Make rate-limit optional [AI-assisted]
Enabled by default for kustvakt.conf and kustvakt-test.conf
The RateLimitFilter is now registered as a @Provider and has been
removed from @ResourceFilters.
Change-Id: I281e42614c2bb58cb84766969e6b3cae1f89c172
diff --git a/src/main/java/de/ids_mannheim/korap/core/web/controller/SearchController.java b/src/main/java/de/ids_mannheim/korap/core/web/controller/SearchController.java
index 4692cd8..37fff2d 100644
--- a/src/main/java/de/ids_mannheim/korap/core/web/controller/SearchController.java
+++ b/src/main/java/de/ids_mannheim/korap/core/web/controller/SearchController.java
@@ -28,7 +28,6 @@
import de.ids_mannheim.korap.web.filter.APIDeprecationFilter;
import de.ids_mannheim.korap.web.filter.APIVersionFilter;
import de.ids_mannheim.korap.web.filter.AdminFilter;
-import de.ids_mannheim.korap.web.filter.RateLimitFilter;
import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
import de.ids_mannheim.korap.web.filter.DemoUserFilter;
import de.ids_mannheim.korap.web.utils.ResourceFilters;
@@ -59,7 +58,7 @@
@Controller
@Path("/")
@ResourceFilters({ APIVersionFilter.class, AuthenticationFilter.class,
- DemoUserFilter.class, RateLimitFilter.class })
+ DemoUserFilter.class })
public class SearchController {
private static final boolean DEBUG = false;
diff --git a/src/main/java/de/ids_mannheim/korap/web/filter/RateLimitFilter.java b/src/main/java/de/ids_mannheim/korap/web/filter/RateLimitFilter.java
index 7a09360..fed616d 100644
--- a/src/main/java/de/ids_mannheim/korap/web/filter/RateLimitFilter.java
+++ b/src/main/java/de/ids_mannheim/korap/web/filter/RateLimitFilter.java
@@ -23,6 +23,7 @@
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.ext.Provider;
import lombok.Getter;
/**
@@ -34,6 +35,7 @@
*
* Implemented with AI assistance
*/
+@Provider
@Component
@Priority(Priorities.AUTHORIZATION)
public class RateLimitFilter implements ContainerRequestFilter {
@@ -45,6 +47,7 @@
private KustvaktConfiguration config;
// Rate limiting configuration (loaded from kustvakt.conf)
+ private boolean enabled;
private long refillTokens;
private Duration refillPeriod;
@Getter
@@ -67,6 +70,14 @@
}
// Load rate limiting settings from kustvakt.conf with sensible defaults
+ String enabledStr = props.getProperty("ratelimit.enabled", "true");
+ this.enabled = Boolean.parseBoolean(enabledStr);
+
+ if (!enabled) {
+ jlog.info("Rate limiting is disabled (ratelimit.enabled=false)");
+ return;
+ }
+
String refillTokensStr = props.getProperty("ratelimit.refill.tokens", "60");
this.refillTokens = Long.parseLong(refillTokensStr);
@@ -91,6 +102,7 @@
}
private void setDefaultValues() {
+ this.enabled = true;
this.refillTokens = 60;
this.refillPeriod = Duration.ofMinutes(1);
this.burstCapacity = 60;
@@ -102,6 +114,9 @@
@Override
public void filter (ContainerRequestContext request) {
+ if (!enabled) {
+ return;
+ }
// Only apply to authenticated requests
if (request.getSecurityContext() == null
|| request.getSecurityContext().getUserPrincipal() == null) {
@@ -156,6 +171,18 @@
jlog.info("Rate limit buckets cleared");
}
+ /**
+ * Enable or disable rate limiting at runtime. For testing purposes only.
+ */
+ public void setEnabled (boolean enabled) {
+ this.enabled = enabled;
+ jlog.info("Rate limiting enabled set to: {}", enabled);
+ }
+
+ public boolean isEnabled () {
+ return enabled;
+ }
+
private void cleanupOldEntries (long nowMillis) {
final long cutoff = nowMillis - bucketTTL.toMillis();
buckets.entrySet().removeIf(e -> e.getValue().lastSeenAtMillis < cutoff);
diff --git a/src/main/resources/kustvakt.conf b/src/main/resources/kustvakt.conf
index 8bd0ff9..497efd4 100644
--- a/src/main/resources/kustvakt.conf
+++ b/src/main/resources/kustvakt.conf
@@ -62,6 +62,8 @@
# Rate limiting for authenticated users
#
+# Enable or disable rate limiting (true/false)
+ratelimit.enabled = true
# Number of requests allowed per time period
ratelimit.refill.tokens = 60
# Time period for token refill (format: 1S, 30M, 1H, 1D)