Add rate limit for posts and comments

src/main/java/com/openisle/controller/GlobalExceptionHandler.java

@@ -5,6 +5,7 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import com.openisle.exception.FieldException;
 import com.openisle.exception.NotFoundException;
+import com.openisle.exception.RateLimitException;
 
 import java.util.Map;
 
@@ -22,6 +23,11 @@ public class GlobalExceptionHandler {
         return ResponseEntity.status(404).body(Map.of("error", ex.getMessage()));
     }
 
+    @ExceptionHandler(RateLimitException.class)
+    public ResponseEntity<?> handleRateLimitException(RateLimitException ex) {
+        return ResponseEntity.status(429).body(Map.of("error", ex.getMessage()));
+    }
+
     @ExceptionHandler(Exception.class)
     public ResponseEntity<?> handleException(Exception ex) {
         return ResponseEntity.badRequest().body(Map.of("error", ex.getMessage()));

src/main/java/com/openisle/exception/RateLimitException.java

@@ -0,0 +1,10 @@
+package com.openisle.exception;
+
+/**
+ * Exception thrown when a user exceeds allowed action rate.
+ */
+public class RateLimitException extends RuntimeException {
+    public RateLimitException(String message) {
+        super(message);
+    }
+}

src/main/java/com/openisle/service/CommentService.java

@@ -13,6 +13,7 @@ import com.openisle.repository.NotificationRepository;
 import com.openisle.service.NotificationService;
 import com.openisle.service.SubscriptionService;
 import com.openisle.model.Role;
+import com.openisle.exception.RateLimitException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
@@ -34,6 +35,11 @@ public class CommentService {
     private final ImageUploader imageUploader;
 
     public Comment addComment(String username, Long postId, String content) {
+        long recent = commentRepository.countByAuthorAfter(username,
+                java.time.LocalDateTime.now().minusMinutes(1));
+        if (recent >= 3) {
+            throw new RateLimitException("Too many comments");
+        }
         User author = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Post post = postRepository.findById(postId)
@@ -61,6 +67,11 @@ public class CommentService {
     }
 
     public Comment addReply(String username, Long parentId, String content) {
+        long recent = commentRepository.countByAuthorAfter(username,
+                java.time.LocalDateTime.now().minusMinutes(1));
+        if (recent >= 3) {
+            throw new RateLimitException("Too many comments");
+        }
         User author = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Comment parent = commentRepository.findById(parentId)

src/main/java/com/openisle/service/PostService.java

@@ -18,6 +18,7 @@ import com.openisle.repository.ReactionRepository;
 import com.openisle.repository.PostSubscriptionRepository;
 import com.openisle.repository.NotificationRepository;
 import com.openisle.model.Role;
+import com.openisle.exception.RateLimitException;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
@@ -87,6 +88,11 @@ public class PostService {
                            String title,
                            String content,
                            java.util.List<Long> tagIds) {
+        long recent = postRepository.countByAuthorAfter(username,
+                java.time.LocalDateTime.now().minusMinutes(5));
+        if (recent >= 1) {
+            throw new RateLimitException("Too many posts");
+        }
         if (tagIds == null || tagIds.isEmpty()) {
             throw new IllegalArgumentException("At least one tag required");
         }