changes pipeline

src/main/java/stirling/software/SPDF/config/security/IPRateLimitingFilter.java

@@ -0,0 +1,70 @@
+package stirling.software.SPDF.config.security;
+import java.io.IOException;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+
+public class IPRateLimitingFilter implements Filter {
+
+    private final ConcurrentHashMap<String, AtomicInteger> requestCounts = new ConcurrentHashMap<>();
+    private final ConcurrentHashMap<String, AtomicInteger> getCounts = new ConcurrentHashMap<>();
+    private final int maxRequests;
+    private final int maxGetRequests;
+    
+    public IPRateLimitingFilter(int maxRequests, int maxGetRequests) {
+        this.maxRequests = maxRequests;
+        this.maxGetRequests = maxGetRequests;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+    	if (request instanceof HttpServletRequest) {
+	    	HttpServletRequest httpRequest = (HttpServletRequest) request;
+	        String method = httpRequest.getMethod();
+	        String requestURI = httpRequest.getRequestURI(); 
+	    	 // Check if the request is for static resources
+	        boolean isStaticResource = requestURI.startsWith("/css/") 
+	                                || requestURI.startsWith("/js/")
+	                                || requestURI.startsWith("/images/")
+	                                || requestURI.startsWith("/public/")
+	                                || requestURI.startsWith("/pdfjs/")
+	                                || requestURI.endsWith(".svg");
+
+	        // If it's a static resource, just continue the filter chain and skip the logic below
+	        if (isStaticResource) {
+	        	chain.doFilter(request, response);
+	            return;
+	        }
+	        
+	        String clientIp = request.getRemoteAddr();
+	        requestCounts.computeIfAbsent(clientIp, k -> new AtomicInteger(0));
+	        System.out.println(requestCounts.get(clientIp).get() + ", " + requestURI );
+	        if (!"GET".equalsIgnoreCase(method)) {
+	        	
+		        if (requestCounts.get(clientIp).incrementAndGet() > maxRequests) {
+		            // Handle limit exceeded (e.g., send error response)
+		            response.getWriter().write("Rate limit exceeded");
+		            return;
+		        }
+	        } else {
+	        	if (requestCounts.get(clientIp).incrementAndGet() > maxGetRequests) {
+		            // Handle limit exceeded (e.g., send error response)
+		            response.getWriter().write("GET Rate limit exceeded");
+		            return;
+		        }
+	        }
+    	}
+    	 chain.doFilter(request, response);
+    }
+    
+    public void resetRequestCounts() {
+        requestCounts.clear();
+        getCounts.clear();
+    }
+}

src/main/java/stirling/software/SPDF/config/security/RateLimitResetScheduler.java

@@ -0,0 +1,18 @@
+package stirling.software.SPDF.config.security;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RateLimitResetScheduler {
+
+    private final IPRateLimitingFilter rateLimitingFilter;
+
+    public RateLimitResetScheduler(IPRateLimitingFilter rateLimitingFilter) {
+        this.rateLimitingFilter = rateLimitingFilter;
+    }
+
+    @Scheduled(cron = "0 0 0 * * MON") // At 00:00 every Monday
+    public void resetRateLimit() {
+        rateLimitingFilter.resetRequestCounts();
+    }
+}

src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java

@@ -13,6 +13,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -51,11 +52,13 @@ public class SecurityConfiguration {
     	if(loginEnabledValue) {
     		
     		http.csrf(csrf -> csrf.disable());
-    		http.addFilterAfter(firstLoginFilter, UsernamePasswordAuthenticationFilter.class);
+    		//http.addFilterBefore(rateLimitingFilter(), UsernamePasswordAuthenticationFilter.class);
+    		//http.addFilterAfter(firstLoginFilter, UsernamePasswordAuthenticationFilter.class);
 	        http
 	            .formLogin(formLogin -> formLogin
 	                .loginPage("/login")
-	                .defaultSuccessUrl("/")
+	               // .defaultSuccessUrl("/")
+	                .successHandler(new SavedRequestAwareAuthenticationSuccessHandler())
 	                .failureHandler(new CustomAuthenticationFailureHandler())
 	                .permitAll()
 	            )
@@ -85,7 +88,14 @@ public class SecurityConfiguration {
         return http.build();
     }
 
+    
+    @Bean
+    public IPRateLimitingFilter rateLimitingFilter() {
+        int maxRequestsPerIp = 10000; // Example limit
+        return new IPRateLimitingFilter(maxRequestsPerIp, maxRequestsPerIp);
+    }
 
+ 
     
     @Bean
     public DaoAuthenticationProvider authenticationProvider() {