|
...
|
...
|
@@ -9,6 +9,13 @@ const cache = global.yoho.cache.master; |
|
|
|
const helpers = global.yoho.helpers;
|
|
|
|
const pathToRegexp = require('path-to-regexp');
|
|
|
|
|
|
|
|
const statusCode = {
|
|
|
|
code: 4403,
|
|
|
|
date: {},
|
|
|
|
message: '亲,您的访问次数过多,请稍后再试哦...'
|
|
|
|
};
|
|
|
|
|
|
|
|
const INVALIDTIME = 3600 * 24; // 24h
|
|
|
|
const IP_WHITE_LIST = [
|
|
|
|
'106.38.38.146',
|
|
|
|
'106.38.38.147',
|
|
...
|
...
|
@@ -18,17 +25,33 @@ const IP_WHITE_LIST = [ |
|
|
|
'218.94.77.166'
|
|
|
|
];
|
|
|
|
|
|
|
|
const _jumpUrl = (req, res, next, result) => {
|
|
|
|
if (result.code === 4403) {
|
|
|
|
if (req.xhr) {
|
|
|
|
res.set({
|
|
|
|
'Cache-Control': 'no-cache',
|
|
|
|
Pragma: 'no-cache',
|
|
|
|
Expires: (new Date(1900, 0, 1, 0, 0, 0, 0)).toUTCString()
|
|
|
|
});
|
|
|
|
return res.status(403).json(result);
|
|
|
|
}
|
|
|
|
return res.redirect(`${result.data.url}&refer=${req.originalUrl}`);
|
|
|
|
}
|
|
|
|
|
|
|
|
return next();
|
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = () => {
|
|
|
|
return (req, res, next) => {
|
|
|
|
let ip = _.get(req.yoho, 'clientIp', '');
|
|
|
|
let path = req.path || '';
|
|
|
|
let router = {};
|
|
|
|
let risks = _.get(req.app.locals.wap, 'json.risk', []);
|
|
|
|
|
|
|
|
if (_.isEmpty(path) || _.isEmpty(risks) || IP_WHITE_LIST.indexOf(ip) > -1) {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
|
|
|
let router = {};
|
|
|
|
_.isArray(risks) && risks.some(item => {
|
|
|
|
if (item.state === 'off') {
|
|
|
|
return false;
|
|
...
|
...
|
@@ -52,47 +75,42 @@ module.exports = () => { |
|
|
|
return next();
|
|
|
|
}
|
|
|
|
|
|
|
|
let key = `wap:risk:${_.trim(path, '/').replace(/\//g, ':')}:${ip}`;
|
|
|
|
let keyPath = `${_.trim(path, '/').replace(/\//g, ':')}:${ip}`;
|
|
|
|
let limitKey = `wap:risk:limit:${keyPath}`;
|
|
|
|
let configKey = `wap:risk:${keyPath}`;
|
|
|
|
let checkUrl = helpers.urlFormat('/3party/check', {
|
|
|
|
pid: key
|
|
|
|
pid: limitKey
|
|
|
|
});
|
|
|
|
|
|
|
|
return cache.getAsync(key).then(inter => {
|
|
|
|
if (typeof inter === 'undefined') {
|
|
|
|
return cache.setAsync(key, 1, router.interval || 300);
|
|
|
|
}
|
|
|
|
|
|
|
|
inter = parseInt(`0${inter}`, 10);
|
|
|
|
|
|
|
|
if (inter <= router.requests) {
|
|
|
|
return cache.incrAsync(key, 1);
|
|
|
|
return Promise.all([
|
|
|
|
cache.getAsync(limitKey),
|
|
|
|
cache.getAsync(configKey),
|
|
|
|
]).then(inters => {
|
|
|
|
if (inters[0]) {
|
|
|
|
return Object.assign({}, statusCode, {data: {url: checkUrl}});
|
|
|
|
}
|
|
|
|
|
|
|
|
return inter;
|
|
|
|
}).then(inter => {
|
|
|
|
if (inter === true) { // cache set OR incr
|
|
|
|
return next();
|
|
|
|
if (typeof inters[1] === 'undefined') {
|
|
|
|
cache.setAsync(configKey, 1, router.interval || 300);
|
|
|
|
return Object.assign({}, statusCode, {code: 200, message: ''});
|
|
|
|
}
|
|
|
|
|
|
|
|
if (inter > router.requests) {
|
|
|
|
if (req.xhr) {
|
|
|
|
res.set({
|
|
|
|
'Cache-Control': 'no-cache',
|
|
|
|
Pragma: 'no-cache',
|
|
|
|
Expires: (new Date(1900, 0, 1, 0, 0, 0, 0)).toUTCString()
|
|
|
|
});
|
|
|
|
return res.status(403).json({
|
|
|
|
code: 4403,
|
|
|
|
date: {url: checkUrl},
|
|
|
|
message: '亲,您的访问次数过多,请稍后再试哦...'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
return res.redirect(`${checkUrl}&refer=${req.originalUrl}`);
|
|
|
|
inters[1] = parseInt(`0${inters[1]}`, 10);
|
|
|
|
if (inters[1] <= router.requests) {
|
|
|
|
router = [];
|
|
|
|
cache.incrAsync(configKey, 1);
|
|
|
|
return Object.assign({}, statusCode, {code: 200, message: ''});
|
|
|
|
}
|
|
|
|
|
|
|
|
return next();
|
|
|
|
}).catch((e) => {
|
|
|
|
return Promise.all([
|
|
|
|
cache.setAsync(limitKey, 1, INVALIDTIME),
|
|
|
|
cache.delAsync(configKey)
|
|
|
|
]).then(() => {
|
|
|
|
return Object.assign({}, statusCode, {data: {url: checkUrl}});
|
|
|
|
});
|
|
|
|
}).then(result => {
|
|
|
|
return _jumpUrl(req, res, next, result);
|
|
|
|
}).catch(e => {
|
|
|
|
console.log(`risk => path: ${path}, err: ${e.message}`);
|
|
|
|
return next();
|
|
|
|
});
|
...
|
...
|
|
