2

We have a kotlin code like the following, I am trying to disable the options method for the API's as follows using Javalin(3.12.0), but it is resulting in blocking all the other methods like get and post as well. What is that I am missing here?

val app = Javalin.create {
        it.defaultContentType = "application/json"
        it.enableWebjars()
        it.addStaticFiles("", Location.CLASSPATH)
        it.enableCorsForAllOrigins()
        it.dynamicGzip = true
    }

app.options("/*") {ctx -> ctx.status(405)}

app.routes {        
        path("/auth") {
             post("/login") {
                Auth.doLogin(it)
            }
             get("/metrics") {
                val results = getData()
                it.json(results)
            }     
         }

Also there are 2 questions 1.want to implement the ratelimit for the get APi's for 20 request for an hour using the below code

   app.get("/") { ctx ->
     RateLimit(ctx).requestPerTimeUnit(5, TimeUnit.MINUTES) // throws if rate limit is exceeded
     ctx.status("Hello, rate-limited World!")
   }

How to achieve it?

  1. How to restrict the jetty server version to display when the API call is made?
Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Maverick
  • 397
  • 1
  • 4
  • 18

1 Answers1

2

For Jetty...

There is only 1 Rate Limit concept in Jetty, and that's the org.eclipse.jetty.server.AcceptRateLimit, added as a Jetty Container LifeCycle bean to the ServerConnector, it cannot adjust rates for specific request endpoints, only for the entire connector.

If you want specific endpoint rates, then the org.eclipse.jetty.servlets.QoSFilter is the way that's done with Jetty.

The org.eclipse.jetty.server.HttpConfiguration for the org.eclipse.jetty.server.ServerConnector contains the controls to enable/disable the server announcement.

See

  • HttpConfiguration.setSendServerVersion(boolean)
  • HttpConfiguration.setSendXPoweredBy(boolean)
  • HttpConfiguration.setSendDateHeader(boolean)
Joakim Erdfelt
  • 46,896
  • 7
  • 86
  • 136