新增加IPRateLimit限制

2022-04-04 18:53:02 +08:00 · 2022-04-04 18:53:02 +08:00 · 19c738b974
commit 19c738b974
parent 6b0e6b11b3
5 changed files with 106 additions and 4 deletions
--- a/ZR.Admin.WebApi/Extensions/IPRateExtension.cs
+++ b/ZR.Admin.WebApi/Extensions/IPRateExtension.cs
@ -0,0 +1,27 @@
+using AspNetCoreRateLimit;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+
+namespace ZR.Admin.WebApi.Extensions
+{
+    public static class IPRateExtension
+    {
+        public static void AddIPRate(this IServiceCollection services, IConfiguration configuration)
+        {
+            if (services == null) throw new ArgumentNullException(nameof(services));
+
+            //从appsettings.json中加载常规配置，IpRateLimiting与配置文件中节点对应
+            services.Configure<IpRateLimitOptions>(configuration.GetSection("IpRateLimiting"));
+
+            //从appsettings.json中加载Ip规则
+            services.Configure<IpRateLimitPolicies>(configuration.GetSection("IpRateLimitPolicies"));
+            //注入计数器和规则存储
+            services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
+            services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
+            //配置（解析器、计数器密钥生成器）
+            services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
+            services.AddSingleton<IProcessingStrategy, AsyncKeyLockProcessingStrategy>();
+        }
+    }
+}
--- a/ZR.Admin.WebApi/Startup.cs
+++ b/ZR.Admin.WebApi/Startup.cs
@ -1,3 +1,4 @@
+using AspNetCoreRateLimit;
 using Hei.Captcha;
 using Infrastructure;
 using Infrastructure.Extensions;
@ -56,7 +57,9 @@ namespace ZR.Admin.WebApi
                .PersistKeysToFileSystem(new DirectoryInfo(Directory.GetCurrentDirectory() + Path.DirectorySeparatorChar + "DataProtection"));
            //普通验证码
            services.AddHeiCaptcha();
+            services.AddIPRate(Configuration);
            services.AddSession();
+            services.AddMemoryCache();
            services.AddHttpContextAccessor();

            //绑定整个对象到Model上
@ -127,6 +130,8 @@ namespace ZR.Admin.WebApi
            app.UseAddTaskSchedulers();
            //使用全局异常中间件
            app.UseMiddleware<GlobalExceptionMiddleware>();
+            //启用客户端IP限制速率
+            app.UseIpRateLimiting();

            app.UseEndpoints(endpoints =>
            {
--- a/ZR.Admin.WebApi/ZR.Admin.WebApi.csproj
+++ b/ZR.Admin.WebApi/ZR.Admin.WebApi.csproj
@ -22,6 +22,7 @@
  </ItemGroup>

