接了一个需求,公司有要调用一个其他平台的收费接口,调用一次,收取一次费用;需要封装一下,防止被恶意盗刷;自己思考了一下,,记录每个用户的访问次数,调用一次,累计数量+1,当达到设置上限 是,直接返回提示信息;;
初步构思,从2个维度限制;1、限制每个用户每小时内的最大访问次数,,2限制每个用户每天的最大访问次数;;结合redis的 incrby 和TTL实现,,redis自增方法保证并发情况下 +1 操作线程安全; redis的 key 为 接口名+用户唯一标识+固定字符串(日期),value为访问次数,,并设置过期时间为 1小时,,一天; 代码如下:
pom.xml 引入redis 依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
<version>2.3.4.RELEASE</version>
</dependency>
application.properties redis配置(测试使用单节点)
# Redis数据库索引(默认为0) spring.redis.database=0 # Redis服务器地址 spring.redis.host=127.0.0.1 # Redis服务器连接端口 spring.redis.port=6379 # Redis服务器连接密码(默认为空) spring.redis.password= # 连接池最大连接数(使用负值表示没有限制) spring.redis.pool.max-active=200 # 连接池最大阻塞等待时间(使用负值表示没有限制) spring.redis.pool.max-wait=-1 # 连接池中的最大空闲连接 spring.redis.pool.max-idle=10 # 连接池中的最小空闲连接 spring.redis.pool.min-idle=0 # 连接超时时间(毫秒) spring.redis.timeout=1000 #哨兵模式redis集群配置,就是为了通过redis找主节点,做到无感切换 #spring.redis.password=123456 #spring.redis.sentinel.master=mymaster #spring.redis.sentinel.nodes=192.168.184.133:26379,192.168.184.135:26379,192.168.184.136:26379 ##连接超时时间 #spring.redis.timeout=6000ms ##Redis数据库索引(默认为0) #spring.redis.database=0 ## 连接池配置,springboot2.0中直接使用jedis或者lettuce配置连接池,默认为lettuce连接池 ##连接池最大连接数(使用负值表示没有限制) #spring.redis.jedis.pool.max-active=8 ##连接池最大阻塞等待时间(使用负值表示没有限制) #spring.redis.jedis.pool.max-wait=-1s ##连接池中的最大空闲连接 #spring.redis.jedis.pool.max-idle=8 ##接池中的最小空闲连接 #spring.redis.jedis.pool.min-idle=0 ############################# #连接超时时间 #spring.redis.cluster.nodes=192.168.184.133:7000,192.168.184.133:7001,192.168.184.133:7002,192.168.184.133:7003,192.168.184.133:7004,192.168.184.133:7005 #spring.redis.password=123456 #spring.redis.timeout=6000ms #Redis数据库索引(默认为0) #spring.redis.database=0 # 连接池配置,springboot2.0中直接使用jedis或者lettuce配置连接池,默认为lettuce连接池 #连接池最大连接数(使用负值表示没有限制) #spring.redis.jedis.pool.max-active=8 #连接池最大阻塞等待时间(使用负值表示没有限制) #spring.redis.jedis.pool.max-wait=-1s #连接池中的最大空闲连接 #spring.redis.jedis.pool.max-idle=8 #接池中的最小空闲连接 #spring.redis.jedis.pool.min-idle=0
redis配置类
package com.wanglin.study.design.pattern.work.config; import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.PropertyAccessor; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer; import org.springframework.data.redis.serializer.StringRedisSerializer; /** * @ClassName RedisConfig * @Description * @Author WANGQW * @Date 2021/3/3 9:59 **/ @Configuration public class RedisConfig { @Bean @SuppressWarnings("all") public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) { RedisTemplate<String, Object> template = new RedisTemplate<String, Object>(); template.setConnectionFactory(factory); Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class); ObjectMapper om = new ObjectMapper(); om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY); om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL); jackson2JsonRedisSerializer.setObjectMapper(om); StringRedisSerializer stringRedisSerializer = new StringRedisSerializer(); // key采用String的序列化方式 template.setKeySerializer(stringRedisSerializer); // hash的key也采用String的序列化方式 template.setHashKeySerializer(stringRedisSerializer); // value序列化方式采用jackson template.setValueSerializer(jackson2JsonRedisSerializer); // hash的value序列化方式采用jackson template.setHashValueSerializer(jackson2JsonRedisSerializer); template.afterPropertiesSet(); return template; } }
redis工具类
