Commit 18a24e0

committed

feat: support rate limit

1 parent 6071f22 commit 18a24e0Copy full SHA for 18a24e0

File tree

8 files changed

+98

-15

lines changed

front
- package.json
- server.js
- server
  - api
    - visitor.js
  - middleware
    - ratelimit.js
  - utils
    - highLimitApis.js
- src
  - entry-client.js
  - entry-server.js
  - utils
    - errorCode.js

8 files changed

+98

-15

lines changed

`‎front/package.json`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@`
`76`	`76`	`"less": "^2.7.3",`
`77`	`77`	`"less-loader": "^4.0.5",`
`78`	`78`	`"lint-staged": "10.5.4",`
`79`		`- "lru-cache": "^4.1.1",`
	`79`	`+ "lru-cache": "^7.5.1",`
`80`	`80`	`"md5": "^2.2.1",`
`81`	`81`	`"mongoose": "^4.13.9",`
`82`	`82`	`"morgan": "^1.9.0",`

`‎front/server.js`

Lines changed: 13 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`const express = require('express')`
`2`	`2`	`const path = require('path')`
`3`		`-const LRU = require('lru-cache')`
	`3`	`+const lruCache = require('lru-cache')`
`4`	`4`	`const fs = require('fs')`
`5`	`5`	`const cookieParser = require('cookie-parser')`
`6`	`6`	`const bodyParser = require('body-parser')`
`@@ -12,10 +12,14 @@ const compression = require('compression')`
`12`	`12`	`const { createBundleRenderer } = require('vue-server-renderer')`
`13`	`13`	`const { startSchedule } = require('./server/utils/schedule')`
`14`	`14`	`const template = fs.readFileSync('./src/index.template.html', 'utf-8')`
	`15`	`+const ratelimit = require('./server/middleware/ratelimit')`
`15`	`16`	`const isProd = process.env.NODE_ENV === 'production'`
`16`	`17`	`const server = express()`
`17`	`18`	`const resolve = (file) => path.resolve(__dirname, file)`
`18`		`-server.use(logger('dev')) //日志记录中间件,将请求信息打印在控制台`
	`19`	`+// 开启流控`
	`20`	`+server.use('/api', ratelimit)`
	`21`	`+// 日志记录中间件`
	`22`	`+server.use(logger('dev'))`
`19`	`23`	`server.use(bodyParser.json())`
`20`	`24`	`server.use(bodyParser.urlencoded({ extended: true }))`
`21`	`25`	`server.use(cookieParser())`
`@@ -26,15 +30,18 @@ server.set('views', [path.join(__dirname, 'dist'), path.join(__dirname, 'static'`
`26`	`30`	`server.engine('.html', ejs.__express)`
`27`	`31`	`server.set('view engine', 'ejs')`
`28`	`32`	`route(server)`
	`33`	`+`
	`34`	`+const LRU = new lruCache({`
	`35`	`+ max: 1000,`
	`36`	`+ ttl: 1000 * 60 * 15`
	`37`	`+})`
	`38`	`+`
`29`	`39`	`function createRenderer(bundle, options) {`
`30`	`40`	`return createBundleRenderer(`
`31`	`41`	`bundle,`
`32`	`42`	`Object.assign(options, {`
`33`	`43`	`template: template,`
`34`		`- cache: LRU({`
`35`		`- max: 1000,`
`36`		`- maxAge: 1000 * 60 * 15`
`37`		`- }),`
	`44`	`+ cache: LRU,`
`38`	`45`	`basedir: resolve('./dist'),`
`39`	`46`	`runInNewContext: false`
`40`	`47`	`})`

`‎front/server/api/visitor.js`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,14 @@`
`1`	`1`	`/**`
`2`	`2`	`* @desc 访客信息处理`
	`3`	`+ * @author justJokee`
`3`	`4`	`*/`
`4`	`5`
`5`	`6`	`const express = require('express')`
`6`	`7`	`const { Octokit } = require('@octokit/core')`
`7`	`8`	`const api = require('../http/server-api')`
`8`	`9`	`const router = express.Router()`
`9`	`10`	`const db = require('../db/')`
`10`		`-const secret = require('../db/secret')`
	`11`	`+const {db: secret} = require('../db/secret')`
`11`	`12`
`12`	`13`	`// 存储访客信息`
`13`	`14`	`router.post('/api/front/visitor/save', async (req, res) => {`
`@@ -81,13 +82,13 @@ router.get('/login_github', (req, res) => {`
`81`	`82`	`}`
`82`	`83`	`api`
`83`	`84`	`.post('https://github.com/login/oauth/access_token', JSON.parse(JSON.stringify(params)))`
`84`		`- .then(fullData => {`
	`85`	`+ .then((fullData) => {`
`85`	`86`	`const arr1 = fullData.split('&')`
`86`	`87`	`const arr2 = arr1[0].split('=')`
`87`	`88`	`const token = arr2[1]`
`88`	`89`	`return token`
`89`	`90`	`})`
`90`		`- .then(async token => {`
	`91`	`+ .then(async (token) => {`
`91`	`92`	`let userInfo = {}`
`92`	`93`	const octokit = new Octokit({ auth: `${token}` })
`93`	`94`	`const info = await octokit.request('GET /user')`

`‎front/server/middleware/ratelimit.js`

Lines changed: 61 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,61 @@`
	`1`	`+/**`
	`2`	`+ * @desc 限流中间件(简单实现)`
	`3`	`+ * @author justJokee`
	`4`	`+ */`
	`5`	`+`
	`6`	`+const lruCache = require('lru-cache')`
	`7`	`+const getIp = require('../utils/getIp')`
	`8`	`+const { highLimitApis, HEIGHLIMIT, HEIGHLIMITTL } = require('../utils/highLimitApis')`
	`9`	`+// 每个ip一分钟最大限制100次请求`
	`10`	`+const LIMIT = 100`
	`11`	`+const LRU = new lruCache({`
	`12`	`+ max: 6000,`
	`13`	`+ // 默认时间窗口1分钟`
	`14`	`+ ttl: 1000 * 60`
	`15`	`+ // 过期后立即删除 Note that this may significantly degrade performance`
	`16`	`+ // ttlAutopurge: true`
	`17`	`+})`
	`18`	`+`
	`19`	`+module.exports = function ratelimit(req, res, next) {`
	`20`	`+ const ip = getIp(req)`
	`21`	+ const url = `${req.baseUrl}${req.url}`
	`22`	+ const key = `${ip}:${url}`
	`23`	+ const blackKey = `black:${ip}:${url}`
	`24`	`+ const value = LRU.get(key)`
	`25`	`+ const isHeighLimitApi = highLimitApis.includes(url)`
	`26`	`+ const limit = isHeighLimitApi ? HEIGHLIMIT : LIMIT`
	`27`	`+ const option = isHeighLimitApi ? { ttl: HEIGHLIMITTL } : {}`
	`28`	`+`
	`29`	`+ // cache中存在当前ip对应的接口信息`
	`30`	`+ if (value) {`
	`31`	`+ if (value < limit) {`
	`32`	`+ LRU.set(key, value + 1, option)`
	`33`	`+ next()`
	`34`	`+ }`
	`35`	`+ // 请求次数超限`
	`36`	`+ else {`
	`37`	`+ LRU.delete(key)`
	`38`	`+ LRU.set(blackKey, Date.now())`
	`39`	`+ // 返回限流状态`
	`40`	`+ response(res)`
	`41`	`+ }`
	`42`	`+ }`
	`43`	`+ // cache中不存在当前请求ip信息`
	`44`	`+ else {`
	`45`	`+ // ip已经在黑名单`
	`46`	`+ if (LRU.get(blackKey)) {`
	`47`	`+ // 返回限流状态`
	`48`	`+ response(res)`
	`49`	`+ } else {`
	`50`	`+ LRU.set(key, 1, option)`
	`51`	`+ next()`
	`52`	`+ }`
	`53`	`+ }`
	`54`	`+}`
	`55`	`+`
	`56`	`+function response(res) {`
	`57`	`+ res.json({`
	`58`	`+ status: 429,`
	`59`	`+ info: '访问次数超限,请稍后再试'`
	`60`	`+ })`
	`61`	`+}`

