Compare commits
6 Commits
fe6e7783f7
...
ece8f377cc
| Author | SHA1 | Date |
|---|---|---|
dependabot[bot]
|
ece8f377cc | |
Anthony Stirling
|
7c0c33ca63 | |
|
Anthony Stirling
|
be5d5fdf04 | |
brucengumetro
|
a04dc605df | |
pixeebot[bot]
|
503acc9408 | |
|
dependabot[bot]
|
b7d95fd4c0 |
|
|
@ -271,7 +271,7 @@ For those wanting to use Stirling-PDFs backend API to link with their own custom
|
|||
### Prerequisites:
|
||||
|
||||
- User must have the folder ./configs volumed within docker so that it is retained during updates.
|
||||
- Docker uses must download the security jar version by setting ``DOCKER_ENABLE_SECURITY`` to ``true`` in environment variables.
|
||||
- Docker users must download the security jar version by setting ``DOCKER_ENABLE_SECURITY`` to ``true`` in environment variables.
|
||||
- Then either enable login via the settings.yml file or via setting ``SECURITY_ENABLE_LOGIN`` to ``true``
|
||||
- Now the initial user will be generated with username ``admin`` and password ``stirling``. On login you will be forced to change the password to a new one. You can also use the environment variables ``SECURITY_INITIALLOGIN_USERNAME`` and ``SECURITY_INITIALLOGIN_PASSWORD`` to set your own straight away (Recommended to remove them after user creation).
|
||||
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ dependencies {
|
|||
}
|
||||
|
||||
implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
|
||||
implementation 'org.bouncycastle:bcpkix-jdk18on:1.77'
|
||||
implementation 'org.bouncycastle:bcpkix-jdk18on:1.78.1'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-actuator:3.2.4'
|
||||
implementation 'io.micrometer:micrometer-core:1.12.4'
|
||||
implementation group: 'com.google.zxing', name: 'core', version: '3.5.3'
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package stirling.software.SPDF.config.security;
|
||||
|
||||
import io.github.pixee.security.Newlines;
|
||||
import java.io.IOException;
|
||||
import java.time.Duration;
|
||||
import java.util.Map;
|
||||
|
|
@ -125,12 +126,12 @@ public class UserBasedRateLimitingFilter extends OncePerRequestFilter {
|
|||
ConsumptionProbe probe = userBucket.tryConsumeAndReturnRemaining(1);
|
||||
|
||||
if (probe.isConsumed()) {
|
||||
response.setHeader("X-Rate-Limit-Remaining", Long.toString(probe.getRemainingTokens()));
|
||||
response.setHeader("X-Rate-Limit-Remaining", Newlines.stripAll(Long.toString(probe.getRemainingTokens())));
|
||||
filterChain.doFilter(request, response);
|
||||
} else {
|
||||
long waitForRefill = probe.getNanosToWaitForRefill() / 1_000_000_000;
|
||||
response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
|
||||
response.setHeader("X-Rate-Limit-Retry-After-Seconds", String.valueOf(waitForRefill));
|
||||
response.setHeader("X-Rate-Limit-Retry-After-Seconds", Newlines.stripAll(String.valueOf(waitForRefill)));
|
||||
response.getWriter().write("Rate limit exceeded for POST requests.");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue