网站tkd优化,线上营销的优势和劣势,vs2013 网站开发,怎么做教育培训网站文章目录 请求后台管理的频率-流量限制流量限制的业务代码UserFlowRiskControlFilter 短链接中台的流量限制CustomBlockHandler 对指定接口限流UserFlowRiskControlConfigurationSentinelRuleConfig 请求后台管理的频率-流量限制
根据登录用户做出控制#xff0c;比如 x 秒请… 文章目录 请求后台管理的频率-流量限制流量限制的业务代码UserFlowRiskControlFilter 短链接中台的流量限制CustomBlockHandler 对指定接口限流UserFlowRiskControlConfigurationSentinelRuleConfig 请求后台管理的频率-流量限制
根据登录用户做出控制比如 x 秒请求后管系统的频率最多 x 次。 实现原理也比较简单通过 Redis increment 命令对一个数据进行递增如果超过 x 次就会返回失败。这里有个细节就是我们的这个周期是 x 秒需要对 Redis 的 Key 设置 x 秒有效期。 但是 Redis 中对于 increment 命令是没有提供过期命令的这就需要两步操作进而出现原子性问题。
lua脚本步骤
递增key对应的访问次数給该key设置过期时间TTLTTL是限制时间内的秒数最后返回TTL内的访问次数
使用lua脚本保证原子性这里主要的作用是记录在timeWindow秒限制内的访问次数AccessCnt。 其中timeWindow是多少多少秒lua脚本返回值是在timeWindow秒内被访问了AccessCnt次
-- 设置用户访问频率限制的参数
local username KEYS[1]
local timeWindow tonumber(ARGV[1]) -- 时间窗口单位秒-- 构造 Redis 中存储用户访问次数的键名
local accessKey short-link:user-flow-risk-control: .. username-- 原子递增访问次数并获取递增后的值
local currentAccessCount redis.call(INCR, accessKey)-- 设置键的过期时间
redis.call(EXPIRE, accessKey, timeWindow)-- 返回当前访问次数
return currentAccessCount流量限制的业务代码
UserFlowRiskControlFilter package com.nageoffer.shortlink.admin.common.biz.user;import com.alibaba.fastjson2.JSON;
import com.google.common.collect.Lists;
import com.nageoffer.shortlink.admin.common.convention.exception.ClientException;
import com.nageoffer.shortlink.admin.common.convention.result.Results;
import com.nageoffer.shortlink.admin.config.UserFlowRiskControlConfiguration;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.io.ClassPathResource;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.data.redis.core.script.DefaultRedisScript;
import org.springframework.scripting.support.ResourceScriptSource;import java.io.IOException;
import java.io.PrintWriter;
import java.util.Optional;import static com.nageoffer.shortlink.admin.common.convention.errorcode.BaseErrorCode.FLOW_LIMIT_ERROR;Slf4j
RequiredArgsConstructor
//用户流量封控过滤器
public class UserFlowRiskControlFilter implements Filter {private final StringRedisTemplate stringRedisTemplate;//用户流量封控配置器//这里这个UserFlowRiskControlConfiguration 在下面会有介绍的反正这里的MaxAccessCount和time-window都是从Application.yaml里面读取到的private final UserFlowRiskControlConfiguration userFlowRiskControlConfiguration;private static final String USER_FLOW_RISK_CONTROL_LUA_SCRIPT_PATH lua/user_flow_risk_control.lua;SneakyThrowsOverridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {DefaultRedisScriptLong redisScript new DefaultRedisScript();//设置加载到lua脚本对象redisScript.setScriptSource(new ResourceScriptSource(new ClassPathResource(USER_FLOW_RISK_CONTROL_LUA_SCRIPT_PATH)));//设置lua脚本返回值类型是LongredisScript.setResultType(Long.class);String username Optional.ofNullable(UserContext.getUsername()).orElse(other);Long result;try {result stringRedisTemplate.execute(redisScript, Lists.newArrayList(username), userFlowRiskControlConfiguration.getTimeWindow());} catch (Throwable ex) {//设置为Throwable防止捕获不到log.error(执行用户请求流量限制LUA脚本出错, ex);returnJson((HttpServletResponse) response, JSON.toJSONString(Results.failure(new ClientException(FLOW_LIMIT_ERROR))));return;}//如果访问次数Result最大限制访问次数getMaxAccessCount则返回流量限制异常if (result null || result userFlowRiskControlConfiguration.getMaxAccessCount()) {returnJson((HttpServletResponse) response, JSON.toJSONString(Results.failure(new ClientException(FLOW_LIMIT_ERROR))));return;}filterChain.doFilter(request, response);}private void returnJson(HttpServletResponse response, String json) throws Exception {response.setCharacterEncoding(UTF-8);response.setContentType(text/html; charsetutf-8);try (PrintWriter writer response.getWriter()) {writer.print(json);}}
}
短链接中台的流量限制
使用sentinel来做中台的流量限制首先引入依赖
dependencygroupIdcom.alibaba.cloud/groupIdartifactIdspring-cloud-starter-alibaba-sentinel/artifactId
/dependencydependencygroupIdcom.alibaba.csp/groupIdartifactIdsentinel-annotation-aspectj/artifactId
/dependencyCustomBlockHandler
package com.nageoffer.shortlink.project.handler;import com.alibaba.csp.sentinel.slots.block.BlockException;
import com.nageoffer.shortlink.project.common.convention.result.Result;
import com.nageoffer.shortlink.project.dto.req.ShortLinkCreateReqDTO;
import com.nageoffer.shortlink.project.dto.resp.ShortLinkCreateRespDTO;public class CustomBlockHandler {public static ResultShortLinkCreateRespDTO createShortLinkBlockHandlerMethod(ShortLinkCreateReqDTO requestParam, BlockException exception) {return new ResultShortLinkCreateRespDTO().setCode(B100000).setMessage(当前访问网站人数过多请稍后再试...);}
}sentinel技术对接口限流超过指定的QPS之后会接口限流Block住 下面的SentinelResource里面的value是对保护资源的名称的指定Blockhandler是保护资源用到的方法BlockHandlerClass是保护资源用到的类Class
对指定接口限流
这里对接口限流指定他的资源名称为create-short-link以后带着这个名称在SentinelRuleConfig文章下面会介绍到位也可以在目录里面快速定位到相关内容里面会加入对这个资源的保护
UserFlowRiskControlConfiguration
Application.yaml和UserFlowRiskControlConfiguration
Data
Component
ConfigurationProperties(prefix short-link.flow-limit) //从Application.yaml配置文件里面读取相应的数据信息
public class UserFlowRiskControlConfiguration {/*** 是否开启用户流量风控验证*/private Boolean enable;/*** 流量风控时间窗口单位秒*/private String timeWindow;/*** 流量风控时间窗口内可访问次数*/private Long maxAccessCount;
}
SentinelRuleConfig
定义接口规则
package com.nageoffer.shortlink.project.config;import com.alibaba.csp.sentinel.slots.block.RuleConstant;
import com.alibaba.csp.sentinel.slots.block.flow.FlowRule;
import com.alibaba.csp.sentinel.slots.block.flow.FlowRuleManager;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.stereotype.Component;import java.util.ArrayList;
import java.util.List;//解释一下实现InitializingBean 接口并重写afterPropertiesSet是为了在Bean初始化完成之后
//执行FlowRuleManager.loadRules(rules)把这个流量限制规则加入到位!!!!
Component
public class SentinelRuleConfig implements InitializingBean { //Overridepublic void afterPropertiesSet() throws Exception {ListFlowRule rules new ArrayList();FlowRule createOrderRule new FlowRule();//通过对指定资源名称进行保护限流createOrderRule.setResource(create_short-link);//通过QPS限制createOrderRule.setGrade(RuleConstant.FLOW_GRADE_QPS);//QPS超过1就限流createOrderRule.setCount(1);rules.add(createOrderRule);FlowRuleManager.loadRules(rules);}
}InitializingBean 接口实现该接口的类需要提供一个 afterPropertiesSet 方法该方法会在所有依赖注入完成后被调用
package org.springframework.beans.factory;public interface InitializingBean {void afterPropertiesSet() throws Exception;
}