package com.wanglin.study.design.pattern.work.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; import java.util.Collection; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.TimeUnit; /** * @ClassName RedisUtil * @Description * @Author WANGQW * @Date 2021/3/3 10:01 **/ @Component public class RedisUtil { @Autowired private RedisTemplate<String, Object> redisTemplate; /** * 指定缓存失效时间 * @param key 键 * @param time 时间(秒) * @return */ public boolean expire(String key, long time) { try { if (time > 0) { redisTemplate.expire(key, time, TimeUnit.SECONDS); } return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 根据key 获取过期时间 * @param key 键 不能为null * @return 时间(秒) 返回0代表为永久有效 */ public long getExpire(String key) { return redisTemplate.getExpire(key, TimeUnit.SECONDS); } /** * 判断key是否存在 * @param key 键 * @return true 存在 false不存在 */ public boolean hasKey(String key) { try { return redisTemplate.hasKey(key); } catch (Exception e) { e.printStackTrace(); return false; } } /** * 删除缓存 * @param key 可以传一个值 或多个 */ @SuppressWarnings("unchecked") public void del(String... key) { if (key != null && key.length > 0) { if (key.length == 1) { redisTemplate.delete(key[0]); } else { redisTemplate.delete((Collection<String>) CollectionUtils.arrayToList(key)); } } } // ============================String============================= /** * 普通缓存获取 * @param key 键 * @return 值 */ public Object get(String key) { return key == null ? null : redisTemplate.opsForValue().get(key); } /** * 普通缓存放入 * @param key 键 * @param value 值 * @return true成功 false失败 */ public boolean set(String key, Object value) { try { redisTemplate.opsForValue().set(key, value); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 普通缓存放入并设置时间 * @param key 键 * @param value 值 * @param time 时间(秒) time要大于0 如果time小于等于0 将设置无限期 * @return true成功 false 失败 */ public boolean set(String key, Object value, long time) { try { if (time > 0) { redisTemplate.opsForValue().set(key, value, time, TimeUnit.SECONDS); } else { set(key, value); } return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 递增 如果不存在key,自动创建一个key; * @param key 键 * @param delta 要增加几(大于0) * @return */ public long incr(String key, long delta) { if (delta < 0) { throw new RuntimeException("递增因子必须大于0"); } return redisTemplate.opsForValue().increment(key, delta); } /** * 递减 * @param key 键 * @param delta 要减少几(小于0) * @return */ public long decr(String key, long delta) { if (delta < 0) { throw new RuntimeException("递减因子必须大于0"); } return redisTemplate.opsForValue().increment(key, -delta); } // ================================Map================================= /** * HashGet * @param key 键 不能为null * @param item 项 不能为null * @return 值 */ public Object hget(String key, String item) { return redisTemplate.opsForHash().get(key, item); } /** * 获取hashKey对应的所有键值 * @param key 键 * @return 对应的多个键值 */ public Map<Object, Object> hmget(String key) { return redisTemplate.opsForHash().entries(key); } /** * HashSet * @param key 键 * @param map 对应多个键值 * @return true 成功 false 失败 */ public boolean hmset(String key, Map<String, Object> map) { try { redisTemplate.opsForHash().putAll(key, map); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * HashSet 并设置时间 * @param key 键 * @param map 对应多个键值 * @param time 时间(秒) * @return true成功 false失败 */ public boolean hmset(String key, Map<String, Object> map, long time) { try { redisTemplate.opsForHash().putAll(key, map); if (time > 0) { expire(key, time); } return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 向一张hash表中放入数据,如果不存在将创建 * @param key 键 * @param item 项 * @param value 值 * @return true 成功 false失败 */ public boolean hset(String key, String item, Object value) { try { redisTemplate.opsForHash().put(key, item, value); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 向一张hash表中放入数据,如果不存在将创建 * @param key 键 * @param item 项 * @param value 值 * @param time 时间(秒) 