feat: 新增速率限制滑动限流

2024-02-26 13:42:37 +08:00
parent a35ab95809
commit 3532bf54e7
2 changed files with 102 additions and 43 deletions
--- a/Yi.Abp.Net8/src/Yi.Abp.Application/Services/TestService.cs
+++ b/Yi.Abp.Net8/src/Yi.Abp.Application/Services/TestService.cs
@@ -1,5 +1,6 @@
 using Mapster;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.RateLimiting;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Uow;
 using Yi.Framework.Bbs.Application.Contracts.Dtos.Banner;
@@ -117,5 +118,19 @@ namespace Yi.Abp.Application.Services
            var entity = new BannerEntity();
            var dto = entity.Adapt<BannerGetListOutputDto>();
        }
+
+
+        /// <summary>
+        /// 速率限制
+        /// </summary>
+        /// <returns></returns>
+        // [DisableRateLimiting]
+        //[EnableRateLimiting("sliding")]
+        public int GetRateLimiting()
+        {
+            RequestNumber++;
+            return RequestNumber;
+        }
+        private static int RequestNumber { get; set; } = 0;
    }
 }
--- a/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs
+++ b/Yi.Abp.Net8/src/Yi.Abp.Web/YiAbpWebModule.cs
@@ -1,6 +1,9 @@
-using System.Text;
+using System.Globalization;
+using System.Text;
+using System.Threading.RateLimiting;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.RateLimiting;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Newtonsoft.Json.Converters;
@@ -135,6 +138,44 @@ namespace Yi.Abp.Web
                //options.TenantResolvers.RemoveAll(x => x.Name == CookieTenantResolveContributor.ContributorName);
            });

+
+            //速率限制
+            //每60秒限制100个请求，滑块添加，分6段
+            service.AddRateLimiter(_ =>
+            {
+                _.RejectionStatusCode = StatusCodes.Status429TooManyRequests; 
+                _.OnRejected = (context, _) =>
+                {
+                    if (context.Lease.TryGetMetadata(MetadataName.RetryAfter, out var retryAfter))
+                    {
+                        context.HttpContext.Response.Headers.RetryAfter =
+                            ((int)retryAfter.TotalSeconds).ToString(NumberFormatInfo.InvariantInfo);
+                    }
+                    context.HttpContext.Response.StatusCode = StatusCodes.Status429TooManyRequests;
+                    context.HttpContext.Response.WriteAsync("Too many requests. Please try again later.");
+
+                    return new ValueTask();
+                };
+
+                //全局使用，链式表达式
+                _.GlobalLimiter = PartitionedRateLimiter.CreateChained(
+                   PartitionedRateLimiter.Create<HttpContext, string>(httpContext =>
+                   {
+                       var userAgent = httpContext.Request.Headers.UserAgent.ToString();
+
+                       return RateLimitPartition.GetSlidingWindowLimiter
+                       (userAgent, _ =>
+                           new SlidingWindowRateLimiterOptions
+                           {
+                               PermitLimit = 100,
+                               Window = TimeSpan.FromSeconds(60),
+                               SegmentsPerWindow = 6,
+                               QueueProcessingOrder = QueueProcessingOrder.OldestFirst
+                           });
+                   }));
+            });
+
+
            //jwt鉴权
            var jwtOptions = configuration.GetSection(nameof(JwtOptions)).Get<JwtOptions>();
            var refreshJwtOptions = configuration.GetSection(nameof(RefreshJwtOptions)).Get<RefreshJwtOptions>();
@@ -221,6 +262,9 @@ namespace Yi.Abp.Web
            //跨域
            app.UseCors(DefaultCorsPolicyName);

+            //速率限制
+            app.UseRateLimiter();
+
            //无感token，先刷新再鉴权
            app.UseRefreshToken();