Laravel 访问限制 throttle 中间件
throttle中间件介绍
频率限制经常用在API中,用于限制独立请求者对特定API的请求频率。每个API都会选择一个自己的频率限制时间跨度,GitHub选择的是1小时,Laravel中间件选择的是1分钟。
例如:throttle:60,1
,即设置频率限制为每分钟60次,如果一个IP一分钟内超过这个限制,那么服务器就会返回 429 Too Many Attempts.
响应。
throttle中间件遇到的问题
在服务器与服务器之间的API请求频率如果也用有这个限制的话,肯定是不行的。所以,我们要有个IP白名单,可以把ThrottleRequests
重写。
自定义throttle中间件
php artisan make:middleware ThrottleRequests
public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1)
{
$key = $this->resolveRequestSignature($request);
if ($this->limiter->tooManyAttempts($key, $maxAttempts, $decayMinutes)) {
return $this->buildResponse($key, $maxAttempts);
}
if (!in_array($request->ip(),config('ip.whitelist'))){//IP可以写在配置文件中,
$this->limiter->hit($key, $decayMinutes);//先添加key 然后自增长数值记录访问次数
}
$response = $next($request);
return $this->addHeaders(
$response, $maxAttempts,
$this->calculateRemainingAttempts($key, $maxAttempts)
);
}
创建ip白名单配置文件(config/ip.php)
<?php
return [
'whitelist' => [
'192.22.88.66',
],
];
修改app/Http/Kernel.php
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
//'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'throttle' => \App\Http\Middleware\ThrottleRequests::class,
];
源码解读
入口是vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php
中的handle
方法。
未完待续。。。
本作品采用《CC 协议》,转载必须注明作者和本文链接
本帖由系统于 4年前 自动加精
推荐文章: