feat(ai-chat): Bucket4j 기반 AI 채팅 rate limit 인터셉터 추가

- AiChatRateLimiter: 사용자별(인증 활성화 시) 또는 IP 별 분당 / 일일 호출 한도 관리.
  Caffeine in-memory 캐시로 Bucket 보관 (단일 인스턴스 가정).
- AiChatRateLimitInterceptor: /api/v1/ai-chat/** 에 적용. 한도 초과 시
  HTTP 429 + 한국어 안내 JSON 으로 즉시 차단. preHandle 단계에서 처리되어
  LLM 호출 비용이 발생하지 않음. 로그에는 keyHash 만 기록 (PII 미노출).
- AiChatRateLimitWebMvcConfig: WebMvcConfigurer 로 인터셉터 등록.

대응: OWASP LLM10 (Unbounded Consumption / Denial-of-Wallet).

향후 분산 환경 전환 시 bucket4j-redis backend 로 교체 예정.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: psychology50

src/main/java/com/readum/infrastructure/ai/openai/ratelimit/AiChatRateLimitInterceptor.java

@@ -0,0 +1,71 @@
+package com.readum.infrastructure.ai.openai.ratelimit;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+/**
+ * AI 채팅 rate limit interceptor.
+ * /api/v1/ai-chat/** 엔드포인트에만 적용되며, 한도 초과 시 HTTP 429 응답을 반환한다.
+ *
+ * key 우선순위:
+ *   1) Spring Security 의 인증 principal (Long userId 형태) — 인증 활성화 시
+ *   2) X-Forwarded-For 헤더 첫 번째 IP (프록시 환경)
+ *   3) ServletRequest.getRemoteAddr()
+ */
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class AiChatRateLimitInterceptor implements HandlerInterceptor {
+
+    private static final String ERROR_BODY = """
+        {
+            "error": {
+                "message": "AI 채팅 호출 한도를 초과했습니다. 잠시 후 다시 시도해 주세요."
+            }
+        }
+        """;
+
+    private final AiChatRateLimiter rateLimiter;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        if (!rateLimiter.isEnabled()) {
+            return true;
+        }
+        String key = resolveKey(request);
+        if (rateLimiter.tryConsume(key)) {
+            return true;
+        }
+
+        log.info("[Guardrail] rate limit exceeded: keyHash={}", Integer.toHexString(key.hashCode()));
+        response.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.setCharacterEncoding("UTF-8");
+        response.getWriter().write(ERROR_BODY);
+        response.getWriter().flush();
+        return false;
+    }
+
+    private String resolveKey(HttpServletRequest request) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication != null && authentication.isAuthenticated()
+                && authentication.getPrincipal() != null
+                && !"anonymousUser".equals(authentication.getPrincipal())) {
+            return "user:" + authentication.getPrincipal();
+        }
+        String forwarded = request.getHeader("X-Forwarded-For");
+        if (forwarded != null && !forwarded.isBlank()) {
+            return "ip:" + forwarded.split(",", 2)[0].trim();
+        }
+        String remote = request.getRemoteAddr();
+        return "ip:" + (remote == null ? "unknown" : remote);
+    }
+}

src/main/java/com/readum/infrastructure/ai/openai/ratelimit/AiChatRateLimitWebMvcConfig.java

@@ -0,0 +1,19 @@
+package com.readum.infrastructure.ai.openai.ratelimit;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@RequiredArgsConstructor
+public class AiChatRateLimitWebMvcConfig implements WebMvcConfigurer {
+
+    private final AiChatRateLimitInterceptor aiChatRateLimitInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(aiChatRateLimitInterceptor)
+                .addPathPatterns("/api/v1/ai-chat/**");
+    }
+}

src/main/java/com/readum/infrastructure/ai/openai/ratelimit/AiChatRateLimiter.java

@@ -0,0 +1,59 @@
+package com.readum.infrastructure.ai.openai.ratelimit;
+
+import com.github.benmanes.caffeine.cache.Cache;
+import com.github.benmanes.caffeine.cache.Caffeine;
+import com.readum.infrastructure.ai.openai.GuardrailProperties;
+import io.github.bucket4j.Bandwidth;
+import io.github.bucket4j.Bucket;
+import org.springframework.stereotype.Component;
+
+import java.time.Duration;
+
+/**
+ * 사용자별 (또는 IP 별) AI 채팅 호출 rate limit 관리.
+ *
+ * 분당 요청 수 제한과 일일 요청 수 제한을 동시에 적용한다.
+ * 단일 인스턴스 운영을 가정하며, in-memory(Caffeine) 캐시로 buckets 를 관리한다.
+ * 향후 분산 환경 전환 시 bucket4j-redis 로 교체 예정.
+ */
+@Component
+public class AiChatRateLimiter {
+
+    private final GuardrailProperties properties;
+    private final Cache<String, Bucket> buckets;
+
+    public AiChatRateLimiter(GuardrailProperties properties) {
+        this.properties = properties;
+        this.buckets = Caffeine.newBuilder()
+                .expireAfterAccess(Duration.ofHours(2))
+                .maximumSize(10_000)
+                .build();
+    }
+
+    public boolean isEnabled() {
+        return properties.rateLimit().enabled();
+    }
+
+    public boolean tryConsume(String key) {
+        if (!isEnabled()) {
+            return true;
+        }
+        Bucket bucket = buckets.get(key, k -> newBucket());
+        return bucket.tryConsume(1);
+    }
+
+    private Bucket newBucket() {
+        Bandwidth perMinute = Bandwidth.builder()
+                .capacity(properties.rateLimit().requestsPerMinute())
+                .refillIntervally(properties.rateLimit().requestsPerMinute(), Duration.ofMinutes(1))
+                .build();
+        Bandwidth perDay = Bandwidth.builder()
+                .capacity(properties.rateLimit().dailyRequests())
+                .refillIntervally(properties.rateLimit().dailyRequests(), Duration.ofDays(1))
+                .build();
+        return Bucket.builder()
+                .addLimit(perMinute)
+                .addLimit(perDay)
+                .build();
+    }
+}

src/test/java/com/readum/infrastructure/ai/openai/ratelimit/AiChatRateLimitInterceptorTest.java

@@ -0,0 +1,95 @@
+package com.readum.infrastructure.ai.openai.ratelimit;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+
+@Tag("guardrail")
+class AiChatRateLimitInterceptorTest {
+
+    @AfterEach
+    void clearContext() {
+        SecurityContextHolder.clearContext();
+    }
+
+    @Test
+    void 한도_내_요청은_통과한다() throws Exception {
+        AiChatRateLimiter limiter = mock(AiChatRateLimiter.class);
+        given(limiter.isEnabled()).willReturn(true);
+        given(limiter.tryConsume(any())).willReturn(true);
+        AiChatRateLimitInterceptor interceptor = new AiChatRateLimitInterceptor(limiter);
+
+        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/api/v1/ai-chat/stream");
+        request.setRemoteAddr("203.0.113.10");
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        boolean proceeded = interceptor.preHandle(request, response, new Object());
+
+        assertThat(proceeded).isTrue();
+        assertThat(response.getStatus()).isEqualTo(200);
+    }
+
+    @Test
+    void 한도_초과시_429_응답을_반환하고_체인을_중단한다() throws Exception {
+        AiChatRateLimiter limiter = mock(AiChatRateLimiter.class);
+        given(limiter.isEnabled()).willReturn(true);
+        given(limiter.tryConsume(any())).willReturn(false);
+        AiChatRateLimitInterceptor interceptor = new AiChatRateLimitInterceptor(limiter);
+
+        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/api/v1/ai-chat/stream");
+        request.setRemoteAddr("203.0.113.10");
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        boolean proceeded = interceptor.preHandle(request, response, new Object());
+
+        assertThat(proceeded).isFalse();
+        assertThat(response.getStatus()).isEqualTo(429);
+        assertThat(response.getContentAsString()).contains("AI 채팅 호출 한도를 초과했습니다");
+    }
+
+    @Test
+    void enabled_가_false_면_무조건_통과한다() throws Exception {
+        AiChatRateLimiter limiter = mock(AiChatRateLimiter.class);
+        given(limiter.isEnabled()).willReturn(false);
+        AiChatRateLimitInterceptor interceptor = new AiChatRateLimitInterceptor(limiter);
+
+        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/api/v1/ai-chat/stream");
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        boolean proceeded = interceptor.preHandle(request, response, new Object());
+
+        assertThat(proceeded).isTrue();
+    }
+
+    @Test
+    void 인증_principal_이_있으면_user_key_를_사용한다() throws Exception {
+        AiChatRateLimiter limiter = mock(AiChatRateLimiter.class);
+        given(limiter.isEnabled()).willReturn(true);
+        given(limiter.tryConsume("user:42")).willReturn(true);
+        AiChatRateLimitInterceptor interceptor = new AiChatRateLimitInterceptor(limiter);
+
+        SecurityContextHolder.getContext().setAuthentication(
+                new UsernamePasswordAuthenticationToken(42L, null, List.of())
+        );
+
+        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/api/v1/ai-chat/stream");
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        boolean proceeded = interceptor.preHandle(request, response, new Object());
+
+        assertThat(proceeded).isTrue();
+    }
+}

