Authored by 郝肖肖

'limit'

... ... @@ -9,6 +9,13 @@ const cache = global.yoho.cache.master;
const helpers = global.yoho.helpers;
const pathToRegexp = require('path-to-regexp');
const statusCode = {
code: 4403,
date: {},
message: '亲,您的访问次数过多,请稍后再试哦...'
};
const INVALIDTIME = 3600 * 24; // 24h
const IP_WHITE_LIST = [
'106.38.38.146',
'106.38.38.147',
... ... @@ -18,17 +25,33 @@ const IP_WHITE_LIST = [
'218.94.77.166'
];
const _jumpUrl = (req, res, next, result) => {
if (result.code === 4403) {
if (req.xhr) {
res.set({
'Cache-Control': 'no-cache',
Pragma: 'no-cache',
Expires: (new Date(1900, 0, 1, 0, 0, 0, 0)).toUTCString()
});
return res.status(403).json(result);
}
return res.redirect(`${result.data.url}&refer=${req.originalUrl}`);
}
return next();
};
module.exports = () => {
return (req, res, next) => {
let ip = _.get(req.yoho, 'clientIp', '');
let path = req.path || '';
let router = {};
let risks = _.get(req.app.locals.wap, 'json.risk', []);
if (_.isEmpty(path) || _.isEmpty(risks) || IP_WHITE_LIST.indexOf(ip) > -1) {
return next();
}
let router = {};
_.isArray(risks) && risks.some(item => {
if (item.state === 'off') {
return false;
... ... @@ -52,47 +75,42 @@ module.exports = () => {
return next();
}
let key = `wap:risk:${_.trim(path, '/').replace(/\//g, ':')}:${ip}`;
let keyPath = `${_.trim(path, '/').replace(/\//g, ':')}:${ip}`;
let limitKey = `wap:risk:limit:${keyPath}`;
let configKey = `wap:risk:${keyPath}`;
let checkUrl = helpers.urlFormat('/3party/check', {
pid: key
pid: limitKey
});
return cache.getAsync(key).then(inter => {
if (typeof inter === 'undefined') {
return cache.setAsync(key, 1, router.interval || 300);
return Promise.all([
cache.getAsync(limitKey),
cache.getAsync(configKey),
]).then(inters => {
if (inters[0]) {
return Object.assign({}, statusCode, {data: {url: checkUrl}});
}
inter = parseInt(`0${inter}`, 10);
if (inter <= router.requests) {
return cache.incrAsync(key, 1);
if (typeof inters[1] === 'undefined') {
cache.setAsync(configKey, 1, router.interval || 300);
return Object.assign({}, statusCode, {code: 200, message: ''});
}
return inter;
}).then(inter => {
if (inter === true) { // cache set OR incr
return next();
inters[1] = parseInt(`0${inters[1]}`, 10);
if (inters[1] <= router.requests) {
router = [];
cache.incrAsync(configKey, 1);
return Object.assign({}, statusCode, {code: 200, message: ''});
}
if (inter > router.requests) {
if (req.xhr) {
res.set({
'Cache-Control': 'no-cache',
Pragma: 'no-cache',
Expires: (new Date(1900, 0, 1, 0, 0, 0, 0)).toUTCString()
return Promise.all([
cache.setAsync(limitKey, 1, INVALIDTIME),
cache.delAsync(configKey)
]).then(() => {
return Object.assign({}, statusCode, {data: {url: checkUrl}});
});
return res.status(403).json({
code: 4403,
date: {url: checkUrl},
message: '亲,您的访问次数过多,请稍后再试哦...'
});
}
return res.redirect(`${checkUrl}&refer=${req.originalUrl}`);
}
return next();
}).catch((e) => {
}).then(result => {
return _jumpUrl(req, res, next, result);
}).catch(e => {
console.log(`risk => path: ${path}, err: ${e.message}`);
return next();
});
... ...