默認是全部接口做限制,如果接口沒有@RequestLimit註解,則RequestLimitAspect會按照application-dev.yml中 request-limit.amount,request-limit.time中設置的值做限制; 也可通過@RequestLimit對單個接口做定製操作,RequestLimitAspect類會以@RequestLimit爲準。
yml文件
#請求限制參數
request-limit:
amount: 100
time: 30000
通過@ConfigurationProperties
讀取yml文件的配置
@ConfigurationProperties(prefix = "request-limit")
@Component
@Data
public class RequestLimitConfig {
/**
* 允許訪問的數量
*/
public int amount;
/**
* 時間段
*/
public long time;
}
自定義註解
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Order(Ordered.HIGHEST_PRECEDENCE)
public @interface RequestLimit {
/**
* 允許訪問的數量,默認200
*/
int amount() default 200;
/**
* 時間段,單位爲毫秒,默認一分鐘
*/
long time() default 60000;
}
切面類
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.concurrent.TimeUnit;
/**
* 請求限制切面實現
*
* @author songhaozhi
* @since 2020/2/2
*/
@Aspect
@Component
@Slf4j
public class RequestLimitAspect {
@Autowired
private RedisUtil redisUtil;
@Autowired
private RequestLimitConfig requestLimitConfig;
private final String POINT = "execution(* app.xxx.api.*.*..*.*(..))";
@Pointcut(POINT)
public void pointcut() {
}
/**
* 方法前執行
*/
@Around("pointcut()")
public Object around(ProceedingJoinPoint point) throws Throwable {
ServletRequestAttributes attribute = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attribute.getRequest();
//獲取IP
String ip = IpUtil.getIpAddress(request);
//獲取請求路徑
String url = request.getRequestURL().toString();
String key = RedisKey.REQUEST_LIMIT.concat(ip).concat(url);
Method currentMethod = AspectUtil.INSTANCE.getMethod(point);
//查看接口是否有RequestLimit註解,如果沒有則按yml的值全局驗證
if (currentMethod.isAnnotationPresent(RequestLimit.class)) {
//獲取註解
RequestLimit requestLimit = currentMethod.getAnnotation(RequestLimit.class);
boolean checkResult = checkWithRedis(requestLimit.amount(),requestLimit.time(), key);
if (checkResult) {
log.info("requestLimited," + "[用戶ip:{}],[訪問地址:{}]超過了限定的次數[{}]次", ip, url, requestLimit.amount());
return ApiResult.requestTooFast(null);
}
return point.proceed();
}
boolean checkResult = checkWithRedis(requestLimitConfig.getAmount(),requestLimitConfig.getTime(), key);
if (checkResult) {
log.info("requestLimited," + "[用戶ip:{}],[訪問地址:{}]超過了限定的次數[{}]次", ip, url, requestLimitConfig.getAmount());
return ApiResult.requestTooFast(null);
}
return point.proceed();
}
/**
* 以redis實現請求記錄
*
* @param amount 請求次數
* @param time 時間段
* @param key
* @return
*/
private boolean checkWithRedis(int amount, long time, String key) {
long count = redisUtil.incrBy(key, 1);
if (count == 1) {
redisUtil.expire(key, time, TimeUnit.MILLISECONDS);
}
if (count <= amount) {
return false;
}
return true;
}
}
其中RedisUtil是這個項目中的 https://github.com/whvcse/RedisUtil
獲取IP方法
/**
* 獲取用戶真實IP地址,不使用request.getRemoteAddr()的原因是有可能用戶使用了代理軟件方式避免真實IP地址,
* 可是,如果通過了多級反向代理的話,X-Forwarded-For的值並不止一個,而是一串IP值
*
* @return ip
*/
public static String getIpAddress(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip != null && ip.length() != 0 && !Constants.UNKNOWN.equalsIgnoreCase(ip)) {
// 多次反向代理後會有多個ip值,第一個ip纔是真實ip
if (ip.indexOf(StringPool.COMMA) != -1) {
ip = ip.split(StringPool.COMMA)[0];
}
}
if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Real-IP");
}
if (ip == null || ip.length() == 0 || Constants.UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
切面工具類
public enum AspectUtil {
/**
* 單例對象
*/
INSTANCE;
/**
* 獲取當前切面執行的方法的方法名
*
* @param point 當前切面執行的方法
*/
public Method getMethod(JoinPoint point) throws NoSuchMethodException {
Signature sig = point.getSignature();
MethodSignature msig = (MethodSignature) sig;
Object target = point.getTarget();
return target.getClass()
.getMethod( msig.getName(), msig.getParameterTypes() );
}
}