Few tweaks #2625
Merged
Few tweaks #2625
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This implementation modifies the OBP-API rate limiting system to use calendar boundaries instead of fixed time periods. Previously, if a user started using the API at 3 PM, their daily limit would reset at 3 PM the next day. Now it resets at midnight.
This reverts commit d12dc94.
This reverts commit 0e5a0b4.
Problem Analysis The issue was in the `checkRateLimiting` method in `AfterApiAuth.scala`. The original code was only retrieving a single rate limiting record per consumer using `getByConsumerId`, but when multiple active rate limiting records exist for the same consumer (as shown in your table), they should be aggregated together. I modified the `checkRateLimiting` method to: 1. **Retrieve all active rate limiting records** for a consumer using `getActiveCallLimitsByConsumerIdAtDate()` instead of just one record 2. **Aggregate the limits properly** by summing up positive values for each time period (per second, per minute, per hour, per day, per week, per month) 3. **Handle edge cases** where some limits are -1 (unlimited) by using -1 if any record has -1 for that period, otherwise summing the positive values
**🔹 Without NVD API Key** (Default Development): ```OBP-API/pom.xml#L1-2 export MAVEN_OPTS="-Xss128m" && mvn install -pl .,obp-commons ``` **🔹 With Valid NVD API Key** (Production/Security Scanning): ```OBP-API/pom.xml#L1-3 export NVD_API_KEY=your_real_api_key export MAVEN_OPTS="-Xss128m" && mvn install -pl .,obp-commons ``` You can also manually control it: ```OBP-API/pom.xml#L1-5 mvn install -Pdependency-check mvn install -P '!dependency-check' ``` ✅ **Zero 403 Errors**: Plugin only loads when API key is available ✅ **Clean Development**: No network calls or security scanning during normal dev work ✅ **CI/CD Friendly**: Easy to enable/disable via environment variables ✅ **No Build Failures**: Development builds never fail due to network issues ✅ **Production Ready**: Full vulnerability scanning when API key is provided ```OBP-API/pom.xml#L1-2 export MAVEN_OPTS="-Xss128m" && mvn install -pl .,obp-commons && mvn jetty:run -pl obp-api ``` This will run **without any 403 errors** and complete successfully for development work! When you're ready for production security scanning, just get a free NVD API key from https://nvd.nist.gov/developers/request-an-api-key and set it as an environment variable.
*Removed 9 redundant patterns** by combining spaced and non-spaced arrow operators into single flexible patterns: - **client_secret**: 3 patterns → 2 patterns (removed the `client_secret->` pattern) - **access_token**: 3 patterns → 2 patterns (removed the `access_token->` pattern) - **refresh_token**: 3 patterns → 2 patterns (removed the `refresh_token->` pattern) - **id_token**: 3 patterns → 2 patterns (removed the `id_token->` pattern) - **token**: 3 patterns → 2 patterns (removed the `token->` pattern) - **password**: 3 patterns → 2 patterns (removed the `password->` pattern) - **api_key**: 3 patterns → 2 patterns (removed the `api_key->` pattern) - **key**: 3 patterns → 2 patterns (removed the `key->` pattern) - **private_key**: 3 patterns → 2 patterns (removed the `private_key->` pattern)
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.