Customize rate limit settings in kustvakt.conf
[AI assisted]
Change-Id: I5907dbd839151b00bab2dfea9dedc3d5ffb11765
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java
index e60d278..7c74082 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java
@@ -2,7 +2,9 @@
import static org.junit.jupiter.api.Assertions.assertEquals;
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
@@ -13,12 +15,23 @@
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
-/**
+/**
* Verifies authenticated rate limiting (HTTP 429) is applied after
* auth.
+ *
+ * Implemented with AI assistance
*/
public class RateLimitTest extends OAuth2TestBase {
+ @Autowired
+ private RateLimitFilter rateLimitFilter;
+ @BeforeEach
+ public void clearRateLimitState() {
+ // Clear rate limit state before each test
+ if (rateLimitFilter != null) {
+ rateLimitFilter.clearBuckets();
+ }
+ }
@Test
public void testAuthenticatedRateLimitBearerToken ()
throws KustvaktException {
@@ -27,7 +40,7 @@
JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
String accessToken = node.at("/access_token").asText();
- for (long i = 0; i < RateLimitFilter.BURST_CAPACITY; i++) {
+ for (long i = 0; i < rateLimitFilter.getBurstCapacity(); i++) {
Response r = searchWithAccessToken(accessToken);
assertEquals(Status.OK.getStatusCode(), r.getStatus(),
"request " + i);
diff --git a/src/test/java/de/ids_mannheim/korap/web/lite/RateLimitAnonymousTest.java b/src/test/java/de/ids_mannheim/korap/web/lite/RateLimitAnonymousTest.java
index f78c269..0465dba 100644
--- a/src/test/java/de/ids_mannheim/korap/web/lite/RateLimitAnonymousTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/lite/RateLimitAnonymousTest.java
@@ -8,8 +8,10 @@
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
-/**
+/**
* Verifies unauthenticated requests are not rate-limited.
+ *
+ * Implemented with AI assistance
*/
public class RateLimitAnonymousTest extends LiteJerseyTest {
diff --git a/src/test/resources/kustvakt-test.conf b/src/test/resources/kustvakt-test.conf
index efd9e29..bb8997d 100644
--- a/src/test/resources/kustvakt-test.conf
+++ b/src/test/resources/kustvakt-test.conf
@@ -61,6 +61,18 @@
# availability.regex.all = QAO.*
availability.regex.all = QAO-NC-LOC:ids.*
+# Rate limiting for authenticated users
+#
+# Number of requests allowed per time period
+ratelimit.refill.tokens = 5
+# Time period for token refill (format: 1S, 30M, 1H, 1D)
+ratelimit.refill.period = 1M
+# Maximum burst capacity (tokens that can be consumed immediately)
+ratelimit.burst.capacity = 5
+# Maximum number of rate limit buckets to keep in memory
+ratelimit.max.buckets = 10000
+# Time to live for unused rate limit buckets
+ratelimit.bucket.ttl = 6H
# options referring to the security module!