  <ItemGroup>
+	<PackageReference Include="AspNetCoreRateLimit" Version="4.0.2" />
 	<PackageReference Include="EPPlus" Version="5.8.6" />
 	<PackageReference Include="Hei.Captcha" Version="0.3.0" />
 	<PackageReference Include="IPTools.China" Version="1.6.0" />
--- a/ZR.Admin.WebApi/appsettings.json
+++ b/ZR.Admin.WebApi/appsettings.json
@ -54,5 +54,74 @@
  "RedisServer": {
    "Cache": "127.0.0.1:6379,defaultDatabase=0,poolsize=50,ssl=false,writeBuffer=10240,prefix=cache:",
    "Session": "127.0.0.1:6379,defaultDatabase=0,poolsize=50,ssl=false,writeBuffer=10240,prefix=session:"
+  },
+  //接口请求限制
+  "IpRateLimiting": {
+    //例如设置了5次每分钟访问限流。当False时：项目中每个接口都加入计数，不管你访问哪个接口，只要在一分钟内累计够5次，将禁止访问。
+    //True：当一分钟请求了5次GetData接口，则该接口将在时间段内禁止访问，但是还可以访问PostData()5次,总得来说是每个接口都有5次在这一分钟，互不干扰。
+    "EnableEndpointRateLimiting": true,
+    //false，拒绝的API调用不会添加到调用次数计数器上;如 客户端每秒发出3个请求并且您设置了每秒一个调用的限制，则每分钟或每天计数器等其他限制将仅记录第一个调用，即成功的API调用。如果您希望被拒绝的API调用计入其他时间的显示（分钟，小时等）
+    //，则必须设置StackBlockedRequests为true。
+    "StackBlockedRequests": false,
+    "RealIpHeader": "X-Real-IP",
+    //取白名单的客户端ID。如果此标头中存在客户端ID并且与ClientWhitelist中指定的值匹配，则不应用速率限制。
+    "ClientIdHeader": "X-ClientId",
+    "HttpStatusCode": 429,
+    //端点白名单
+    //"EndpointWhitelist": [ "get:/api/xxx", "*:/api/yyy" ],
+    //客户端白名单
+    //"ClientWhitelist": [ "dev-id-1", "dev-id-2" ],
+    "QuotaExceededResponse": {
+      "Content": "{{\"code\":429,\"msg\":\"访问过于频繁，请稍后重试\"}}",
+      "ContentType": "application/json",
+      "StatusCode": 429
+    },
+    //通用规则，api规则,结尾一定要带*
+    "GeneralRules": [
+      {
+        "Endpoint": "*:/captchaImage",
+        //时间段，格式：{数字}{单位}；可使用单位：s, m, h, d
+        "Period": "3s",
+        "Limit": 5
+      },
+      {
+        "Endpoint": "post:*",
+        //时间段，格式：{数字}{单位}；可使用单位：s, m, h, d
+        "Period": "3s",
+        "Limit": 1
+      },
+      {
+        "Endpoint": "put:*",
+        //时间段，格式：{数字}{单位}；可使用单位：s, m, h, d
+        "Period": "3s",
+        "Limit": 1
+      }
+      //{
+      //  "Endpoint": "*",
+      //  //时间段，格式：{数字}{单位}；可使用单位：s, m, h, d
+      //  "Period": "1s",
+      //  "Limit": 2
+      //}
+      //{
+      //  "Endpoint": "*",
+      //  "Period": "15m",
+      //  "Limit": 100
+      //},
+      //{
+      //  "Endpoint": "*",
+      //  "Period": "12h",
+      //  "Limit": 1000
+      //},
+      //{
+      //  "Endpoint": "*",
+      //  "Period": "7d",
+      //  "Limit": 10000
+      //}
+    ],
+    "IpRateLimitPolicies": {
+      //ip规则
+      "IpRules": [
+      ]
+    }
  }
 }
--- a/ZR.Vue/src/utils/request.js
+++ b/ZR.Vue/src/utils/request.js
@ -57,7 +57,7 @@ service.interceptors.response.use(res => {
      })

      return Promise.reject('无效的会话，或者会话已过期，请重新登录。')
-    } else if (code == 0 || code == 1 || code == 110 || code == 101 || code == 403 || code == 500) {
+    } else if (code == 0 || code == 1 || code == 110 || code == 101 || code == 403 || code == 500 || code == 429) {
      Message({
        message: msg,
        type: 'error'
@ -70,13 +70,13 @@ service.interceptors.response.use(res => {
  },
  error => {
    console.log('err' + error)
-    let {
-      message
-    } = error;
+    let { message } = error;
    if (message == "Network Error") {
      message = "后端接口连接异常";
    } else if (message.includes("timeout")) {
      message = "系统接口请求超时";
+    } else if (message.includes("Request failed with status code 429")) {
+      message = "请求过于频繁，请稍后再试";
    } else if (message.includes("Request failed with status code")) {
      message = "系统接口" + message.substr(message.length - 3) + "异常";
    }