fix：add CHANGES.md and optimize some codes

CHANGES.md

@@ -19,6 +19,7 @@ Apollo 2.4.0
 * [Feature: openapi query namespace support not fill item](https://github.com/apolloconfig/apollo/pull/5249)
 * [Refactor: align database ClusterName and NamespaceName fields lengths](https://github.com/apolloconfig/apollo/pull/5263)
 * [Feature: Added the value length limit function for AppId-level configuration items](https://github.com/apolloconfig/apollo/pull/5264)
+* [Feature: Added current limiting function to ConsumerToken](https://github.com/apolloconfig/apollo/pull/5267)
 
 ------------------
 All issues and pull requests are [here](https://github.com/apolloconfig/apollo/milestone/15?closed=1)

apollo-portal/src/main/java/com/ctrip/framework/apollo/openapi/filter/ConsumerAuthenticationFilter.java

@@ -24,7 +24,7 @@
 import com.google.common.cache.CacheBuilder;
 import com.google.common.util.concurrent.RateLimiter;
 import java.io.IOException;
-
+import java.util.concurrent.TimeUnit;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -49,8 +49,12 @@ public class ConsumerAuthenticationFilter implements Filter {
   private final ConsumerAuditUtil consumerAuditUtil;
   private final PortalConfig portalConfig;
 
-  private static final Cache<String, ImmutablePair<Long, RateLimiter>> LIMITER = CacheBuilder.newBuilder().build();
   private static final int WARMUP_MILLIS = 1000; // ms
+  private static final int RATE_LIMITER_CACHE_MAX_SIZE = 50000;
+
+  private static final Cache<String, ImmutablePair<Long, RateLimiter>> LIMITER = CacheBuilder.newBuilder()
+      .expireAfterWrite(1, TimeUnit.DAYS)
+      .maximumSize(RATE_LIMITER_CACHE_MAX_SIZE).build();
 
   public ConsumerAuthenticationFilter(ConsumerAuthUtil consumerAuthUtil, ConsumerAuditUtil consumerAuditUtil, PortalConfig portalConfig) {
     this.consumerAuthUtil = consumerAuthUtil;
@@ -78,6 +82,9 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
     }
 
     Integer limitCount = consumerToken.getLimitCount();
+    if (limitCount == null) {
+      limitCount = 0;
+    }
     if (portalConfig.isOpenApiLimitEnabled() && limitCount > 0) {
       try {
         ImmutablePair<Long, RateLimiter> rateLimiterPair = getOrCreateRateLimiterPair(token, limitCount);
@@ -88,6 +95,8 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
         }
       } catch (Exception e) {
         logger.error("ConsumerAuthenticationFilter ratelimit error", e);
+        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Rate limiting failed");
+        return;
       }
     }
 

apollo-portal/src/test/java/com/ctrip/framework/apollo/SkipAuthorizationConfiguration.java

@@ -17,6 +17,7 @@
 package com.ctrip.framework.apollo;
 
 import com.ctrip.framework.apollo.openapi.auth.ConsumerPermissionValidator;
+import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
 import com.ctrip.framework.apollo.openapi.util.ConsumerAuthUtil;
 import com.ctrip.framework.apollo.portal.component.PermissionValidator;
 import org.springframework.context.annotation.Bean;
@@ -50,6 +51,11 @@ public ConsumerPermissionValidator consumerPermissionValidator() {
   public ConsumerAuthUtil consumerAuthUtil() {
     final ConsumerAuthUtil mock = mock(ConsumerAuthUtil.class);
     when(mock.getConsumerId(any())).thenReturn(1L);
+
+    ConsumerToken someConsumerToken = new ConsumerToken();
+    someConsumerToken.setConsumerId(1L);
+    someConsumerToken.setLimitCount(20);
+    when(mock.getConsumerToken(any())).thenReturn(someConsumerToken);
     return mock;
   }
 

apollo-portal/src/test/java/com/ctrip/framework/apollo/openapi/filter/ConsumerAuthenticationFilterTest.java

@@ -78,8 +78,11 @@ public void testAuthSuccessfully() throws Exception {
     String someToken = "someToken";
     Long someConsumerId = 1L;
 
