refined configuation and hazelcast configuration

Author: tobiasholler

captchaservice-backend/src/main/java/de/muenchen/captchaservice/common/HazelcastConstants.java

@@ -0,0 +1,6 @@
+package de.muenchen.captchaservice.common;
+
+public class HazelcastConstants {
+    public static final String INVALIDATED_PAYLOADS = "INVALIDATED_PAYLOADS";
+    public static final String SOURCE_ADDRESSES = "SOURCE_ADDRESSES";
+}

captchaservice-backend/src/main/java/de/muenchen/captchaservice/configuration/captcha/CaptchaProperties.java

@@ -1,18 +1,28 @@
 package de.muenchen.captchaservice.configuration.captcha;
 
 import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.validation.annotation.Validated;
 
 import java.util.Map;
 
+/**
+ *
+ * @param hmacKey
+ * @param sites
+ * @param captchaTimeoutSeconds How long a created captcha challenge is valid.
+ * @param sourceAddressWindowSeconds How long a source address is saved for.
+ */
 @ConfigurationProperties(prefix = "captcha")
 @Validated
-public record CaptchaProperties(@NotBlank String hmacKey, long ttlSeconds, Map<String, CaptchaSite> sites, long sourceAddressWindowSeconds) {
-    public CaptchaProperties(final String hmacKey, final long ttlSeconds, final Map<String, CaptchaSite> sites, final long sourceAddressWindowSeconds) {
+public record CaptchaProperties(@NotBlank String hmacKey, Map<String, CaptchaSite> sites, @NotNull Long captchaTimeoutSeconds,
+        @NotNull Long sourceAddressWindowSeconds) {
+    public CaptchaProperties(final String hmacKey, final Map<String, CaptchaSite> sites, final Long captchaTimeoutSeconds,
+            final Long sourceAddressWindowSeconds) {
         this.hmacKey = hmacKey;
-        this.ttlSeconds = ttlSeconds;
         this.sites = sites != null ? Map.copyOf(sites) : Map.of();
+        this.captchaTimeoutSeconds = captchaTimeoutSeconds;
         this.sourceAddressWindowSeconds = sourceAddressWindowSeconds;
     }
 }

captchaservice-backend/src/main/java/de/muenchen/captchaservice/configuration/HazelcastConfiguration.java renamed to captchaservice-backend/src/main/java/de/muenchen/captchaservice/configuration/hazelcast/HazelcastConfiguration.java

@@ -1,11 +1,11 @@
-package de.muenchen.captchaservice.configuration;
+package de.muenchen.captchaservice.configuration.hazelcast;
 
 import com.hazelcast.config.*;
 import com.hazelcast.core.Hazelcast;
 import com.hazelcast.core.HazelcastInstance;
+import de.muenchen.captchaservice.common.HazelcastConstants;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
@@ -22,12 +22,12 @@ public HazelcastInstance hazelcastInstance(@Autowired final Config config) {
 
     @Bean
     @Profile({ "!hazelcast-k8s" })
-    public Config localConfig(@Value("${spring.session.timeout:1000}") final int timeout) {
+    public Config localConfig() {
         final Config hazelcastConfig = new Config();
         hazelcastConfig.setClusterName(hazelcastProperties.getClusterName());
         hazelcastConfig.setInstanceName(hazelcastProperties.getInstanceName());
 
-        addSessionTimeoutToHazelcastConfig(hazelcastConfig, timeout);
+        addSessionTimeoutToHazelcastConfig(hazelcastConfig);
 
         final NetworkConfig networkConfig = hazelcastConfig.getNetworkConfig();
 
@@ -42,12 +42,12 @@ public Config localConfig(@Value("${spring.session.timeout:1000}") final int tim
 
     @Bean
     @Profile({ "hazelcast-k8s" })
-    public Config config(@Value("${spring.session.timeout:1000}") final int timeout) {
+    public Config config() {
         final Config hazelcastConfig = new Config();
         hazelcastConfig.setClusterName(hazelcastProperties.getClusterName());
         hazelcastConfig.setInstanceName(hazelcastProperties.getInstanceName());
 
-        addSessionTimeoutToHazelcastConfig(hazelcastConfig, timeout);
+        addSessionTimeoutToHazelcastConfig(hazelcastConfig);
 
         hazelcastConfig.getNetworkConfig().getJoin().getMulticastConfig().setEnabled(false);
         hazelcastConfig.getNetworkConfig().getJoin().getKubernetesConfig().setEnabled(true)
@@ -64,15 +64,19 @@ public Config config(@Value("${spring.session.timeout:1000}") final int timeout)
      * time to live.
      *
      * @param hazelcastConfig to add the timeout.
-     * @param sessionTimeout for security session.
      */
-    private void addSessionTimeoutToHazelcastConfig(final Config hazelcastConfig, final int sessionTimeout) {
-        final MapConfig sessionConfig = new MapConfig();
-        sessionConfig.setName("SOURCE_ADDRESSES");
-        sessionConfig.setTimeToLiveSeconds(sessionTimeout);
-        sessionConfig.getEvictionConfig().setEvictionPolicy(EvictionPolicy.LRU);
+    private void addSessionTimeoutToHazelcastConfig(final Config hazelcastConfig) {
+        final MapConfig invalidatedPayloadsConfig = new MapConfig();
+        invalidatedPayloadsConfig.setName(HazelcastConstants.INVALIDATED_PAYLOADS);
+        invalidatedPayloadsConfig.setTimeToLiveSeconds(hazelcastProperties.getTimeoutSeconds());
+        invalidatedPayloadsConfig.getEvictionConfig().setEvictionPolicy(EvictionPolicy.LRU);
+        hazelcastConfig.addMapConfig(invalidatedPayloadsConfig);
 
