feat(security): add per-IP rate limiting to account API endpoints #57
Reference in New Issue
Block a user
Delete Branch "feat/NCS-65-rate-limit-api-endpoints"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Adds a fixed-window rate limiter (default 60 req/60s per IP) to all
public account endpoints (AccountResource, ChallengeResource,
OfficialChallengeResource). Implemented as a JAX-RS @NameBinding
ContainerRequestFilter in the shared security module.
IP is resolved from X-Forwarded-For > X-Real-IP > "unknown".
Load-test traffic can bypass via X-Gatling-Secret header matched
against the optional nowchess.rate-limit.gatling-secret config.
Exceeded requests receive HTTP 429 with a warn-level log.
Closes NCS-65
https://knockoutwhist.youtrack.cloud/issue/NCS-65
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
This also requires Kubernetes Secrets to be added and modifications to K8S Performance Tests
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.