Springboot搭配redis使用定义注解和拦截器实现接口限流防刷

x33g5p2x  于2021-11-19 转载在 Spring  
字(3.7k)|赞(0)|评价(0)|浏览(309)

Springboot搭配redis使用定义注解和拦截器实现接口限流防刷

一、接口限流防刷介绍

接口限流防刷:

限制同一个用户在限定时间内,只能访问固定次数。

思路:每次点击之后,在缓存中生成一个计数器,第一次将这个计数器置1后存入缓存,并给其设定有效期。

每次点击后,取出这个值,计数器加一,如果超过限定次数,就抛出业务异常。

二、核心代码

1.自定义注解

/** * 在需要保证 接口防刷限流 的Controller的方法上使用此注解 */
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface AccessLimit {

    int maxCount();// 最大访问次数

    int seconds();// 固定时间, 单位: s

}

2.拦截器

package com.hl.springbootidempotence.interceptor;

import com.hl.springbootidempotence.annotation.AccessLimit;
import com.hl.springbootidempotence.common.ResponseCode;
import com.hl.springbootidempotence.exception.ServiceException;
import com.hl.springbootidempotence.utils.IpUtil;
import com.hl.springbootidempotence.utils.JedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;

/** * 接口防刷限流拦截器 */
@Component
public class AccessLimitInterceptor implements HandlerInterceptor {

    private static final String ACCESS_LIMIT_PREFIX = "accessLimit:";

    @Autowired
    private JedisUtil jedisUtil;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        if (!(handler instanceof HandlerMethod)) {//如果是HandlerMethod 类,强转,拿到注解
            return true;
        }

        HandlerMethod handlerMethod = (HandlerMethod) handler;
        Method method = handlerMethod.getMethod();

        AccessLimit annotation = method.getAnnotation(AccessLimit.class);
        if (annotation != null) {
            check(annotation, request);
        }

        return true;
    }

    private void check(AccessLimit annotation, HttpServletRequest request) {
        获取方法上注解的参数
        int maxCount = annotation.maxCount();
        int seconds = annotation.seconds();

        StringBuilder sb = new StringBuilder();
        sb.append(ACCESS_LIMIT_PREFIX).append(IpUtil.getIpAddress(request)).append(request.getRequestURI());
        String key = sb.toString();

        Boolean exists = jedisUtil.exists(key);
        if (!exists) {//如果没有,说明没访问过,置1
            jedisUtil.set(key, String.valueOf(1), seconds);
        } else {
            int count = Integer.parseInt(jedisUtil.get(key));
            if (count < maxCount) {//设置 如果小于我们的防刷次数
                Long ttl = jedisUtil.ttl(key);
                if (ttl <= 0) {
                    jedisUtil.set(key, String.valueOf(1), seconds);
                } else {//小于5 就+1
                    jedisUtil.set(key, String.valueOf(++count), ttl.intValue());
                }
            } else {//说明大于最大次数
                throw new ServiceException(ResponseCode.ACCESS_LIMIT.getMsg());
            }
        }
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
    }
}

3.配置拦截器

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    /** * 跨域 * @return */
    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

	//关键,将拦截器作为bean写入配置中
    @Bean
    public AccessLimitInterceptor accessLimitInterceptor() {
        return new AccessLimitInterceptor();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 接口防刷限流拦截器
 		 registry.addInterceptor(accessLimitInterceptor()).addPathPatterns("/**");
    }
}

4.测试

源码地址:https://gitee.com/huanglei1111/springboot-demo/tree/master

相关文章