-
Notifications
You must be signed in to change notification settings - Fork 153
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added the client Id white list (#7143)
* Added the client Id white list * init the white list just once --------- Co-authored-by: Angel Montenegro <[email protected]>
- Loading branch information
1 parent
4db3112
commit 06f5e9f
Showing
1 changed file
with
25 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,7 @@ | |
|
||
import javax.annotation.Resource; | ||
import javax.servlet.FilterChain; | ||
import javax.servlet.FilterConfig; | ||
import javax.servlet.ServletException; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
|
@@ -96,18 +97,31 @@ public class ApiRateLimitFilter extends OncePerRequestFilter { | |
@Value("${org.orcid.persistence.panoply.papiExceededRate.production:false}") | ||
private boolean enablePanoplyPapiExceededRateInProduction; | ||
|
||
@Value("${org.orcid.papi.rate.limit.ip.whiteSpaceSeparatedWhiteList:127.0.0.1}") | ||
@Value("${org.orcid.papi.rate.limit.ip.whiteSpaceSeparatedWhiteList:192.168.65.1 127.0.0.1}") | ||
private String papiWhiteSpaceSeparatedWhiteList; | ||
|
||
@Value("${org.orcid.papi.rate.limit.clientId.whiteSpaceSeparatedWhiteList}") | ||
private String papiClientIdWhiteSpaceSeparatedWhiteList; | ||
|
||
private List<String> papiIpWhiteList; | ||
private List<String> papiClientIdWhiteList; | ||
|
||
private static final String TOO_MANY_REQUESTS_MSG = "Too Many Requests - You have exceeded the daily allowance of API calls.\\n" | ||
+ "You can increase your daily quota by registering for and using Public API client credentials " | ||
+ "(https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/ )"; | ||
|
||
private static final String SUBJECT = "[ORCID] You have exceeded the daily Public API Usage Limit - "; | ||
|
||
@Value("${org.orcid.papi.rate.limit.fromEmail:[email protected]}") | ||
private String FROM_ADDRESS; | ||
|
||
@Override | ||
public void afterPropertiesSet() throws ServletException { | ||
super.afterPropertiesSet(); | ||
papiIpWhiteList = StringUtils.isNotBlank(papiWhiteSpaceSeparatedWhiteList) ? Arrays.asList(papiWhiteSpaceSeparatedWhiteList.split("\\s")) : null; | ||
papiClientIdWhiteList = StringUtils.isNotBlank(papiClientIdWhiteSpaceSeparatedWhiteList) ? Arrays.asList(papiClientIdWhiteSpaceSeparatedWhiteList.split("\\s")) : null; | ||
} | ||
|
||
@Override | ||
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) | ||
throws ServletException, IOException { | ||
|
@@ -137,8 +151,10 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl | |
} | ||
|
||
} else { | ||
LOG.info("ApiRateLimitFilter client request with clientId: " + clientId); | ||
this.rateLimitClientRequest(clientId, today); | ||
if (!isClientIdWhiteListed(clientId)) { | ||
LOG.info("ApiRateLimitFilter client request with clientId: " + clientId); | ||
this.rateLimitClientRequest(clientId, today); | ||
} | ||
} | ||
} catch (Exception ex) { | ||
LOG.error("Papi Limiting Filter unexpected error, ignore and chain request.", ex); | ||
|
@@ -269,8 +285,7 @@ private void setPapiRateExceededItemInPanoply(PanoplyPapiDailyRateExceededItem i | |
}); | ||
} | ||
|
||
// gets actual client IP address, using the headers that the proxy server | ||
// ads | ||
// gets actual client IP address, using the headers that the proxy server adds | ||
private String getClientIpAddress(HttpServletRequest request) { | ||
String ipAddress = request.getHeader("X-FORWARDED-FOR"); | ||
if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { | ||
|
@@ -286,16 +301,11 @@ private String getClientIpAddress(HttpServletRequest request) { | |
} | ||
|
||
private boolean isWhiteListed(String ipAddress) { | ||
List<String> papiIpWhiteList = null; | ||
if (StringUtils.isNotBlank(papiWhiteSpaceSeparatedWhiteList)) { | ||
papiIpWhiteList = Arrays.asList(papiWhiteSpaceSeparatedWhiteList.split("\\s")); | ||
} | ||
|
||
if (papiIpWhiteList != null) { | ||
return papiIpWhiteList.contains(ipAddress); | ||
return (papiIpWhiteList != null)?papiIpWhiteList.contains(ipAddress): false; | ||
} | ||
|
||
} | ||
return false; | ||
private boolean isClientIdWhiteListed(String clientId) { | ||
return (papiClientIdWhiteList != null)?papiClientIdWhiteList.contains(clientId):false; | ||
} | ||
|
||
} |