Springboot搭配redis使用定义注解和拦截器实现接口限流防刷
一、接口限流防刷介绍
接口限流防刷:
限制同一个用户在限定时间内,只能访问固定次数。
思路:每次点击之后,在缓存中生成一个计数器,第一次将这个计数器置1后存入缓存,并给其设定有效期。
每次点击后,取出这个值,计数器加一,如果超过限定次数,就抛出业务异常。
二、核心代码
1.自定义注解
/**
* 在需要保证 接口防刷限流 的Controller的方法上使用此注解
*/
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface AccessLimit {
int maxCount();// 最大访问次数
int seconds();// 固定时间, 单位: s
}
2.拦截器
package com.hl.springbootidempotence.interceptor;
import com.hl.springbootidempotence.annotation.AccessLimit;
import com.hl.springbootidempotence.common.ResponseCode;
import com.hl.springbootidempotence.exception.ServiceException;
import com.hl.springbootidempotence.utils.IpUtil;
import com.hl.springbootidempotence.utils.JedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
/**
* 接口防刷限流拦截器
*/
@Component
public class AccessLimitInterceptor implements HandlerInterceptor {
private static final String ACCESS_LIMIT_PREFIX = "accessLimit:";
@Autowired
private JedisUtil jedisUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
if (!(handler instanceof HandlerMethod)) {//如果是HandlerMethod 类,强转,拿到注解
return true;
}
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
AccessLimit annotation = method.getAnnotation(AccessLimit.class);
if (annotation != null) {
check(annotation, request);
}
return true;
}
private void check(AccessLimit annotation, HttpServletRequest request) {
获取方法上注解的参数
int maxCount = annotation.maxCount();
int seconds = annotation.seconds();
StringBuilder sb = new StringBuilder();
sb.append(ACCESS_LIMIT_PREFIX).append(IpUtil.getIpAddress(request)).append(request.getRequestURI());
String key = sb.toString();
Boolean exists = jedisUtil.exists(key);
if (!exists) {//如果没有,说明没访问过,置1
jedisUtil.set(key, String.valueOf(1), seconds);
} else {
int count = Integer.parseInt(jedisUtil.get(key));
if (count < maxCount) {//设置 如果小于我们的防刷次数
Long ttl = jedisUtil.ttl(key);
if (ttl <= 0) {
jedisUtil.set(key, String.valueOf(1), seconds);
} else {//小于5 就+1
jedisUtil.set(key, String.valueOf(++count), ttl.intValue());
}
} else {//说明大于最大次数
throw new ServiceException(ResponseCode.ACCESS_LIMIT.getMsg());
}
}
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
3.配置拦截器
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
/**
* 跨域
* @return
*/
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
final CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(urlBasedCorsConfigurationSource);
}
//关键,将拦截器作为bean写入配置中
@Bean
public AccessLimitInterceptor accessLimitInterceptor() {
return new AccessLimitInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 接口防刷限流拦截器
registry.addInterceptor(accessLimitInterceptor()).addPathPatterns("/**");
}
}
4.测试
源码地址:https://gitee.com/huanglei1111/springboot-demo/tree/master