Apply rate limiter for replying a comment (#4135)

#### What type of PR is this? /kind feature /area core /milestone 2.7.x #### What this PR does / why we need it: Apply rate limiter for replying a comment as well. This feature is supplement of <https://github.com/halo-dev/halo/pull/4084>. #### Special notes for your reviewer: Try to reply any comments 11 times within 1 minute. #### Does this PR introduce a user-facing change? ```release-note 对评论回复添加频率限制 ```
2023-06-28 15:38:11 +08:00 · 2023-06-28 15:38:11 +08:00 · ff33608fed
parent 02e7068ee0
commit ff33608fed
3 changed files with 13 additions and 3 deletions
--- a/application/src/main/java/run/halo/app/theme/endpoint/CommentFinderEndpoint.java
+++ b/application/src/main/java/run/halo/app/theme/endpoint/CommentFinderEndpoint.java
@ -198,7 +198,9 @@ public class CommentFinderEndpoint implements CustomEndpoint {
                    .defaultIfEmpty(reply);
            })
            .flatMap(reply -> replyService.create(commentName, reply))
-            .flatMap(comment -> ServerResponse.ok().bodyValue(comment));
+            .flatMap(comment -> ServerResponse.ok().bodyValue(comment))
+            .transformDeferred(createIpBasedRateLimiter(request))
+            .onErrorMap(RequestNotPermitted.class, RateLimitExceededException::new);
    }

    private boolean checkReplyOwner(Reply reply, Boolean onlySystemUser) {
--- a/application/src/main/resources/application.yaml
+++ b/application/src/main/resources/application.yaml
@ -80,5 +80,5 @@ resilience4j.ratelimiter:
    comment-creation:
      limitForPeriod: 10
      limitRefreshPeriod: 1m
-      timeoutDuration: 10s
+      timeoutDuration: 0s

--- a/application/src/test/java/run/halo/app/theme/endpoint/CommentFinderEndpointTest.java
+++ b/application/src/test/java/run/halo/app/theme/endpoint/CommentFinderEndpointTest.java
@ -145,7 +145,7 @@ class CommentFinderEndpointTest {
            .limitRefreshPeriod(Duration.ofSeconds(1))
            .timeoutDuration(Duration.ofSeconds(10))
            .build();
-        RateLimiter rateLimiter = RateLimiter.of("comment-creation-from-ip-" + "0:0:0:0:0:0:0:0", 
+        RateLimiter rateLimiter = RateLimiter.of("comment-creation-from-ip-" + "0:0:0:0:0:0:0:0",
            config);
        when(rateLimiterRegistry.rateLimiter(anyString(), anyString())).thenReturn(rateLimiter);

@ -183,8 +183,13 @@ class CommentFinderEndpointTest {
        replyRequest.setContent("content");
        replyRequest.setAllowNotification(true);

+        when(rateLimiterRegistry.rateLimiter("comment-creation-from-ip-127.0.0.1",
+            "comment-creation"))
+            .thenReturn(RateLimiter.ofDefaults("comment-creation"));
+
        webTestClient.post()
            .uri("/comments/test-comment/reply")
+            .header("X-Forwarded-For", "127.0.0.1")
            .bodyValue(replyRequest)
            .exchange()
            .expectStatus()
@ -196,5 +201,8 @@ class CommentFinderEndpointTest {
        assertThat(value.getSpec().getIpAddress()).isNotNull();
        assertThat(value.getSpec().getUserAgent()).isNotNull();
        assertThat(value.getSpec().getQuoteReply()).isNull();
+
+        verify(rateLimiterRegistry).rateLimiter("comment-creation-from-ip-127.0.0.1",
+            "comment-creation");
    }
 }