Updates dependencies and enhances IP resolution

Updates Spring Boot and Logstash Logback Encoder dependencies to their
latest compatible versions.

Improves IP address resolution by prioritizing the CF-Connecting-IP and
X-Forwarded-For headers, ensuring accurate client IP detection even when
behind a proxy or CDN. Falls back to request.getRemoteAddr() if headers
are not present or empty.

Author: oDaviML

pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.3.4</version>
+        <version>3.4.1</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>com.dmware</groupId>
@@ -87,7 +87,7 @@
         <dependency>
             <groupId>net.logstash.logback</groupId>
             <artifactId>logstash-logback-encoder</artifactId>
-            <version>9.0</version>
+            <version>7.4</version>
         </dependency>
         <dependency>
             <groupId>com.bucket4j</groupId>

src/main/java/com/dmware/api_onibusbh/infra/RateLimitingFilter.java

@@ -40,7 +40,16 @@ public class RateLimitingFilter extends OncePerRequestFilter {
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
             throws ServletException, IOException {
 
-        String clientIp = request.getRemoteAddr();
+        String clientIp = request.getHeader("CF-Connecting-IP");
+        if (clientIp == null || clientIp.isEmpty()) {
+            clientIp = request.getHeader("X-Forwarded-For");
+            if (clientIp != null && !clientIp.isEmpty()) {
+                clientIp = clientIp.split(",")[0].trim();
+            }
+        }
+        if (clientIp == null || clientIp.isEmpty()) {
+            clientIp = request.getRemoteAddr();
+        }
         Bucket bucket = buckets.computeIfAbsent(clientIp, this::createNewBucket);
 
         ConsumptionProbe probe = bucket.tryConsumeAndReturnRemaining(1);