Authored by 周少峰

request limit

... ... @@ -59,11 +59,6 @@ if (config.zookeeperServer) {
app.enable('trust proxy');
// 请求限制中间件
if (!app.locals.devEnv) {
app.use(require('./doraemon/middleware/limiter'));
}
app.set('subdomain offset', 2);
// 添加请求上下文
... ... @@ -149,6 +144,12 @@ try {
app.use(mobileRefer());
app.use(mobileCheck());
app.use(user());
// 请求限制中间件
if (!app.locals.devEnv) {
app.use(require('./doraemon/middleware/limiter'));
}
app.use(seo());
app.use(setPageInfo());
app.use(layoutTools());
... ...
/**
* 限制页面访问次数,如超过限制次数,返回相应策略(目前是ip加入黑名单,跳转图形验证码页面,解除限制)
* 当前规则只针对未登录用户
*/
'use strict';
const logger = global.yoho.logger;
const cache = global.yoho.cache.master;
const config = global.yoho.config;
const ONE_DAY = 60 * 60 * 24;
const MAX_QPS = config.maxQps;
const MAX_QPS_10m = config.maxQps10m; // eslint-disable-line
const _ = require('lodash');
const PAGES = {
'/product/^\\/([\\d]+)(.*)/': 5,
'/product/list/index': 5,
'/product/search/index': 5
};
function urlJoin(a, b) {
if (_.endsWith(a, '/') && _.startsWith(b, '/')) {
return a + b.substring(1, b.length);
} else if (!_.endsWith(a, '/') && !_.startsWith(b, '/')) {
return a + '/' + b;
} else {
return a + b;
}
// 页面访问限制
const MAX_TIMES = {
// 30s 最多访问15次
30: 15,
// 60s 最多访问15次
60: 20,
// 100s 最多访问15次
600: 100
}
module.exports = (limiter, policy) => {
const req = limiter.req,
res = limiter.res,
next = limiter.next; // eslint-disable-line
const key = `pc:limiter:${limiter.remoteIp}`;
const keyMax = `pc:limiter:max:${limiter.remoteIp}`;
const key10m = `pc:limiter:10m:${limiter.remoteIp}`;
const key10mMax = `pc:limiter:10m:max:${limiter.remoteIp}`;
res.on('render', function() {
let route = req.route ? req.route.path : '';
let appPath = req.app.mountpath;
const req = limiter.req;
if (_.isArray(route) && route.length > 0) {
route = route[0];
// 登录用户跳过
if (!_.isEmpty(req.user)) {
return Promise.resolve(true);
}
let pageKey = urlJoin(appPath, route.toString()); // route may be a regexp
let pageIncr = PAGES[pageKey] || 0;
// 存储规则的cache keys
let ruleKeys = [];
if (pageIncr > 0) {
cache.incr(key, pageIncr, (err) => {}); // eslint-disable-line
cache.incr(key10m, pageIncr, (err) => {}); // eslint-disable-line
}
});
_.forEach(MAX_TIMES, (val, key) => {
ruleKeys.push(`${config.app}:limiter:${key}:max:${limiter.remoteIp}`); // eslint-disable-line
})
return cache.getMultiAsync([key, key10m, keyMax, key10mMax]).then((results) => {
let result = results[key];
let result10m = results[key10m];
return cache.getMultiAsync(ruleKeys).then((results) => {
console.log(results);
logger.debug('qps limiter: ' + key + '@' + result + ' max: ' + MAX_QPS);
logger.debug('qps limiter:10m ' + key10m + '@' + result10m + ' max: ' + MAX_QPS_10m); // eslint-disable-line
// 第一次访问
if (_.isEmpty(results)) {
_.forEach(ruleKeys, (val) => {
let cacheTime = val.match(/limiter:([^:]*)?:max/i)[1];
// 达到1分钟或是10分钟的访问限制,禁止访问
if (results[keyMax] === 1 || results[key10mMax] === 1) {
return Promise.resolve(policy);
}
cache.setAsync(val, 1, +cacheTime); // eslint-disable-line
})
// 默认数据设置
if (!result && !_.isNumber(result)) {
cache.setAsync(key, 1, 60); // 设置key,1m失效
}
if (!result10m && !_.isNumber(result10m)) {
cache.setAsync(key10m, 1, 600); // 设置key,10m失效
}
// 第一次访问,都没计数,直接过
if (!result && !_.isNumber(result) && !result10m && !_.isNumber(result10m)) {
return Promise.resolve(true);
}
if (result === -1 || result10m === -1) {
return Promise.resolve(true);
}
// 判断 qps 10分钟
if (result10m === 9999) {
res.statusCode = 403;
return Promise.resolve(policy);
} else if (result10m > MAX_QPS_10m) { // eslint-disable-line
cache.setAsync(key10mMax, 1, ONE_DAY);
logger.debug('req limit', key10m);
// 遍历限制规则,若满足返回相应处理策略, 否则页面访问次数加1
_.forEach(ruleKeys, (val) => {
let cacheTime = +val.match(/limiter:([^:]*)?:max/i)[1];
if (!results[val]) {
cache.setAsync(val, 1, +cacheTime);
} else if (+results[val] > +MAX_TIMES[cacheTime]) {
return Promise.resolve(policy);
}
// 判断 qps 1分钟
if (result === 9999) {
res.statusCode = 403;
return Promise.resolve(policy);
} else if (result > MAX_QPS) { // 判断 qps
cache.setAsync(keyMax, 1, ONE_DAY);
logger.debug('req limit', key);
return Promise.resolve(policy);
// 非异步请求访问记录加1
if (!req.xhr) {
cache.incrAsync(val, 1);
}
})
cache.incrAsync(key, 1); // qps + 1
cache.incrAsync(key10m, 1); // qps + 1
// 不满足任何限制规则,继续访问
return Promise.resolve(true);
});
}).catch(err=>{logger.error(err)});
};
... ...