-        hazelcastConfig.addMapConfig(sessionConfig);
+        final MapConfig sourceAddressesConfig = new MapConfig();
+        sourceAddressesConfig.setName(HazelcastConstants.SOURCE_ADDRESSES);
+        sourceAddressesConfig.setTimeToLiveSeconds(hazelcastProperties.getTimeoutSeconds());
+        sourceAddressesConfig.getEvictionConfig().setEvictionPolicy(EvictionPolicy.LRU);
+        hazelcastConfig.addMapConfig(sourceAddressesConfig);
     }
 
 }

captchaservice-backend/src/main/java/de/muenchen/captchaservice/configuration/HazelcastProperties.java renamed to captchaservice-backend/src/main/java/de/muenchen/captchaservice/configuration/hazelcast/HazelcastProperties.java

@@ -1,10 +1,10 @@
-package de.muenchen.captchaservice.configuration;
+package de.muenchen.captchaservice.configuration.hazelcast;
 
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
 @Data
-@ConfigurationProperties("refarch.hazelcast")
+@ConfigurationProperties("hazelcast")
 public class HazelcastProperties {
     /**
      * Name of the hazelcast cluster.
@@ -19,4 +19,9 @@ public class HazelcastProperties {
      * Required for running hazelcast inside kubernetes.
      */
     private String serviceName;
+
+    /**
+     * General timeout for Hazelcast data.
+     */
+    private int timeoutSeconds = 86400;
 }

captchaservice-backend/src/main/java/de/muenchen/captchaservice/service/captcha/CaptchaService.java

@@ -2,6 +2,7 @@
 
 import com.hazelcast.core.HazelcastInstance;
 import com.hazelcast.map.IMap;
+import de.muenchen.captchaservice.common.HazelcastConstants;
 import de.muenchen.captchaservice.configuration.captcha.CaptchaProperties;
 import de.muenchen.captchaservice.data.SourceAddress;
 import de.muenchen.captchaservice.service.difficulty.DifficultyService;
@@ -23,7 +24,7 @@ public class CaptchaService {
     public CaptchaService(final CaptchaProperties captchaProperties, final DifficultyService difficultyService, final HazelcastInstance hazelcastInstance) {
         this.captchaProperties = captchaProperties;
         this.difficultyService = difficultyService;
-        invalidatedPayloads = hazelcastInstance.getMap("INVALIDATED_PAYLOADS");
+        invalidatedPayloads = hazelcastInstance.getMap(HazelcastConstants.INVALIDATED_PAYLOADS);
     }
 
     public Altcha.Challenge createChallenge(final String siteKey, final SourceAddress sourceAddress) {
@@ -33,7 +34,7 @@ public Altcha.Challenge createChallenge(final String siteKey, final SourceAddres
         options.algorithm = Altcha.Algorithm.SHA256;
         options.hmacKey = captchaProperties.hmacKey();
         options.maxNumber = difficulty;
-        options.expires = (System.currentTimeMillis() / 1000) + captchaProperties.ttlSeconds();
+        options.expires = (System.currentTimeMillis() / 1000) + captchaProperties.captchaTimeoutSeconds();
         try {
             return Altcha.createChallenge(options);
         } catch (Exception e) {
@@ -60,7 +61,7 @@ public boolean verify(final Altcha.Payload payload) {
 
     public void invalidatePayload(final Altcha.Payload payload) {
         final String payloadHash = getPayloadHash(payload);
-        invalidatedPayloads.set(payloadHash, "", captchaProperties.ttlSeconds(), TimeUnit.SECONDS);
+        invalidatedPayloads.set(payloadHash, "", captchaProperties.captchaTimeoutSeconds(), TimeUnit.SECONDS);
         log.debug("Invalidated payloadHash: {}", payloadHash);
     }
 

captchaservice-backend/src/main/java/de/muenchen/captchaservice/service/difficulty/DifficultyService.java

@@ -2,6 +2,7 @@
 
 import com.hazelcast.core.HazelcastInstance;
 import com.hazelcast.map.IMap;
+import de.muenchen.captchaservice.common.HazelcastConstants;
 import de.muenchen.captchaservice.configuration.captcha.CaptchaProperties;
 import de.muenchen.captchaservice.configuration.captcha.CaptchaSite;
 import de.muenchen.captchaservice.configuration.captcha.DifficultyItem;
@@ -22,7 +23,7 @@ public class DifficultyService {
 
     public DifficultyService(final CaptchaProperties captchaProperties, final HazelcastInstance hazelcastInstance) {
         this.captchaProperties = captchaProperties;
-        sourceAddresses = hazelcastInstance.getMap("SOURCE_ADDRESSES");
+        sourceAddresses = hazelcastInstance.getMap(HazelcastConstants.SOURCE_ADDRESSES);
     }
 
     public void pokeSourceAddress(final SourceAddress sourceAddress) {

captchaservice-backend/src/main/resources/application-local.yml

@@ -26,3 +26,6 @@ captcha:
   sites:
     test:
       secret: test
+      difficulty-map:
+        - min-visits: 0
+          max-number: 1000

captchaservice-backend/src/main/resources/application.yml

@@ -56,4 +56,5 @@ info:
 captcha:
   hmac-key: null
   sites: {}
-  ttl-seconds: 1200
+  captcha-timeout-seconds: 1200
+  source-address-window-seconds: 1800