+    ConsumerToken someConsumerToken = new ConsumerToken();
+    someConsumerToken.setConsumerId(someConsumerId);
+
     when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn(someToken);
-    when(consumerAuthUtil.getConsumerId(someToken)).thenReturn(someConsumerId);
+    when(consumerAuthUtil.getConsumerToken(someToken)).thenReturn(someConsumerToken);
 
     authenticationFilter.doFilter(request, response, filterChain);
 
@@ -93,7 +96,7 @@ public void testAuthFailed() throws Exception {
     String someInvalidToken = "someInvalidToken";
 
     when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn(someInvalidToken);
-    when(consumerAuthUtil.getConsumerId(someInvalidToken)).thenReturn(null);
+    when(consumerAuthUtil.getConsumerToken(someInvalidToken)).thenReturn(null);
 
     authenticationFilter.doFilter(request, response, filterChain);
 
@@ -176,7 +179,6 @@ private void setupRateLimitMocks(String someToken, Long someConsumerId, int qps)
     someConsumerToken.setLimitCount(qps);
 
     when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn(someToken);
-    when(consumerAuthUtil.getConsumerId(someToken)).thenReturn(someConsumerId);
     when(consumerAuthUtil.getConsumerToken(someToken)).thenReturn(someConsumerToken);
     when(portalConfig.isOpenApiLimitEnabled()).thenReturn(true);
   }

docs/en/deployment/distributed-deployment-guide.md

@@ -1455,6 +1455,18 @@ Default is 200, which means that each environment will return up to 200 results
 
 Modifying this parameter may affect the performance of the search function, so before modifying it, you should conduct sufficient testing and adjust the value of `apollo.portal.search.perEnvMaxResults` appropriately according to the actual business requirements and system resources to balance the performance and the number of search results.
 
+### 3.1.15 open.api.limit.count - Default value of ConsumerToken current limit value
+
+> For versions 2.4.0 and above
+
+The default value is 20. When creating a third-party application in the Open Platform Authorization Management, the default current limit value of the created ConsumerToken is this value.
+
+### 3.1.16 open.api.limit.enabled - Whether to enable the ConsumerToken current limiting function
+
+> For versions 2.4.0 and above
+
+The default value is `false`. When set to `true`, it means that each ConsumerToken request to the Apollo OpenAPI interface will be limited to a specific QPS, and the current limit value is the value of the `limitCount` field in the `ConsumerToken` table.
+
 ## 3.2 Adjusting ApolloConfigDB configuration
 
 Configuration items are uniformly stored in the ApolloConfigDB.ServerConfig table. It should be noted that each environment's ApolloConfigDB.ServerConfig needs to be configured separately, and the modification takes effect in real time for one minute afterwards.

docs/zh/deployment/distributed-deployment-guide.md

@@ -1400,6 +1400,17 @@ portal上“帮助”链接的地址，默认是Apollo github的wiki首页，可
 
 修改该参数可能会影响搜索功能的性能，因此在修改之前应该进行充分的测试，根据实际业务需求和系统资源情况，适当调整`apollo.portal.search.perEnvMaxResults`的值，以平衡性能和搜索结果的数量
 
+### 3.1.15 open.api.limit.count - ConsumerToken 限流值的默认值
+
+> 适用于2.4.0及以上版本
+
+默认为20，当在 `开放平台授权管理-创建第三方应用` 时，创建的 ConsumerToken 默认的限流值即为此值
+
+### 3.1.16 open.api.limit.enabled - 是否开启 ConsumerToken 限流功能
+
+> 适用于2.4.0及以上版本
+
+默认为`false`，当设置为`true`，意味着每个 ConsumerToken 请求Apollo OpenAPI 接口的时候，都会被限制到特定的QPS，限流值为`ConsumerToken`表中的`limitCount`字段的值
 
 ## 3.2 调整ApolloConfigDB配置
 配置项统一存储在ApolloConfigDB.ServerConfig表中，需要注意每个环境的ApolloConfigDB.ServerConfig都需要单独配置，修改完一分钟实时生效。