From c383f8094a35b26b8c1aff83d4710090bec94edf Mon Sep 17 00:00:00 2001
From: Camelia Dumitru <c.dumitru@orcid.org>
Date: Thu, 7 Nov 2024 19:40:38 +0000
Subject: [PATCH] Exception catching for papi limit filter

---
 .../orcid/api/filters/ApiRateLimitFilter.java | 51 ++++++++++---------
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
index e2f9aae1dd..5967c94e54 100644
--- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
+++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -80,7 +80,7 @@ public class ApiRateLimitFilter extends OncePerRequestFilter {
 
     @Autowired
     private OrcidTokenStore orcidTokenStore;
-    
+
     @Autowired
     private MessageSource messageSource;
 
@@ -95,9 +95,9 @@ public class ApiRateLimitFilter extends OncePerRequestFilter {
 
     @Value("${org.orcid.persistence.panoply.papiExceededRate.production:false}")
     private boolean enablePanoplyPapiExceededRateInProduction;
-    
+
     @Value("${org.orcid.papi.rate.limit.ip.whiteSpaceSeparatedWhiteList:127.0.0.1}")
-    private  String papiWhiteSpaceSeparatedWhiteList;
+    private String papiWhiteSpaceSeparatedWhiteList;
 
     private static final String TOO_MANY_REQUESTS_MSG = "Too Many Requests - You have exceeded the daily allowance of API calls.\\n"
             + "You can increase your daily quota by registering for and using Public API client credentials "
@@ -127,20 +127,22 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl
             }
             boolean isAnonymous = (clientId == null);
             LocalDate today = LocalDate.now();
+            try {
+                if (isAnonymous) {
+                    if (!isWhiteListed(ipAddress)) {
+                        LOG.info("ApiRateLimitFilter anonymous request for ip: " + ipAddress);
+                        this.rateLimitAnonymousRequest(ipAddress, today, httpServletResponse);
+                    }
 
-            if (isAnonymous ) {
-                if(!isWhiteListed(ipAddress)) {
-                    LOG.info("ApiRateLimitFilter anonymous request for ip: " + ipAddress);
-                    this.rateLimitAnonymousRequest(ipAddress, today, httpServletResponse);
+                } else {
+                    LOG.info("ApiRateLimitFilter client request with clientId: " + clientId);
+                    this.rateLimitClientRequest(clientId, today);
                 }
-
-            } else {
-                LOG.info("ApiRateLimitFilter client request with clientId: " + clientId);
-                this.rateLimitClientRequest(clientId, today);
+            } catch (Exception ex) {
+                LOG.error("Papi Limiting Filter unexpected error, ignore and chain request.", ex);
             }
-
-            filterChain.doFilter(httpServletRequest, httpServletResponse);
         }
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
     }
 
     private void rateLimitAnonymousRequest(String ipAddress, LocalDate today, HttpServletResponse httpServletResponse) throws IOException {
@@ -243,7 +245,7 @@ private void sendEmail(String clientId, LocalDate requestDate) {
         // Send the email
         boolean mailSent = mailGunManager.sendEmail(FROM_ADDRESS, email, SUBJECT, body, html);
         if (!mailSent) {
-            throw new RuntimeException("Failed to send email for papi limits, orcid=" + profile.getId());
+            LOG.error("Failed to send email for papi limits, orcid=" + profile.getId());
         }
     }
 
@@ -264,33 +266,34 @@ private void setPapiRateExceededItemInPanoply(PanoplyPapiDailyRateExceededItem i
 
         });
     }
-    
-    //gets actual client IP address, using the  headers that the proxy server ads
+
+    // gets actual client IP address, using the headers that the proxy server
+    // ads
     private String getClientIpAddress(HttpServletRequest request) {
         String ipAddress = request.getHeader("X-FORWARDED-FOR");
         if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) {
             ipAddress = request.getHeader("X-REAL-IP");
         }
         if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) {
-            ipAddress = request.getRemoteAddr();  
+            ipAddress = request.getRemoteAddr();
         }
         if (ipAddress != null && ipAddress.contains(",")) {
             ipAddress = ipAddress.split(",")[0].trim();
         }
         return ipAddress;
-    } 
-    
+    }
+
     private boolean isWhiteListed(String ipAddress) {
         List<String> papiIpWhiteList = null;
-        if(StringUtils.isNotBlank(papiWhiteSpaceSeparatedWhiteList)) {
+        if (StringUtils.isNotBlank(papiWhiteSpaceSeparatedWhiteList)) {
             papiIpWhiteList = Arrays.asList(papiWhiteSpaceSeparatedWhiteList.split("\\s"));
         }
-       
-        if(papiIpWhiteList != null) {
+
+        if (papiIpWhiteList != null) {
             return papiIpWhiteList.contains(ipAddress);
-            
+
         }
-        return false;   
+        return false;
     }
 
 }