通過AOP+自定義註解+Redis實現的限制ip訪問接口次數

默認是全部接口做限制，如果接口沒有@RequestLimit註解，則RequestLimitAspect會按照application-dev.yml中 request-limit.amount，request-limit.time中設置的值做限制; 也可通過@RequestLimit對單個接口做定製操作，RequestLimitAspect類會以@RequestLimit爲準。

yml文件

  #請求限制參數
 request-limit:
    amount: 100
    time: 30000

通過@ConfigurationProperties讀取yml文件的配置

@ConfigurationProperties(prefix = "request-limit")
@Component
@Data
public class RequestLimitConfig {
    /**
     * 允許訪問的數量
     */
    public int amount;
    /**
     * 時間段
     */
    public long time;
}

自定義註解

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Order(Ordered.HIGHEST_PRECEDENCE)
public @interface RequestLimit {

    /**
     * 允許訪問的數量，默認200
     */
    int amount() default 200;

    /**
     * 時間段，單位爲毫秒，默認一分鐘
     */
    long time() default 60000;
}

切面類

import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.concurrent.TimeUnit;

/**
 * 請求限制切面實現
 *
 * @author songhaozhi
 * @since 2020/2/2
 */
@Aspect
@Component
@Slf4j
public class RequestLimitAspect {

    @Autowired
    private RedisUtil redisUtil;

    @Autowired
    private RequestLimitConfig requestLimitConfig;

    private final String POINT = "execution(* app.xxx.api.*.*..*.*(..))";

    @Pointcut(POINT)
    public void pointcut() {

    }

    /**
     * 方法前執行
     */
    @Around("pointcut()")
    public Object around(ProceedingJoinPoint point) throws Throwable {
        ServletRequestAttributes attribute = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attribute.getRequest();
        //獲取IP
        String ip = IpUtil.getIpAddress(request);
        //獲取請求路徑
        String url = request.getRequestURL().toString();
        String key = RedisKey.REQUEST_LIMIT.concat(ip).concat(url);
        Method currentMethod = AspectUtil.INSTANCE.getMethod(point);
        //查看接口是否有RequestLimit註解，如果沒有則按yml的值全局驗證
        if (currentMethod.isAnnotationPresent(RequestLimit.class)) {
            //獲取註解
            RequestLimit requestLimit = currentMethod.getAnnotation(RequestLimit.class);
            boolean checkResult = checkWithRedis(requestLimit.amount(),requestLimit.time(), key);
            if (checkResult) {
                log.info("requestLimited," + "[用戶ip:{}],[訪問地址:{}]超過了限定的次數[{}]次", ip, url, requestLimit.amount());
                return ApiResult.requestTooFast(null);
            }
            return point.proceed();
        }
        boolean checkResult = checkWithRedis(requestLimitConfig.getAmount(),requestLimitConfig.getTime(), key);
        if (checkResult) {
            log.info("requestLimited," + "[用戶ip:{}],[訪問地址:{}]超過了限定的次數[{}]次", ip, url, requestLimitConfig.getAmount());
            return ApiResult.requestTooFast(null);
        }
        return point.proceed();
    }

    /**
     * 以redis實現請求記錄
     *
     * @param amount 請求次數
     * @param time   時間段
     * @param key
     * @return
     */
    private boolean checkWithRedis(int amount, long time, String key) {
        long count = redisUtil.incrBy(key, 1);
        if (count == 1) {
            redisUtil.expire(key, time, TimeUnit.MILLISECONDS);
        }
        if (count <= amount) {
            return false;
        }
        return true;
    }
}

其中RedisUtil是這個項目中的 https://github.com/whvcse/RedisUtil
獲取IP方法

/**
     * 獲取用戶真實IP地址，不使用request.getRemoteAddr()的原因是有可能用戶使用了代理軟件方式避免真實IP地址,
     * 可是，如果通過了多級反向代理的話，X-Forwarded-For的值並不止一個，而是一串IP值
     *
     * @return ip
     */
    public static String getIpAddress(HttpServletRequest request) {
        String ip = request.getHeader("x-forwarded-for");
        if (ip != null && ip.length() != 0 && !Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            // 多次反向代理後會有多個ip值，第一個ip纔是真實ip
            if (ip.indexOf(StringPool.COMMA) != -1) {
                ip = ip.split(StringPool.COMMA)[0];
            }
        }
        if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_CLIENT_IP");
        }
        if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            ip = request.getHeader("X-Real-IP");
        }
        if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
        }
        return ip;
    }

切面工具類

public enum AspectUtil {
    /**
     * 單例對象
     */
    INSTANCE;

    /**
     * 獲取當前切面執行的方法的方法名
     *
     * @param point 當前切面執行的方法
     */
    public Method getMethod(JoinPoint point) throws NoSuchMethodException {
        Signature sig = point.getSignature();
        MethodSignature msig = (MethodSignature) sig;
        Object target = point.getTarget();
        return target.getClass()
                .getMethod( msig.getName(), msig.getParameterTypes() );
    }

}