml b/marketplace-service/pom.xml
@@ -81,6 +81,12 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-validation</artifactId>
     </dependency>
+      <!-- https://mvnrepository.com/artifact/com.bucket4j/bucket4j-core -->
+      <dependency>
+          <groupId>com.bucket4j</groupId>
+          <artifactId>bucket4j-core</artifactId>
+          <version>8.7.0</version>
+      </dependency>
   </dependencies>
 
   <build>

diff --git a/marketplace-service/src/main/java/com/axonivy/market/config/RateLimitFilter.java b/marketplace-service/src/main/java/com/axonivy/market/config/RateLimitFilter.java
@@ -0,0 +1,61 @@
+package com.axonivy.market.config;
+
+import io.github.bucket4j.Bandwidth;
+import io.github.bucket4j.Bucket;
+import io.github.bucket4j.Refill;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.time.Duration;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+@Component
+public class RateLimitFilter extends OncePerRequestFilter {
+  private static final String REQUEST_PATH = "/api";
+  @Value("${market.allowed.download-capacity}")
+  private int capacity;
+  private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();
+
+  @Override
+  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+      throws ServletException, IOException {
+
+    String clientIp = getClientIp(request);
+    String apiPath = request.getRequestURI();
+
+    if (apiPath.contains(REQUEST_PATH)) {
+      Bucket bucket = buckets.computeIfAbsent(clientIp, this::createNewBucket);
+
+      if (bucket.tryConsume(1)) {
+        System.out.println("Request allowed for IP: " + clientIp + ". Remaining tokens: " + bucket.getAvailableTokens());
+        filterChain.doFilter(request, response);
+      } else {
+        System.out.println("Too many requests from IP: " + clientIp);
+        response.setStatus(HttpServletResponse.SC_BAD_GATEWAY);
+        response.getWriter().write("Too many requests. Please try again later.");
+      }
+    } else {
+      filterChain.doFilter(request, response);
+    }
+  }
+
+  private Bucket createNewBucket(String clientIp) {
+    Bandwidth limit = Bandwidth.classic(capacity, Refill.greedy(10, Duration.ofMinutes(2)));
+    return Bucket.builder().addLimit(limit).build();
+  }
+
+  private String getClientIp(HttpServletRequest request) {
+    String forwardedFor = request.getHeader("X-Forwarded-For");
+    if (forwardedFor != null && !forwardedFor.isEmpty()) {
+      return forwardedFor.split(",")[0];
+    }
+    return request.getRemoteAddr();
+  }
+}