注意:如果已存在的hash表有时间,这里将会替换原有的时间 * @return true 成功 false失败 */ public boolean hset(String key, String item, Object value, long time) { try { redisTemplate.opsForHash().put(key, item, value); if (time > 0) { expire(key, time); } return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 删除hash表中的值 * @param key 键 不能为null * @param item 项 可以使多个 不能为null */ public void hdel(String key, Object... item) { redisTemplate.opsForHash().delete(key, item); } /** * 判断hash表中是否有该项的值 * @param key 键 不能为null * @param item 项 不能为null * @return true 存在 false不存在 */ public boolean hHasKey(String key, String item) { return redisTemplate.opsForHash().hasKey(key, item); } /** * hash递增 如果不存在,就会创建一个 并把新增后的值返回 * @param key 键 * @param item 项 * @param by 要增加几(大于0) * @return */ public double hincr(String key, String item, double by) { return redisTemplate.opsForHash().increment(key, item, by); } /** * hash递减 * @param key 键 * @param item 项 * @param by 要减少记(小于0) * @return */ public double hdecr(String key, String item, double by) { return redisTemplate.opsForHash().increment(key, item, -by); } // ============================set============================= /** * 根据key获取Set中的所有值 * @param key 键 * @return */ public Set<Object> sGet(String key) { try { return redisTemplate.opsForSet().members(key); } catch (Exception e) { e.printStackTrace(); return null; } } /** * 根据value从一个set中查询,是否存在 * @param key 键 * @param value 值 * @return true 存在 false不存在 */ public boolean sHasKey(String key, Object value) { try { return redisTemplate.opsForSet().isMember(key, value); } catch (Exception e) { e.printStackTrace(); return false; } } /** * 将数据放入set缓存 * @param key 键 * @param values 值 可以是多个 * @return 成功个数 */ public long sSet(String key, Object... values) { try { return redisTemplate.opsForSet().add(key, values); } catch (Exception e) { e.printStackTrace(); return 0; } } /** 336 * 将set数据放入缓存 337 * @param key 键 338 * @param time 时间(秒) 339 * @param values 值 可以是多个 340 * @return 成功个数 341 */ public long sSetAndTime(String key, long time, Object... values) { try { Long count = redisTemplate.opsForSet().add(key, values); if (time > 0) expire(key, time); return count; } catch (Exception e) { e.printStackTrace(); return 0; } } /** * 获取set缓存的长度 * @param key 键 * @return */ public long sGetSetSize(String key) { try { return redisTemplate.opsForSet().size(key); } catch (Exception e) { e.printStackTrace(); return 0; } } /** * 移除值为value的 * @param key 键 * @param values 值 可以是多个 * @return 移除的个数 */ public long setRemove(String key, Object... values) { try { Long count = redisTemplate.opsForSet().remove(key, values); return count; } catch (Exception e) { e.printStackTrace(); return 0; } } // ===============================list================================= /** * 获取list缓存的内容 * @param key 键 * @param start 开始 * @param end 结束 0 到 -1代表所有值 * @return */ public List<Object> lGet(String key, long start, long end) { try { return redisTemplate.opsForList().range(key, start, end); } catch (Exception e) { e.printStackTrace(); return null; } } /** * 获取list缓存的长度 * @param key 键 * @return */ public long lGetListSize(String key) { try { return redisTemplate.opsForList().size(key); } catch (Exception e) { e.printStackTrace(); return 0; } } /** * 通过索引 获取list中的值 * @param key 键 * @param index 索引 index>=0时, 0 表头,1 第二个元素,依次类推;index<0时,-1,表尾,-2倒数第二个元素,依次类推 * @return */ public Object lGetIndex(String key, long index) { try { return redisTemplate.opsForList().index(key, index); } catch (Exception e) { e.printStackTrace(); return null; } } /** * 将list放入缓存 * @param key 键 * @param value 值 * @param time 时间(秒) * @return */ public