From 6236766ed9b90a96d5cac4e925321cd31ac6ceb2 Mon Sep 17 00:00:00 2001
From: Camelia Dumitru <c.dumitru@orcid.org>
Date: Thu, 21 Nov 2024 13:28:06 +0000
Subject: [PATCH] init the white list just once

---
 .../orcid/api/filters/ApiRateLimitFilter.java | 44 ++++++++-----------
 1 file changed, 18 insertions(+), 26 deletions(-)

diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
index 28fc37b78f..c4a4dc049f 100644
--- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
+++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -11,6 +11,7 @@
 
 import javax.annotation.Resource;
 import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -96,21 +97,31 @@ public class ApiRateLimitFilter extends OncePerRequestFilter {
     @Value("${org.orcid.persistence.panoply.papiExceededRate.production:false}")
     private boolean enablePanoplyPapiExceededRateInProduction;
 
-    @Value("${org.orcid.papi.rate.limit.ip.whiteSpaceSeparatedWhiteList:127.0.0.1}")
+    @Value("${org.orcid.papi.rate.limit.ip.whiteSpaceSeparatedWhiteList:192.168.65.1 127.0.0.1}")
     private String papiWhiteSpaceSeparatedWhiteList;
-    
+
     @Value("${org.orcid.papi.rate.limit.clientId.whiteSpaceSeparatedWhiteList}")
     private String papiClientIdWhiteSpaceSeparatedWhiteList;
 
+    private List<String> papiIpWhiteList;
+    private List<String> papiClientIdWhiteList;
+
     private static final String TOO_MANY_REQUESTS_MSG = "Too Many Requests - You have exceeded the daily allowance of API calls.\\n"
             + "You can increase your daily quota by registering for and using Public API client credentials "
             + "(https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/ )";
 
     private static final String SUBJECT = "[ORCID] You have exceeded the daily Public API Usage Limit - ";
-    
+
     @Value("${org.orcid.papi.rate.limit.fromEmail:notify@notify.orcid.org}")
     private String FROM_ADDRESS;
 
+    @Override
+    public void afterPropertiesSet() throws ServletException {
+        super.afterPropertiesSet();
+        papiIpWhiteList = StringUtils.isNotBlank(papiWhiteSpaceSeparatedWhiteList) ? Arrays.asList(papiWhiteSpaceSeparatedWhiteList.split("\\s")) : null;
+        papiClientIdWhiteList = StringUtils.isNotBlank(papiClientIdWhiteSpaceSeparatedWhiteList) ? Arrays.asList(papiClientIdWhiteSpaceSeparatedWhiteList.split("\\s")) : null;
+    }
+
     @Override
     protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain)
             throws ServletException, IOException {
@@ -274,8 +285,7 @@ private void setPapiRateExceededItemInPanoply(PanoplyPapiDailyRateExceededItem i
         });
     }
 
-    // gets actual client IP address, using the headers that the proxy server
-    // ads
+    // gets actual client IP address, using the headers that the proxy server adds
     private String getClientIpAddress(HttpServletRequest request) {
         String ipAddress = request.getHeader("X-FORWARDED-FOR");
         if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) {
@@ -291,29 +301,11 @@ private String getClientIpAddress(HttpServletRequest request) {
     }
 
     private boolean isWhiteListed(String ipAddress) {
-        List<String> papiIpWhiteList = null;
-        if (StringUtils.isNotBlank(papiWhiteSpaceSeparatedWhiteList)) {
-            papiIpWhiteList = Arrays.asList(papiWhiteSpaceSeparatedWhiteList.split("\\s"));
-        }
-
-        if (papiIpWhiteList != null) {
-            return papiIpWhiteList.contains(ipAddress);
-
-        }
-        return false;
+        return (papiIpWhiteList != null)?papiIpWhiteList.contains(ipAddress): false;
     }
-    
-    private boolean isClientIdWhiteListed(String clientId) {
-        List<String> papiClientIdWhiteList = null;
-        if (StringUtils.isNotBlank(papiClientIdWhiteSpaceSeparatedWhiteList)) {
-            papiClientIdWhiteList = Arrays.asList(papiWhiteSpaceSeparatedWhiteList.split("\\s"));
-        }
 
-        if (papiClientIdWhiteList != null) {
-            return papiClientIdWhiteList.contains(clientId);
-
-        }
-        return false;
+    private boolean isClientIdWhiteListed(String clientId) {
+        return (papiClientIdWhiteList != null)?papiClientIdWhiteList.contains(clientId):false;
     }
 
 }