Merge pull request #66 from devondragon/fix-metrics-config-placeholder-ip-dto

devondragon · web-flow · commit 13446a72a695 · 2025-09-16T14:49:12.000-06:00
Fix metrics config placeholder ip dto
diff --git a/.claude/settings.local.json b/.claude/settings.local.json
@@ -0,0 +1,28 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(./gradlew build)",
+      "Bash(./gradlew test)",
+      "Bash(./gradlew:*)",
+      "Bash(gh issue assign:*)",
+      "Bash(gh issue close:*)",
+      "Bash(gh issue create:*)",
+      "Bash(gh issue edit:*)",
+      "Bash(gh issue view:*)",
+      "Bash(gh issue:*)",
+      "Bash(gh pr create:*)",
+      "Bash(gh pr:*)",
+      "Bash(gh:*)",
+      "Bash(git add:*)",
+      "Bash(git branch:*)",
+      "Bash(git checkout:*)",
+      "Bash(git fetch:*)",
+      "Bash(git log:*)",
+      "Bash(git push:*)",
+      "Bash(ls:*)",
+      "Bash(find:*)",
+      "Bash(git restore:*)"
+    ],
+    "deny": []
+  }
+}
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,19 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+Runtime code lives in `src/main/java/com/digitalsanctuary/cf/turnstile`, grouped by concern (`config`, `service`, `filter`, `dto`, `exception`). Shared configuration assets sit in `src/main/resources`, including `config/turnstile.properties` and Spring metadata under `META-INF`. Tests mirror the package layout in `src/test/java/com/digitalsanctuary/cf/test/turnstile`, while test fixtures and templates belong in `src/test/resources`. Build outputs flow to `build/`, and quality configurations are kept under `config/` (`checkstyle`, `pmd`).
+
+## Build, Test, and Development Commands
+Use `./gradlew clean build` for a full verification and artifact assembly. `./gradlew test` launches the JUnit suite; add `-Porg.gradle.java.installations.auto-download=false` when relying on preinstalled JDKs. `./gradlew testAll` exercises the matrix on Java 17 and 21, mirroring CI. Run `./gradlew jacocoTestReport` to generate coverage reports in `build/reports/jacoco/test/html/index.html`. Publishing helpers exist for maintainers: `./gradlew publishLocal` installs to the local Maven cache, and `./gradlew publishReposilite` targets the private staging host.
+
+## Coding Style & Naming Conventions
+Target Java 17+ and favor Lombok for boilerplate already in use. Follow Checkstyle guidance (`config/checkstyle/checkstyle.xml`): four-space indentation, braces on the same line, and public APIs documented with Javadoc. Keep packages lowercase, classes `PascalCase`, and fields/methods `camelCase`. PMD rules in `config/pmd/ruleset.xml` flag unused complexity; resolve warnings rather than suppressing unless justified.
+
+## Testing Guidelines
+Tests rely on JUnit Jupiter with Spring’s test utilities. Name classes with the `*Test` suffix (e.g., `TurnstileValidationServiceTest`) and focus on observable behavior around validation, filters, and error handling. Run `./gradlew test` before every push, and refresh coverage via `./gradlew jacocoTestReport`; aim to keep line coverage above the current 48% threshold noted in the Gradle configuration even though enforcement is disabled.
+
+## Commit & Pull Request Guidelines
+Write imperative, present-tense commit titles ("Add Turnstile captcha filter") and include one change per commit when practical. Reference issues or Dependabot tickets with `Fixes #<id>` in the body when closing them. Pull requests should summarize intent, list verification commands (Gradle tasks, coverage), and attach screenshots or logs when touching user-facing responses. Keep branches current with `main` and request review once tests pass.
+
+## Configuration & Security Tips
+Store site keys and secrets outside version control; use environment overrides or Spring Boot configuration properties. Validate Cloudflare connectivity against non-production keys before promoting changes, and redact sensitive responses from logs when updating filters or exception handlers.
diff --git a/src/main/java/com/digitalsanctuary/cf/turnstile/config/TurnstileServiceConfig.java b/src/main/java/com/digitalsanctuary/cf/turnstile/config/TurnstileServiceConfig.java
@@ -1,5 +1,8 @@
 package com.digitalsanctuary.cf.turnstile.config;
 
