From a20bee3b93a3b31649ce6f1f763d9de9aa1a6a45 Mon Sep 17 00:00:00 2001
From: Janis <janis-e@gmx.de>
Date: Fri, 5 Jun 2026 10:33:40 +0200
Subject: [PATCH] fix(security): guard against null UriInfo in rate limit log

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../src/main/scala/de/nowchess/security/RateLimitFilter.scala  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/security/src/main/scala/de/nowchess/security/RateLimitFilter.scala b/modules/security/src/main/scala/de/nowchess/security/RateLimitFilter.scala
index 1c4de9b..8531f27 100644
--- a/modules/security/src/main/scala/de/nowchess/security/RateLimitFilter.scala
+++ b/modules/security/src/main/scala/de/nowchess/security/RateLimitFilter.scala
@@ -38,7 +38,8 @@ class RateLimitFilter extends ContainerRequestFilter:
   override def filter(ctx: ContainerRequestContext): Unit =
     val ip = clientIp(ctx)
     if enabled && !isGatlingRequest(ctx) && isOverLimit(ip) then
-      log.warnf("Rate limit exceeded for IP %s on %s %s", ip, ctx.getMethod, ctx.getUriInfo.getPath)
+      val path = Option(ctx.getUriInfo).map(_.getPath).getOrElse("-")
+      log.warnf("Rate limit exceeded for IP %s on %s %s", ip, ctx.getMethod, path)
       ctx.abortWith(Response.status(429).build())
 
   private def isGatlingRequest(ctx: ContainerRequestContext): Boolean =