Merge branch 'main' into filter-measure-time

Author: Cavve

.dockerignore

@@ -0,0 +1,8 @@
+target/
+.git/
+.mvn/
+mvnw
+mvnw.cmd
+.editorconfig
+.gitignore
+*.md

Dockerfile

@@ -13,5 +13,5 @@ FROM eclipse-temurin:25-jre-alpine
 WORKDIR /app
 
 # might need to update this later when we have our explicit class names
-COPY --from=build /app/target/*.jar app.jar
+COPY --from=build /app/target/app.jar app.jar
 ENTRYPOINT ["java", "-jar", "app.jar"]

pom.xml

@@ -40,6 +40,24 @@
             <artifactId>snakeyaml</artifactId>
             <version>2.5</version>
         </dependency>
+        <dependency>
+            <groupId>com.bucket4j</groupId>
+            <artifactId>bucket4j_jdk17-core</artifactId>
+            <version>8.16.1</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>testcontainers</artifactId>
+            <version>2.0.3</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>1.21.4</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

src/main/java/org/juv25d/App.java

@@ -1,15 +1,15 @@
 package org.juv25d;
 
-import org.juv25d.filter.IpFilter;
-import org.juv25d.filter.LoggingFilter;
-import org.juv25d.filter.TimingFilter;
+import org.juv25d.filter.*;
 import org.juv25d.logging.ServerLogging;
 import org.juv25d.http.HttpParser;
 import org.juv25d.plugin.NotFoundPlugin; // New import
 import org.juv25d.plugin.StaticFilesPlugin;
 import org.juv25d.router.SimpleRouter; // New import
 import org.juv25d.util.ConfigLoader;
 
+import java.util.List;
+
 import java.util.Set;
 import java.util.logging.Logger;
 
@@ -21,15 +21,33 @@ public static void main(String[] args) {
 
         Pipeline pipeline = new Pipeline();
 
+        pipeline.addGlobalFilter(new SecurityHeadersFilter(), 0);
+
+        // Configure redirect rules
+        List<RedirectRule> redirectRules = List.of(
+            new RedirectRule("/old-page", "/new-page", 301),
+            new RedirectRule("/temp", "https://example.com/temporary", 302),
+            new RedirectRule("/docs/*", "/documentation/", 301)
+        );
+        pipeline.addGlobalFilter(new RedirectFilter(redirectRules), 0);
+
         // IP filter is enabled but configured with open access during development
         // White/blacklist can be tightened when specific IP restrictions are decided
         pipeline.addGlobalFilter(new IpFilter(
             Set.of(),
             Set.of()
         ), 0);
+
         pipeline.addGlobalFilter(new LoggingFilter(), 0);
         pipeline.addGlobalFilter(new TimingFilter(), 0);
 
+        if (config.isRateLimitingEnabled()) {
+            pipeline.addGlobalFilter(new RateLimitingFilter(
+                config.getRequestsPerMinute(),
+                config.getBurstCapacity()
+            ), 0);
+        }
+
         // Initialize and configure SimpleRouter
         SimpleRouter router = new SimpleRouter();
         router.registerPlugin("/", new StaticFilesPlugin()); // Register StaticFilesPlugin for the root path