boolean lSet(String key, Object value) { try { redisTemplate.opsForList().rightPush(key, value); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 将list放入缓存 * @param key 键 * @param value 值 * @param time 时间(秒) * @return */ public boolean lSet(String key, Object value, long time) { try { redisTemplate.opsForList().rightPush(key, value); if (time > 0) expire(key, time); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 将list放入缓存 * @param key 键 * @param value 值 * @param time 时间(秒) * @return */ public boolean lSet(String key, List<Object> value) { try { redisTemplate.opsForList().rightPushAll(key, value); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 将list放入缓存 * @param key 键 * @param value 值 * @param time 时间(秒) * @return */ public boolean lSet(String key, List<Object> value, long time) { try { redisTemplate.opsForList().rightPushAll(key, value); if (time > 0) expire(key, time); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 根据索引修改list中的某条数据 * @param key 键 * @param index 索引 * @param value 值 * @return */ public boolean lUpdateIndex(String key, long index, Object value) { try { redisTemplate.opsForList().set(key, index, value); return true; } catch (Exception e) { e.printStackTrace(); return false; } } /** * 移除N个值为value * @param key 键 * @param count 移除多少个 * @param value 值 * @return 移除的个数 */ public long lRemove(String key, long count, Object value) { try { Long remove = redisTemplate.opsForList().remove(key, count, value); return remove; } catch (Exception e) { e.printStackTrace(); return 0; } } }
使用spring aop 结合自定义注解完成 访问次数累加;
自定义注解:
@Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) @Documented public @interface IAccessRestrictionsForHour { }
切面:
package com.wanglin.study.design.pattern.work.aspect; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.TypeReference; import com.ruijie.framework.common.RemoteResult; import com.wanglin.study.design.pattern.work.annotion.IAccessRestrictionsForHour; import com.wanglin.study.design.pattern.work.domain.Constants; import com.wanglin.study.design.pattern.work.domain.User; import com.wanglin.study.design.pattern.work.utils.RedisUtil; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.Signature; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import org.aspectj.lang.annotation.Pointcut; import org.aspectj.lang.reflect.MethodSignature; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; import java.lang.reflect.Method; import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; /** * @ClassName AccessRestrictionsAspect * @Description * @Author WANGQW * @Date 2021/3/2 14:21 **/ @Aspect @Component public class AccessRestrictionsAspect { private static final Logger log = LoggerFactory.getLogger(AccessRestrictionsAspect.class); @Autowired private RedisUtil redisUtil; @Pointcut("execution(* com.wanglin.study.design.pattern.work.controller.*.*(..)) && @annotation(com.wanglin.study.design.pattern.work.annotion.IAccessRestrictionsForHour)") public void before(){} @Before("before()") public void requestLimit(JoinPoint joinPoint) throws Exception{ Object[] args = joinPoint.getArgs(); User user = JSON.parseObject(JSON.toJSONString(args[0]), new TypeReference<User>() {}); if(null == user || StringUtils.isEmpty(user.getUserId())){ throw new RuntimeException("当前用户未登录,请先登录后重试!"); } log.info(user.getUserId()+"=============="+user.getUserName()); String redisKey = Constants.ACCESS_LIMIT + Constants.ATRRBITE_SPLIT + user.getUserId(); Object o = redisUtil.get(redisKey); // IAccessRestrictionsForHour limit = this.getAnnotation(joinPoint); // if(limit == null) { // return; // } long incr = redisUtil.incr(redisKey, 1); if(1l == incr){
