diff --git a/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/RateLimitingFilter.java b/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/RateLimitingFilter.java index 2afdf488..5b73a66e 100644 --- a/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/RateLimitingFilter.java +++ b/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/RateLimitingFilter.java @@ -13,20 +13,21 @@ import java.io.IOException; import java.time.Duration; +import static java.time.Duration.ofSeconds; + @Component public class RateLimitingFilter extends OncePerRequestFilter { private final Bucket bucket = Bucket.builder() - .addLimit(Bandwidth.classic(60, Refill.greedy(60, Duration.ofMinutes(1)))) // 10 requests per minute + .addLimit(limit -> limit.capacity(60).refillGreedy(60, Duration.ofMinutes(1))) .build(); - @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (bucket.tryConsume(1)) { filterChain.doFilter(request, response); } else { - response.setStatus(429); // HTTP 429 Too Many Requests + response.setStatus(429); // HTTP 429 TOO_MANY_REQUESTS response.getWriter().write("Too many requests. Please try again later."); } diff --git a/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/SecurityConfig.java b/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/SecurityConfig.java index a279ab9e..cc3208c4 100644 --- a/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/SecurityConfig.java +++ b/backend/src/main/java/com/kurttekin/can/job_track/infrastructure/security/config/SecurityConfig.java @@ -50,10 +50,12 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, RateLimitingFi ).permitAll() .anyRequest().authenticated() ); - // Add Rate Limitin Filter + + // Add Rate Limiting Filter http.addFilterBefore(rateLimitingFilter, UsernamePasswordAuthenticationFilter.class); // Add JWT token filter http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); + return http.build(); }