request limit

周少峰
Commit 826190e6324acd81d887fc226b73f934e3d67bc6 1 parent f4837a36
Showing 2 changed files with 52 additions and 90 deletions
app.js
doraemon/middleware/limiter/rules/qps-limit.js
--- a/app.js
View file @826190e
+++ b/app.js
View file @826190e
@@ -59,11 +59,6 @@ if (config.zookeeperServer) {
 app.enable('trust proxy');
-// 请求限制中间件
-if (!app.locals.devEnv) {
-    app.use(require('./doraemon/middleware/limiter'));
-}
-
 app.set('subdomain offset', 2);
 // 添加请求上下文
@@ -149,6 +144,12 @@ try {
     app.use(mobileRefer());
     app.use(mobileCheck());
     app.use(user());
+
+    // 请求限制中间件
+    if (!app.locals.devEnv) {
+        app.use(require('./doraemon/middleware/limiter'));
+    }
+
     app.use(seo());
     app.use(setPageInfo());
     app.use(layoutTools());
--- a/doraemon/middleware/limiter/rules/qps-limit.js
View file @826190e
+++ b/doraemon/middleware/limiter/rules/qps-limit.js
View file @826190e
+/**
+ * 限制页面访问次数，如超过限制次数，返回相应策略（目前是ip加入黑名单，跳转图形验证码页面，解除限制）
+ * 当前规则只针对未登录用户
+ */
+
 'use strict';
 const logger = global.yoho.logger;
 const cache = global.yoho.cache.master;
 const config = global.yoho.config;
-const ONE_DAY = 60 * 60 * 24;
-const MAX_QPS = config.maxQps;
-const MAX_QPS_10m = config.maxQps10m; // eslint-disable-line
 const _ = require('lodash');
-const PAGES = {
-    '/product/^\\/([\\d]+)(.*)/': 5,
-    '/product/list/index': 5,
-    '/product/search/index': 5
-};
-
-function urlJoin(a, b) {
-    if (_.endsWith(a, '/') && _.startsWith(b, '/')) {
-        return a + b.substring(1, b.length);
-    } else if (!_.endsWith(a, '/') && !_.startsWith(b, '/')) {
-        return a + '/' + b;
-    } else {
-        return a + b;
-    }
+// 页面访问限制
+const MAX_TIMES = {
+    // 30s 最多访问15次
+    30: 15,
+    // 60s 最多访问15次
+    60: 20,
+    // 100s 最多访问15次
+    600: 100
 }
 module.exports = (limiter, policy) => {
-    const req = limiter.req,
-        res = limiter.res,
-        next = limiter.next; // eslint-disable-line
-
-    const key = `pc:limiter:${limiter.remoteIp}`;
-    const keyMax = `pc:limiter:max:${limiter.remoteIp}`;
-    const key10m = `pc:limiter:10m:${limiter.remoteIp}`;
-    const key10mMax = `pc:limiter:10m:max:${limiter.remoteIp}`;
-
-    res.on('render', function() {
-        let route = req.route ? req.route.path : '';
-        let appPath = req.app.mountpath;
-
-        if (_.isArray(route) && route.length > 0) {
-            route = route[0];
-        }
-
-        let pageKey = urlJoin(appPath, route.toString()); // route may be a regexp
-        let pageIncr = PAGES[pageKey] || 0;
-
-        if (pageIncr > 0) {
-            cache.incr(key, pageIncr, (err) => {}); // eslint-disable-line
-            cache.incr(key10m, pageIncr, (err) => {}); // eslint-disable-line
-        }
-    });
+    const req = limiter.req;
-    return cache.getMultiAsync([key, key10m, keyMax, key10mMax]).then((results) => {
-        let result = results[key];
-        let result10m = results[key10m];
+    // 登录用户跳过
+    if (!_.isEmpty(req.user)) {
+        return Promise.resolve(true);
+    }
-        logger.debug('qps limiter: ' + key + '@' + result + ' max: ' + MAX_QPS);
-        logger.debug('qps limiter:10m ' + key10m + '@' + result10m + ' max: ' + MAX_QPS_10m); // eslint-disable-line
+    // 存储规则的cache keys
+    let ruleKeys = [];
-        // 达到1分钟或是10分钟的访问限制，禁止访问
-        if (results[keyMax] === 1 || results[key10mMax] === 1) {
-            return Promise.resolve(policy);
-        }
+    _.forEach(MAX_TIMES, (val, key) => {
+        ruleKeys.push(`${config.app}:limiter:${key}:max:${limiter.remoteIp}`); // eslint-disable-line
+    })
-        // 默认数据设置
-        if (!result && !_.isNumber(result)) {
-            cache.setAsync(key, 1, 60);  // 设置key，1m失效
-        }
+    return cache.getMultiAsync(ruleKeys).then((results) => {
+        console.log(results);
-        if (!result10m && !_.isNumber(result10m)) {
-            cache.setAsync(key10m, 1, 600);  // 设置key，10m失效
-        }
+        // 第一次访问
+        if (_.isEmpty(results)) {
+            _.forEach(ruleKeys, (val) => {
+                let cacheTime = val.match(/limiter:([^:]*)?:max/i)[1];
-        // 第一次访问，都没计数，直接过
-        if (!result && !_.isNumber(result) && !result10m && !_.isNumber(result10m)) {
-            return Promise.resolve(true);
-        }
+                cache.setAsync(val, 1, +cacheTime); // eslint-disable-line
+            })
-        if (result === -1 || result10m === -1) {
             return Promise.resolve(true);
         }
-        // 判断 qps 10分钟
-        if (result10m === 9999) {
-            res.statusCode = 403;
-            return Promise.resolve(policy);
-        } else if (result10m > MAX_QPS_10m) { // eslint-disable-line
-            cache.setAsync(key10mMax, 1, ONE_DAY);
-            logger.debug('req limit', key10m);
+        // 遍历限制规则，若满足返回相应处理策略， 否则页面访问次数加1
+        _.forEach(ruleKeys, (val) => {
+            let cacheTime = +val.match(/limiter:([^:]*)?:max/i)[1];
-            return Promise.resolve(policy);
-        }
+            if (!results[val]) {
+                cache.setAsync(val, 1, +cacheTime);
+            } else if (+results[val] > +MAX_TIMES[cacheTime]) {
+                return Promise.resolve(policy);
+            }
-        // 判断 qps 1分钟
-        if (result === 9999) {
-            res.statusCode = 403;
-            return Promise.resolve(policy);
-        } else if (result > MAX_QPS) { // 判断 qps
-            cache.setAsync(keyMax, 1, ONE_DAY);
-            logger.debug('req limit', key);
-
-            return Promise.resolve(policy);
-        }
+            // 非异步请求访问记录加1
+            if (!req.xhr) {
+                cache.incrAsync(val, 1);
+            }
+        })
-        cache.incrAsync(key, 1); // qps + 1
-        cache.incrAsync(key10m, 1); // qps + 1
+        // 不满足任何限制规则，继续访问
         return Promise.resolve(true);
-    });
+    }).catch(err=>{logger.error(err)});
 };