rate limiting enabled by default.

2026-02-06 11:06:49 +00:00 · 2025-12-31 06:34:17 +01:00 · 2025-12-31 06:34:17 +01:00 · c5bfb7ae72
commit c5bfb7ae72
parent 5f5409e34a
4 changed files with 18 additions and 6 deletions
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@ -970,9 +970,10 @@ featured_apis=elasticSearchWarehouseV300
 # ----------------------------------------------

 # -- Rate Limiting -----------------------------------
-# Define how many calls per hour a consumer can make
-# In case isn't defined default value is "false"
-# use_consumer_limits=false
+# Enable consumer-specific rate limiting (queries RateLimiting table)
+# Default is now true. This property may be removed in a future version.
+# Set to false to use only system-wide defaults (not recommended)
+# use_consumer_limits=true
 # In case isn't defined default value is 60
 # user_consumer_limit_anonymous_access=100
 # For the Rate Limiting feature we use Redis cache instance
--- a/obp-api/src/main/scala/code/api/cache/Caching.scala
+++ b/obp-api/src/main/scala/code/api/cache/Caching.scala
@ -100,5 +100,16 @@ object Caching extends MdcLoggable {
    Redis.deleteKeysByPattern(pattern)
  }

+  /**
+   * Invalidate ALL rate limit cache entries for ALL consumers.
+   * Use with caution - this clears the entire rate limiting cache namespace.
+   *
+   * @return Number of cache keys deleted
+   */
+  def invalidateAllRateLimitCache(): Int = {
+    val pattern = s"${RATE_LIMIT_ACTIVE_PREFIX}*"
+    Redis.deleteKeysByPattern(pattern)
+  }
+
  
 }
--- a/obp-api/src/main/scala/code/api/util/RateLimitingUtil.scala
+++ b/obp-api/src/main/scala/code/api/util/RateLimitingUtil.scala
@ -84,7 +84,7 @@ object RateLimitingUtil extends MdcLoggable {
    status: String             // ACTIVE, NO_COUNTER, EXPIRED, REDIS_UNAVAILABLE
  )

-  def useConsumerLimits = APIUtil.getPropsAsBoolValue("use_consumer_limits", false)
+  def useConsumerLimits = APIUtil.getPropsAsBoolValue("use_consumer_limits", true)

  /** Get system default rate limits from properties. Used when no RateLimiting records exist for a consumer.
    * @param consumerId The consumer ID
--- a/obp-api/src/test/scala/code/api/v6_0_0/RateLimitsTest.scala
+++ b/obp-api/src/test/scala/code/api/v6_0_0/RateLimitsTest.scala
@ -198,8 +198,8 @@ class RateLimitsTest extends V600ServerSetup {
      getResponse.body.extract[ErrorMessage].message should equal(UserHasMissingRoles + CanGetRateLimits)
    }

-    // TODO: Implement cache invalidation before enabling this test
-    ignore("We will get aggregated call limits for two overlapping rate limit records", ApiEndpoint3, VersionOfApi) {
+    scenario("We will get aggregated call limits for two overlapping rate limit records", ApiEndpoint3, VersionOfApi) {
+    // NOTE: This test requires use_consumer_limits=true in props file
      Given("We create two call limit records with overlapping date ranges")
      val Some((c, _)) = user1
      val consumerId = Consumers.consumers.vend.getConsumerByConsumerKey(c.key).map(_.consumerId.get).getOrElse("")