Merge pull request #334 from let-s-record-it/develop

Merge develop into main

Author: soun997

build.gradle

@@ -89,6 +89,11 @@ dependencies {
     // quartz
     implementation 'org.springframework.boot:spring-boot-starter-quartz:3.4.1'
 
+    // bucket4j
+    implementation 'com.bucket4j:bucket4j_jdk17-core:8.15.0'
+    implementation 'com.bucket4j:bucket4j_jdk17-redis:8.14.0'
+    implementation 'com.bucket4j:bucket4j_jdk17-lettuce:8.15.0'
+
     asciidoctorExt 'org.springframework.restdocs:spring-restdocs-asciidoctor'
 
     testImplementation 'org.springframework.restdocs:spring-restdocs-mockmvc'

src/main/java/com/sillim/recordit/config/cache/RedisConfig.java

@@ -1,5 +1,6 @@
 package com.sillim.recordit.config.cache;
 
+import io.lettuce.core.RedisClient;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,12 +26,15 @@ public RedisConnectionFactory redisConnectionFactory() {
 	@Bean
 	public RedisTemplate<String, Object> redisTemplate() {
 		RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
-
 		redisTemplate.setConnectionFactory(redisConnectionFactory());
-
 		redisTemplate.setKeySerializer(new StringRedisSerializer());
 		redisTemplate.setValueSerializer(new StringRedisSerializer());
 
 		return redisTemplate;
 	}
+
+	@Bean
+	public RedisClient redisClient() {
+		return RedisClient.create("redis://" + host + ":" + port);
+	}
 }

src/main/java/com/sillim/recordit/config/filter/ApiThrottlingFilter.java

@@ -0,0 +1,93 @@
+package com.sillim.recordit.config.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.sillim.recordit.global.dto.response.ErrorResponse;
+import com.sillim.recordit.global.exception.ErrorCode;
+import io.github.bucket4j.Bucket;
+import io.github.bucket4j.BucketConfiguration;
+import io.github.bucket4j.ConsumptionProbe;
+import io.github.bucket4j.distributed.proxy.ProxyManager;
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class ApiThrottlingFilter implements Filter {
+
+	private static final List<LimitApi> LIMIT_APIS =
+			List.of(
+					LimitApi.pattern("/api/v1/invite/members/*"),
+					LimitApi.pattern("POST", "/api/v1/members/*/follow"),
+					LimitApi.pattern("POST", "/api/v1/feeds/**"));
+	public static final int TOO_MANY_REQUEST = 429;
+
+	private final ProxyManager<String> proxyManager;
+	private final BucketConfiguration bucketConfiguration;
+	private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+	private final ObjectMapper objectMapper;
+
+	@Override
+	public void doFilter(
+			ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+			throws IOException, ServletException {
+		HttpServletRequest request = (HttpServletRequest) servletRequest;
+
+		String auth = request.getHeader(HttpHeaders.AUTHORIZATION);
+		if (auth == null) {
+			filterChain.doFilter(servletRequest, servletResponse);
+			return;
+		}
+
+		Bucket bucket = proxyManager.getProxy(auth, () -> bucketConfiguration);
+		for (LimitApi limitApi : LIMIT_APIS) {
+			if (antPathMatcher.match(limitApi.getUrl(), request.getRequestURI())
+					&& (limitApi.noMethod() || limitApi.getMethod().equals(request.getMethod()))) {
+				checkApiToken(bucket, filterChain, servletRequest, servletResponse);
+				return;
+			}
+		}
+
+		filterChain.doFilter(servletRequest, servletResponse);
+	}
+
+	private void checkApiToken(
+			Bucket bucket,
+			FilterChain filterChain,
+			ServletRequest request,
+			ServletResponse response)
+			throws IOException, ServletException {
+		ConsumptionProbe probe = bucket.tryConsumeAndReturnRemaining(1);
+
+		if (probe.isConsumed()) {
+			filterChain.doFilter(request, response);
+			return;
+		}
+
+		long waitForRefill = probe.getNanosToWaitForRefill() / 1_000_000_000;
+
+		HttpServletResponse httpResponse = (HttpServletResponse) response;
+		httpResponse.setContentType("text/plain; charset=UTF-8");
+		httpResponse.setStatus(TOO_MANY_REQUEST);
+		httpResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
+
+		response.getWriter()
+				.write(
+						objectMapper.writeValueAsString(
+								ResponseEntity.status(TOO_MANY_REQUEST)
+										.body(
+												ErrorResponse.from(
+														ErrorCode.TOO_MANY_REQUEST,
+														waitForRefill + "초 뒤에 다시 시도해주세요"))));
+	}
+}

src/main/java/com/sillim/recordit/config/filter/LimitApi.java

@@ -0,0 +1,27 @@
+package com.sillim.recordit.config.filter;
+
+import lombok.Getter;
+
+@Getter
+public class LimitApi {
+
+	private final String method;
+	private final String url;
+
+	private LimitApi(String method, String url) {
+		this.method = method;
+		this.url = url;
+	}
+
+	public static LimitApi pattern(String method, String url) {
+		return new LimitApi(method, url);
+	}
+
+	public static LimitApi pattern(String url) {
+		return new LimitApi(null, url);
+	}
+
+	public boolean noMethod() {
+		return this.method == null;
+	}
+}

