From 905373093ce0dea8cdba6a922e47620f3a7147e6 Mon Sep 17 00:00:00 2001
From: Teriuihi <teriuihi@alttd.com>
Date: Fri, 18 Apr 2025 19:32:34 +0200
Subject: [PATCH] Update rate limiting headers and adjust time unit for limits

Added `Access-Control-Expose-Headers` to rate limit responses to expose retry-related headers for easier accessibility on the client side. Changed the rate limit time unit in `HistoryApiController` from seconds to minutes for more reasonable throttling.
---
 .../altitudeweb/controllers/history/HistoryApiController.java  | 3 ++-
 .../alttd/altitudeweb/controllers/limits/RateLimitAspect.java  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/com/alttd/altitudeweb/controllers/history/HistoryApiController.java b/backend/src/main/java/com/alttd/altitudeweb/controllers/history/HistoryApiController.java
index 38397c5..22b6362 100644
--- a/backend/src/main/java/com/alttd/altitudeweb/controllers/history/HistoryApiController.java
+++ b/backend/src/main/java/com/alttd/altitudeweb/controllers/history/HistoryApiController.java
@@ -15,10 +15,11 @@ import org.springframework.web.bind.annotation.RestController;
 import java.util.List;
 import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.TimeUnit;
 
 @Slf4j
 @RestController
-@RateLimit(limit = 30, timeValue = 1, timeUnit = java.util.concurrent.TimeUnit.SECONDS)
+@RateLimit(limit = 30, timeValue = 1, timeUnit = TimeUnit.MINUTES)
 public class HistoryApiController implements HistoryApi {
 
     @Override
diff --git a/backend/src/main/java/com/alttd/altitudeweb/controllers/limits/RateLimitAspect.java b/backend/src/main/java/com/alttd/altitudeweb/controllers/limits/RateLimitAspect.java
index c7de9f6..f4a4381 100644
--- a/backend/src/main/java/com/alttd/altitudeweb/controllers/limits/RateLimitAspect.java
+++ b/backend/src/main/java/com/alttd/altitudeweb/controllers/limits/RateLimitAspect.java
@@ -76,6 +76,7 @@ public class RateLimitAspect {
                     .header("X-Rate-Limit-Limit", String.valueOf(limit))
                     .header("X-Rate-Limit-Remaining", "0")
                     .header("Retry-After", String.valueOf(nextResetTime.getSeconds()))
+                    .header("Access-Control-Expose-Headers", "Retry-After, X-Rate-Limit-Limit, X-Rate-Limit-Remaining")
                     .body(String.format("Rate limit exceeded. Try again in %d seconds.", nextResetTime.getSeconds()));
         }
     }