//设置过期时间
redisUtil.expire(redisKey,30);
} if(incr >= 30 ){ throw new RuntimeException("调用频繁,请稍后再试!"); } } /** * @Description: 获得注解 */ private IAccessRestrictionsForHour getAnnotation(JoinPoint joinPoint) throws Exception { Signature signature = joinPoint.getSignature(); MethodSignature methodSignature = (MethodSignature) signature; Method method = methodSignature.getMethod(); if (method != null) { return method.getAnnotation(IAccessRestrictionsForHour.class); } return null; } }
切面最终版:
package com.ruijie.demo.aspect;
import com.ruijie.demo.entity.domain.AccessRecord;
import com.ruijie.demo.exception.TycException;
import com.ruijie.demo.service.AccessRecordService;
import com.ruijie.demo.service.UpperLimitService;
import com.ruijie.demo.util.GuavaCacheManager;
import com.ruijie.framework.common.RemoteResult;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.Date;
/**
* @ClassName UpperLimitAspect
* @Description
* @Author WANGQW
* @Date 2021/3/18 10:31
**/
@Aspect
@Component
public class UpperLimitAspect {
private static final Logger log = LoggerFactory.getLogger(UpperLimitAspect.class);
@Autowired
private UpperLimitService upperLimitService;
@Autowired
private AccessRecordService accessRecordService;
@Pointcut("execution(* com.ruijie.demo.api.*.*(..)) && @annotation(com.ruijie.demo.annotaion.UpperLimitAnnotation)")
public void pointCut(){}
@Around("pointCut()")
public RemoteResult around(ProceedingJoinPoint joinPoint) throws Throwable {
log.info("进入控制访问上限切面=======================satrt");
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String sysId = request.getHeader("sysId");
String uri = request.getRequestURI();
upperLimitService.checkAndIncrAccessNumber(sysId,uri);
// 进入真正方法的 都是未达访问上限的请求
RemoteResult proceed = (RemoteResult)joinPoint.proceed();
//访问记录
AccessRecord accessRecord = new AccessRecord();
accessRecord.setSysId(sysId);
accessRecord.setPath(uri);
accessRecord.setCreateTime(new Date());
accessRecord.setReason(proceed.getErr());
accessRecord.setSuccess(proceed.getStatus());
accessRecordService.insertAccessRecord(accessRecord);
log.info("控制访问上限切面=======================end");
return proceed;
}
//异常通知
@AfterThrowing(value="execution(* com.ruijie.demo.api.*.*(..)) && @annotation(com.ruijie.demo.annotaion.UpperLimitAnnotation)",throwing="e")
public void afterThrowing(JoinPoint joinPoint,TycException e){
log.error("异常通知=======================start");
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String sysId = request.getHeader("sysId");
String uri = request.getRequestURI();
AccessRecord accessRecord = new AccessRecord();
accessRecord.setSysId(sysId);
accessRecord.setPath(uri);
accessRecord.setCreateTime(new Date());
accessRecord.setReason(e.getMessage());
accessRecord.setSuccess(e.getErrCode());
accessRecordService.insertAccessRecord(accessRecord);
log.error("异常通知=======================end");
}
}
controller
package com.wanglin.study.design.pattern.work.controller; import com.wanglin.study.design.pattern.work.annotion.IAccessRestrictionsForHour; import com.wanglin.study.design.pattern.work.domain.User; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.ResponseBody; /** * @ClassName LimitController * @Description * @Author WANGQW * @Date 2021/3/2 14:39 **/ @Controller public class LimitController { @IAccessRestrictionsForHour @PostMapping("test") @ResponseBody public String testMethod(@RequestBody User user){ return "success"; } @PostMapping("test2") @ResponseBody public String testMethod2(@RequestBody User user){ return "success2222222222"; } }