Yii2.0 RESTFul API 之速率限制
什么是速率限制?
权威指南翻译过来为限流,为防止滥用,你应该考虑对您的 API 限流。 例如,您可以限制每个用户 10 分钟内最多调用 API 100 次。 如果在规定的时间内接收了一个用户大量的请求,将返回响应状态代码 429 (这意味着过多的请求)。
说明:要启用速率限制,首先需要实现认证类
启用速率限制
翻阅权威指南,我们可以看到要启用速率限制首先 认证类 需要继承 yiifiltersRateLimitInterface
生成两个关键字段
php yii migrate/create add_allowance_and_allowance_updated_at_to_user
修改 刚才的迁移文件
/** * {@inheritdoc} */ public function safeUp() { $this->addColumn('user', 'allowance', $this->integer()); $this->addColumn('user', 'allowance_updated_at', $this->integer()); } /** * {@inheritdoc} */ public function safeDown() { $this->dropColumn('user', 'allowance'); $this->dropColumn('user', 'allowance_updated_at'); }
执行迁移
php yii migrate
编写认证类,并继承 RateLimitInterface
namespace apimodels; use Yii; use yiiaseNotSupportedException; use yiiehaviorsTimestampBehavior; use yiidbActiveRecord; use yiifiltersRateLimitInterface; use yiiwebIdentityInterface; class User extends ActiveRecord implements IdentityInterface,RateLimitInterface { . . . }
实现 RateLimitInterface
所需要的方法
public function getRateLimit($request, $action) { return [1, 1]; // $rateLimit requests per second } public function loadAllowance($request, $action) { return [$this->allowance, $this->allowance_updated_at]; } public function saveAllowance($request, $action, $allowance, $timestamp) { $this->allowance = $allowance; $this->allowance_updated_at = $timestamp; $this->save(); }
控制器中实现调用
use yiifiltersauthCompositeAuth; use yiifiltersauthHttpBearerAuth; use yiifiltersauthQueryParamAuth; use yiifiltersRateLimiter; public function behaviors() { $behaviors = parent::behaviors(); $behaviors['rateLimiter'] = [ 'class' => RateLimiter::className(), 'enableRateLimitHeaders' => true, ]; $behaviors['authenticator'] = [ 'class' => CompositeAuth::className(), 'authMethods' => [ //Http::className(), HttpBearerAuth::className(), QueryParamAuth::className(), ], ]; //$behaviors['rateLimiter']['enableRateLimitHeaders'] = true; return $behaviors; }