`‎front/server/utils/highLimitApis.js`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,11 @@`
	`1`	`+/**`
	`2`	`+ * @desc 限制高频访问的api名单`
	`3`	`+ * 1. 时间窗口 10s`
	`4`	`+ * 2. 限制次数 3`
	`5`	`+ * @author justJokee`
	`6`	`+ */`
	`7`	`+`
	`8`	`+exports.HEIGHLIMIT = 3`
	`9`	`+exports.HEIGHLIMITTL = 1000 * 10`
	`10`	`+`
	`11`	`+exports.highLimitApis = ['/api/front/comments/save', '/api/front/messageBoard/save']`

`‎front/src/entry-client.js`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ router.onReady(() => {`
`63`	`63`	`activated.map(async (Component) => {`
`64`	`64`	`if (Component.asyncData) {`
`65`	`65`	`const res = await Component.asyncData({ store, route: to })`
`66`		`- Component.__COMPONENT_ASYNCDATA__ = res`
	`66`	`+ Component.__COMPONENT_ASYNCDATA__ = res\|\|{}`
`67`	`67`	`}`
`68`	`68`	`})`
`69`	`69`	`)`

`‎front/src/entry-server.js`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`import { createApp } from './app'`
`2`	`2`
`3`		`-export default context => {`
	`3`	`+export default (context) => {`
`4`	`4`	`const { app, router, store } = createApp()`
`5`	`5`	`const meta = app.$meta()`
`6`	`6`	`return new Promise((resolve, reject) => {`
`@@ -14,7 +14,7 @@ export default context => {`
`14`	`14`	// 对所有匹配的路由组件调用 `asyncData()`
`15`	`15`	`try {`
`16`	`16`	`const componentRes = await Promise.all(`
`17`		`- matchedComponents.map(async Component => {`
	`17`	`+ matchedComponents.map(async (Component) => {`
`18`	`18`	`if (Component.asyncData) {`
`19`	`19`	`const res = await Component.asyncData({`
`20`	`20`	`store,`
`@@ -25,13 +25,13 @@ export default context => {`
`25`	`25`	`}`
`26`	`26`	`})`
`27`	`27`	`)`
`28`		`- const __COMPONENT_ASYNCDATA__ = componentRes.map(eRes => {`
	`28`	`+ const __COMPONENT_ASYNCDATA__ = componentRes.map((eRes) => {`
`29`	`29`	`if (eRes) {`
`30`	`30`	`const { res, Component } = eRes`
`31`	`31`	`// 将路由组件的 asyncData 返回值挂载到组件实例的构造项上`
`32`	`32`	`// 用于 data & asyncData 的合并策略`
`33`	`33`	`Component.__COMPONENT_ASYNCDATA__ = res`
`34`		`- return res`
	`34`	`+ return res\|\|{}`
`35`	`35`	`}`
`36`	`36`	`})`
`37`	`37`

`‎front/src/utils/errorCode.js`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,9 @@ export function errorCode(code) {`
`13`	`13`	`case 101:`
`14`	`14`	`_message('warning', '您已经点过赞了 ~')`
`15`	`15`	`break`
	`16`	`+ case 429:`
	`17`	`+ _message('warning', '访问次数超限,请稍后再试 ~')`
	`18`	`+ break`
`16`	`19`	`}`
`17`	`20`	`}`
`18`	`21`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 18a24e0

File tree

8 files changed

8 files changed

`‎front/package.json`

`‎front/server.js`

`‎front/server/api/visitor.js`

`‎front/server/middleware/ratelimit.js`

`‎front/server/utils/highLimitApis.js`

`‎front/src/entry-client.js`

`‎front/src/entry-server.js`

`‎front/src/utils/errorCode.js`

0 commit comments