src/main/java/com/sillim/recordit/config/neo4j/LocalNeo4jInitializer.java

@@ -0,0 +1,28 @@
+package com.sillim.recordit.config.neo4j;
+
+import lombok.RequiredArgsConstructor;
+import org.neo4j.driver.Driver;
+import org.neo4j.driver.Session;
+import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.ApplicationRunner;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+/**
+ * (Local 환경 한정) Spring Application 실행 시 Neo4j DB 데이터를 초기화
+ */
+@Component
+@RequiredArgsConstructor
+@Profile("local")
+public class LocalNeo4jInitializer implements ApplicationRunner {
+
+	private static final String INIT_QUERY = "MATCH (n) DETACH DELETE n";
+	private final Driver neo4jDriver;
+
+	@Override
+	public void run(ApplicationArguments args) {
+		try (Session session = neo4jDriver.session()) {
+			session.run(INIT_QUERY);
+		}
+	}
+}

src/main/java/com/sillim/recordit/config/ratelimiter/RateLimiterConfig.java

@@ -0,0 +1,58 @@
+package com.sillim.recordit.config.ratelimiter;
+
+import io.github.bucket4j.BucketConfiguration;
+import io.github.bucket4j.distributed.ExpirationAfterWriteStrategy;
+import io.github.bucket4j.redis.lettuce.Bucket4jLettuce;
+import io.github.bucket4j.redis.lettuce.cas.LettuceBasedProxyManager;
+import io.lettuce.core.RedisClient;
+import io.lettuce.core.api.StatefulRedisConnection;
+import io.lettuce.core.codec.ByteArrayCodec;
+import io.lettuce.core.codec.RedisCodec;
+import io.lettuce.core.codec.StringCodec;
+import java.time.*;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@RequiredArgsConstructor
+public class RateLimiterConfig {
+
+	private final RedisClient redisClient;
+
+	@Value("${rate-limiter.capacity:5}")
+	private int capacity;
+
+	@Value("${rate-limiter.refill-token-amount:5}")
+	private int refillTokenAmount;
+
+	@Value("${rate-limiter.refill-duration-seconds:10}")
+	private long refillDurationSeconds;
+
+	@Value("${rate-limiter.bucket-ttl-seconds:600}")
+	private long bucketTTLSeconds;
+
+	@Bean
+	public LettuceBasedProxyManager<String> proxyManager() {
+		StatefulRedisConnection<String, byte[]> connect =
+				redisClient.connect(RedisCodec.of(StringCodec.UTF8, ByteArrayCodec.INSTANCE));
+		return Bucket4jLettuce.casBasedBuilder(connect)
+				.expirationAfterWrite(
+						ExpirationAfterWriteStrategy.fixedTimeToLive(
+								Duration.ofSeconds(bucketTTLSeconds)))
+				.build();
+	}
+
+	@Bean
+	public BucketConfiguration bucketConfiguration() {
+		return BucketConfiguration.builder()
+				.addLimit(
+						limit ->
+								limit.capacity(capacity)
+										.refillIntervally(
+												refillTokenAmount,
+												Duration.ofSeconds(refillDurationSeconds)))
+				.build();
+	}
+}

src/main/java/com/sillim/recordit/global/exception/ErrorCode.java

@@ -9,6 +9,7 @@ public enum ErrorCode {
 	INVALID_ARGUMENT("ERR_GLOBAL_001", "올바르지 않은 값이 전달되었습니다."),
 	REQUEST_NOT_FOUND("ERR_GLOBAL_002", "요청을 찾을 수 없습니다."),
 	INVALID_REQUEST("ERR_GLOBAL_003", "유효하지 않은 요청입니다."),
+	TOO_MANY_REQUEST("ERR_GLOBAL_004", "너무 많은 요청을 보냈습니다."),
 	UNHANDLED_EXCEPTION("ERR_GLOBAL_999", "예상치 못한 오류가 발생했습니다."),
 
 	ID_TOKEN_UNSUPPORTED("ERR_OIDC_001", "지원되지 않는 ID Token 입니다."),

src/main/java/com/sillim/recordit/member/controller/LoginController.java

@@ -13,6 +13,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -47,4 +48,9 @@ public ResponseEntity<Void> activateMember(
 
 		return ResponseEntity.noContent().build();
 	}
+
+	@GetMapping("/auth/validate")
+	public ResponseEntity<Void> validateToken() {
+		return ResponseEntity.noContent().build();
+	}
 }

src/main/resources/application-local.yml

@@ -111,6 +111,12 @@ server:
       min-spare: 10
       max: 200
 
+rate-limiter:
+  capacity: 5
+  refill-token-amount: 5
+  refill-duration-seconds: 10
+  bucket-ttl-seconds: 600
+
 management:
   endpoint:
     health:

src/main/resources/application-prod.yml

@@ -116,3 +116,9 @@ management:
     web:
       exposure:
         include: health, prometheus
+
+rate-limiter:
+  capacity: ${RATE_LIMITER_CAPACITY}
+  refill-token-amount: ${RATE_LIMITER_REFILL_TOKEN_AMOUNT}
+  refill-duration-seconds: ${RATE_LIMITER_REFILL_DURATION_SECONDS}
+  bucket-ttl-seconds: ${RATE_LIMITER_BUCKET_TTL_SECONDS}