src/main/java/org/juv25d/filter/RateLimitingFilter.java

@@ -0,0 +1,128 @@
+package org.juv25d.filter;
+
+import io.github.bucket4j.Bandwidth;
+import io.github.bucket4j.Bucket;
+import io.github.bucket4j.Refill;
+import org.juv25d.http.HttpRequest;
+import org.juv25d.http.HttpResponse;
+import org.juv25d.logging.ServerLogging;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.logging.Logger;
+
+/**
+ * A filter that implements rate limiting for incoming HTTP requests.
+ * It uses a token bucket algorithm via Bucket4J to limit the number of requests per client IP.
+ */
+public class RateLimitingFilter implements Filter {
+
+    private static final Logger logger = ServerLogging.getLogger();
+
+    private final Map<String, Bucket> buckets = new ConcurrentHashMap<>();
+
+    private final long capacity;
+    private final long refillTokens;
+    private final Duration refillPeriod;
+
+    /**
+     * Constructs a new RateLimitingFilter.
+     *
+     * @param requestsPerMinute the number of requests allowed per minute for each IP
+     * @param burstCapacity the maximum number of requests that can be handled in a burst
+     * @throws IllegalArgumentException if requestsPerMinute or burstCapacity is not positive
+     */
+    public RateLimitingFilter(long requestsPerMinute, long burstCapacity) {
+        if (requestsPerMinute <= 0) {
+            throw new IllegalArgumentException("requestsPerMinute must be positive");
+        }
+        if (burstCapacity <= 0) {
+            throw new IllegalArgumentException("burstCapacity must be positive");
+        }
+
+        this.capacity = burstCapacity;
+        this.refillTokens = requestsPerMinute;
+        this.refillPeriod = Duration.ofMinutes(1);
+
+        logger.info(String.format(
+            "RateLimitingFilter initialized - Limit: %d req/min, Burst: %d",
+            requestsPerMinute, burstCapacity
+        ));
+    }
+
+    /**
+     * Applies the rate limiting logic to the incoming request.
+     * If the rate limit is exceeded, a 429 Too Many Requests response is sent.
+     *
+     * @param req   the HTTP request
+     * @param res   the HTTP response
+     * @param chain the filter chain
+     * @throws IOException if an I/O error occurs
+     */
+    @Override
+    public void doFilter(HttpRequest req, HttpResponse res, FilterChain chain) throws IOException {
+        String clientIp = getClientIp(req);
+
+        Bucket bucket = buckets.computeIfAbsent(clientIp, k -> createBucket());
+
+        if (bucket.tryConsume(1)) {
+            chain.doFilter(req, res);
+        } else {
+            logRateLimitExceeded(clientIp, req.method(), req.path());
+            sendTooManyRequests(res, clientIp);
+        }
+    }
+
+    private String getClientIp(HttpRequest req) {
+        return req.remoteIp();
+    }
+
+    private Bucket createBucket() {
+        Bandwidth limit = Bandwidth.classic(
+            capacity,
+            Refill.intervally(refillTokens, refillPeriod));
+
+        return Bucket.builder()
+            .addLimit(limit)
+            .build();
+    }
+
+    /**
+     * Returns the number of currently tracked IP addresses.
+     *
+     * @return the number of tracked IP addresses
+     */
+    public int getTrackedIpCount() {
+        return buckets.size();
+    }
+
+    private void logRateLimitExceeded(String ip, String method, String path) {
+        logger.warning(String.format(
+            "Rate limit exceeded - IP: %s, Method: %s, Path: %s",
+            ip, method, path
+        ));
+    }
+
+    private void sendTooManyRequests(HttpResponse res, String ip) {
+        byte[] body = ("429 Too Many Requests: Rate limit exceeded for IP " + ip + "\n")
+            .getBytes(StandardCharsets.UTF_8);
+
+        res.setStatusCode(429);
+        res.setStatusText("Too Many Requests");
+        res.setHeader("Content-Type", "text/plain; charset=utf-8");
+        res.setHeader("Content-Length", String.valueOf(body.length));
+        res.setHeader("Retry-After", "60");
+        res.setBody(body);
+    }
+
+    /**
+     * Clears all tracked rate limiting buckets.
+     */
+    @Override
+    public void destroy() {
+        buckets.clear();
+    }
+}

src/main/java/org/juv25d/filter/RedirectFilter.java

@@ -0,0 +1,83 @@
+package org.juv25d.filter;
+
+import org.juv25d.http.HttpRequest;
+import org.juv25d.http.HttpResponse;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.logging.Logger;
+
+/**
+ * Filter that handles URL redirects based on configurable rules.
+ *
+ * When a request matches a redirect rule:
+ * - The pipeline is stopped (no further processing)
+ * - A redirect response is returned with the appropriate Location header
+ * - Status code is either 301 (Moved Permanently) or 302 (Found/Temporary)
+ *
+ * Rules are evaluated in order - the first matching rule wins.
+ *
+ * Example usage:
+ * <pre>
+ * List<RedirectRule> rules = List.of(
+ *     new RedirectRule("/old-page", "/new-page", 301),
+ *     new RedirectRule("/temp", "https://example.com", 302),
+ *     new RedirectRule("/docs/*", "/documentation/", 301)
+ * );
+ * pipeline.addFilter(new RedirectFilter(rules));
+ * </pre>
+ */
+public class RedirectFilter implements Filter {
+    private final List<RedirectRule> rules;
+    private final Logger logger;
+
+    /**
+     * Creates a redirect filter with the given rules.
+     *
+     * @param rules List of redirect rules (evaluated in order)
+     */
+    public RedirectFilter(List<RedirectRule> rules) {
+        this.rules = rules;
+        this.logger = Logger.getLogger(RedirectFilter.class.getName());
+    }
+
+    @Override
+    public void doFilter(HttpRequest request, HttpResponse response, FilterChain chain) throws IOException {
+        String requestPath = request.path();
+
+        // Check each rule in order - first match wins
+        for (RedirectRule rule : rules) {
+            if (rule.matches(requestPath)) {
+                logger.info("Redirecting: " + requestPath + " -> " + rule.getTargetUrl()
+                    + " (" + rule.getStatusCode() + ")");
+
+                performRedirect(response, rule);
+
+                // Stop pipeline - don't call chain.doFilter()
+                return;
+            }
+        }
+
+        // No matching rule - continue pipeline
+        chain.doFilter(request, response);
+    }
+
+    /**
+     * Sets up the redirect response with appropriate headers.
+     *
+     * @param response The HTTP response to modify
+     * @param rule The redirect rule to apply
+     */
+    private void performRedirect(HttpResponse response, RedirectRule rule) {
+        int statusCode = rule.getStatusCode();
+        String statusText = statusCode == 301 ? "Moved Permanently" : "Found";
+
+        response.setStatusCode(statusCode);
+        response.setStatusText(statusText);
+        response.setHeader("Location", rule.getTargetUrl());
+        response.setHeader("Content-Length", "0");
+
+        // Empty body for redirects
+        response.setBody(new byte[0]);
+    }
+}