+import java.util.Optional;
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -8,6 +11,7 @@
 import org.springframework.web.client.RestClient;
 import org.springframework.web.client.RestTemplate;
 import com.digitalsanctuary.cf.turnstile.service.TurnstileValidationService;
+import io.micrometer.core.instrument.MeterRegistry;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
@@ -21,6 +25,7 @@
 public class TurnstileServiceConfig {
 
     private final TurnstileConfigProperties properties;
+    private final ObjectProvider<MeterRegistry> meterRegistryProvider;
 
     /**
      * Creates a RestTemplate bean for Turnstile API interactions.
@@ -36,11 +41,13 @@ public RestTemplate turnstileRestTemplate(RestTemplateBuilder builder) {
     /**
      * Creates a TurnstileValidationService bean.
      *
+     * @param restClient the preconfigured REST client for Turnstile calls
      * @return a configured TurnstileValidationService instance
      */
     @Bean
-    public TurnstileValidationService turnstileValidationService() {
-        return new TurnstileValidationService(turnstileRestClient(), properties);
+    public TurnstileValidationService turnstileValidationService(@Qualifier("turnstileRestClient") RestClient restClient) {
+        Optional<MeterRegistry> optionalRegistry = Optional.ofNullable(meterRegistryProvider.getIfAvailable());
+        return new TurnstileValidationService(restClient, properties, optionalRegistry);
     }
 
     /**
diff --git a/src/main/java/com/digitalsanctuary/cf/turnstile/dto/TurnstileResponse.java b/src/main/java/com/digitalsanctuary/cf/turnstile/dto/TurnstileResponse.java
@@ -46,6 +46,7 @@ public class TurnstileResponse {
     /**
      * Timestamp of the challenge.
      */
+    @JsonProperty("challenge_ts")
     private String challengeTs;
 
     /**
diff --git a/src/main/java/com/digitalsanctuary/cf/turnstile/service/TurnstileValidationService.java b/src/main/java/com/digitalsanctuary/cf/turnstile/service/TurnstileValidationService.java
@@ -505,9 +505,14 @@ public String getClientIpAddress(ServletRequest request) {
         if (request instanceof HttpServletRequest httpRequest) {
             String[] headers = {"X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR"};
             for (String header : headers) {
-                String ip = httpRequest.getHeader(header);
-                if (ip != null && !ip.isEmpty() && !UNKNOWN.equalsIgnoreCase(ip)) {
-                    return ip;
+                String ipHeaderValue = httpRequest.getHeader(header);
+                if (ipHeaderValue == null || ipHeaderValue.isBlank()) {
+                    continue;
+                }
+
+                String candidate = ipHeaderValue.split(",", 2)[0].trim();
+                if (!candidate.isEmpty() && !UNKNOWN.equalsIgnoreCase(candidate)) {
+                    return candidate;
                 }
             }
         }
diff --git a/src/main/resources/config/turnstile.properties b/src/main/resources/config/turnstile.properties
@@ -1,6 +1,7 @@
 # Cloudflare Turnstile Configuration
-ds.cf.turnstile.sitekey= # Turnstile Site Key
-ds.cf.turnstile.secret= # Turnstile Secret
+# Provide site and secret keys via environment-specific configuration.
+ds.cf.turnstile.sitekey=
+ds.cf.turnstile.secret=
 ds.cf.turnstile.url=https://challenges.cloudflare.com/turnstile/v0/siteverify
 
 # Configuration for TurnstileCaptchaFilter component (for use with Spring Security Form Login, etc...)

Original file line number	Diff line number	Diff line change
`@@ -505,9 +505,14 @@ public String getClientIpAddress(ServletRequest request) {`
`505`	`505`	`if (request instanceof HttpServletRequest httpRequest) {`
`506`	`506`	`String[] headers = {"X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR"};`
`507`	`507`	`for (String header : headers) {`
`508`		`- String ip = httpRequest.getHeader(header);`
`509`		`- if (ip != null && !ip.isEmpty() && !UNKNOWN.equalsIgnoreCase(ip)) {`
`510`		`- return ip;`
	`508`	`+ String ipHeaderValue = httpRequest.getHeader(header);`
	`509`	`+ if (ipHeaderValue == null \|\| ipHeaderValue.isBlank()) {`
	`510`	`+ continue;`
	`511`	`+ }`
	`512`	`+`
	`513`	`+ String candidate = ipHeaderValue.split(",", 2)[0].trim();`
	`514`	`+ if (!candidate.isEmpty() && !UNKNOWN.equalsIgnoreCase(candidate)) {`
	`515`	`+ return candidate;`
`511`	`516`	`}`
`512`	`517`	`}`
`513`	`518`	`}`