Cedric
024b3880e7
RateLimitFilter (OncePerRequestFilter) enforces 60 req/min per authenticated Google ID or client IP, using Bucket4j in-memory token buckets. Filter is registered after BearerTokenAuthenticationFilter in the production security chain. Added 4 unit tests covering allow, block, per-IP isolation, and X-Forwarded-For preference. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>