src/test/java/com/readum/infrastructure/ai/openai/ratelimit/AiChatRateLimiterTest.java

@@ -0,0 +1,73 @@
+package com.readum.infrastructure.ai.openai.ratelimit;
+
+import com.readum.infrastructure.ai.openai.GuardrailProperties;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@Tag("guardrail")
+class AiChatRateLimiterTest {
+
+    @Test
+    void 분당_요청_한도를_초과하면_더_이상_허용되지_않는다() {
+        GuardrailProperties props = new GuardrailProperties(
+                GuardrailProperties.Input.defaults(),
+                GuardrailProperties.Output.defaults(),
+                GuardrailProperties.Moderation.defaults(),
+                new GuardrailProperties.RateLimit(true, 3, 100)
+        );
+        AiChatRateLimiter limiter = new AiChatRateLimiter(props);
+
+        for (int i = 0; i < 3; i++) {
+            assertThat(limiter.tryConsume("user:1")).as("호출 %d", i + 1).isTrue();
+        }
+        assertThat(limiter.tryConsume("user:1")).as("4번째 호출은 한도 초과").isFalse();
+    }
+
+    @Test
+    void 일일_한도가_분당_한도보다_먼저_소진되면_차단된다() {
+        GuardrailProperties props = new GuardrailProperties(
+                GuardrailProperties.Input.defaults(),
+                GuardrailProperties.Output.defaults(),
+                GuardrailProperties.Moderation.defaults(),
+                new GuardrailProperties.RateLimit(true, 100, 2)
+        );
+        AiChatRateLimiter limiter = new AiChatRateLimiter(props);
+
+        assertThat(limiter.tryConsume("user:1")).isTrue();
+        assertThat(limiter.tryConsume("user:1")).isTrue();
+        assertThat(limiter.tryConsume("user:1")).as("일일 한도 2 를 초과").isFalse();
+    }
+
+    @Test
+    void 서로_다른_key_는_각자_독립적인_bucket_을_가진다() {
+        GuardrailProperties props = new GuardrailProperties(
+                GuardrailProperties.Input.defaults(),
+                GuardrailProperties.Output.defaults(),
+                GuardrailProperties.Moderation.defaults(),
+                new GuardrailProperties.RateLimit(true, 1, 100)
+        );
+        AiChatRateLimiter limiter = new AiChatRateLimiter(props);
+
+        assertThat(limiter.tryConsume("user:A")).isTrue();
+        assertThat(limiter.tryConsume("user:A")).isFalse();
+        assertThat(limiter.tryConsume("user:B")).isTrue();
+    }
+
+    @Test
+    void enabled_가_false_면_언제나_허용한다() {
+        GuardrailProperties props = new GuardrailProperties(
+                GuardrailProperties.Input.defaults(),
+                GuardrailProperties.Output.defaults(),
+                GuardrailProperties.Moderation.defaults(),
+                new GuardrailProperties.RateLimit(false, 1, 1)
+        );
+        AiChatRateLimiter limiter = new AiChatRateLimiter(props);
+
+        for (int i = 0; i < 50; i++) {
+            assertThat(limiter.tryConsume("user:X")).isTrue();
+        }
+        assertThat(limiter.isEnabled()).isFalse();
+    }
+}