import com.alibaba.fastjson2.JSON;
import com.cloud.util.IPUtils;
import com.cloud.util.RedisUtil;
import com.cloud.util.msg.Msg;
import com.cloud.util.msg.ResultCode;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import java.io.IOException;
import java.util.Objects;
/**
* 接口防刷拦截器
*
* @author Einzieg
* @date 2023/11/21
*/
@Slf4j
@Component
@RequiredArgsConstructor
public class RepeatRequestIntercept implements HandlerInterceptor {
private static final int MAX_REQUEST_COUNT = 10;
private static final long EXPIRE_TIME = 10;
private final RedisUtil redisUtil;
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 判断请求是否为方法的请求
if (handler instanceof HandlerMethod) {
String key = IPUtils.getIpAddr(request) + "-" + request.getMethod() + "-" + request.getRequestURL();
log.info("key: {}", key);
Object requestCountObj = redisUtil.get(key);
if (Objects.isNull(requestCountObj)) {
// 若为空则为第一次请求
redisUtil.set(key, 1, EXPIRE_TIME);
} else {
// 限定时间内的第n次请求
int requestCount = Integer.parseInt(requestCountObj.toString());
// 判断是否超过最大限定请求次数
if (requestCount < MAX_REQUEST_COUNT) {
// 未超过则请求次数+1
redisUtil.increasing(key, 1);
} else {
// 否则拒绝请求并返回信息
returnMsg(response);
return false;
}
}
}
return true;
}
/**
* 拒绝请求
*
* @param response {@link HttpServletResponse}
*/
private void returnMsg(HttpServletResponse response) throws IOException {
response.setContentType("application/json;charset=utf-8");
ServletOutputStream os = response.getOutputStream();
String jsonString = JSON.toJSONString(Msg.fail(ResultCode.TOO_MANY_REQUESTS));
os.write(jsonString.getBytes());
os.flush();
os.close();
}
}
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.StringUtils;
import java.net.InetAddress;
import java.net.UnknownHostException;
/**
* Ip地址工具类
* @Author Einzieg
* @date 2023-08-10 15:000
*/
@Slf4j
public class IPUtils {
private static final String IP_UTILS_FLAG = ",";
private static final String UNKNOWN = "unknown";
private static final String LOCALHOST_IP = "0:0:0:0:0:0:0:1";
private static final String LOCALHOST_IP1 = "127.0.0.1";
/**
* 获取IP地址
* <p>
* 使用Nginx等反向代理软件, 则不能通过request.getRemoteAddr()获取IP地址
* 如果使用了多级反向代理的话,X-Forwarded-For的值并不止一个,而是一串IP地址,X-Forwarded-For中第一个非unknown的有效IP字符串,则为真实IP地址
*/
public static String getIpAddr(HttpServletRequest request) {
String ip = null;
try {
//以下两个获取在k8s中,将真实的客户端IP,放到了x-Original-Forwarded-For。而将WAF的回源地址放到了 x-Forwarded-For了。
ip = request.getHeader("X-Original-Forwarded-For");
if (!StringUtils.hasText(ip) || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Forwarded-For");
}
//获取nginx等代理的ip
if (!StringUtils.hasText(ip) || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("x-forwarded-for");
}
if (!StringUtils.hasText(ip) || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (!StringUtils.hasText(ip) || ip.length() == 0 || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (!StringUtils.hasText(ip) || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (!StringUtils.hasText(ip) || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
//兼容k8s集群获取ip
if (!StringUtils.hasText(ip) || UNKNOWN.equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
if (LOCALHOST_IP1.equalsIgnoreCase(ip) || LOCALHOST_IP.equalsIgnoreCase(ip)) {
//根据网卡取本机配置的IP
InetAddress iNet = null;
try {
iNet = InetAddress.getLocalHost();
} catch (UnknownHostException e) {
log.error("获取客户端IP错误:", e);
}
ip = iNet != null ? iNet.getHostAddress() : null;
}
}
} catch (Exception e) {
log.error("IPUtils ERROR ", e);
}
//使用代理,则获取第一个IP地址
if (StringUtils.hasText(ip) && ip.indexOf(IP_UTILS_FLAG) > 0) {
ip = ip.substring(0, ip.indexOf(IP_UTILS_FLAG));
}
return ip;
}
}
import com.cloud.util.interceptor.RepeatRequestIntercept;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@RequiredArgsConstructor
public class WebConfig implements WebMvcConfigurer {
private final RepeatRequestIntercept repeatRequestIntercept;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(repeatRequestIntercept).addPathPatterns("/**");
}
}
