laravel 5.6 中 api 路由的 ThrottleRequestMiddleware

【问题标题】:ThrottleRequestMiddleware for api route in laravel 5.6laravel 5.6 中 api 路由的 ThrottleRequestMiddleware
【发布时间】:2018-09-28 16:02:02
【问题描述】:

我已经构建了用于将帖子作为 json 资源返回的 api 路由,当我将中间件 'apiThrottle:5,1' 放在 api 路由上时,它只会显示两次结果,然后在第三次它将生成 json响应“尝试次数过多...”

但是当我将中间件添加到网络路由时,它会继续显示结果的最大次数(在本例中为 5),然后它会生成“尝试次数过多...”

网址:https://project.test/

Route::middleware('apiThrottle:5,1')->get('/', function (){
     return 'Web Route';
});

API 路由:https://project.test/api/

Route::middleware('apiThrottle:5,1')->get('/', function (){
     return 'API Route';
});

中间件:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\JsonResponse;
use Illuminate\Routing\Middleware\ThrottleRequests;

class ThrottleRequestsMiddleware extends ThrottleRequests
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @param  int $maxAttempts
     * @param  int $decayMinutes
     * @return mixed
     */
    public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1)
    {
        $key = $this->resolveRequestSignature($request);

        $maxAttempts = $this->resolveMaxAttempts($request, $maxAttempts);

        if ($this->limiter->tooManyAttempts($key, $maxAttempts)) {
            return $this->buildJsonResponse($key, $maxAttempts);
        }

        $this->limiter->hit($key, $decayMinutes);

        $response = $next($request);

        return $this->addHeaders(
            $response, $maxAttempts,
            $this->calculateRemainingAttempts($key, $maxAttempts)
        );
    }

    /**
     * Create a 'too many attempts' JSON response.
     *
     * @param  string  $key
     * @param  int  $maxAttempts
     * @return \Symfony\Component\HttpFoundation\Response
     */
    protected function buildJsonResponse($key, $maxAttempts)
    {
        $response = new JsonResponse([
            'error' => [
                'code' => 429,
                'message' => 'Too many attempts, please slow down the request.',
            ],
        ], 429);

        $retryAfter = $this->limiter->availableIn($key);

        return $this->addHeaders(
            $response, $maxAttempts,
            $this->calculateRemainingAttempts($key, $maxAttempts, $retryAfter),
            $retryAfter
        );
    }
}

Kernel.php:

     /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        .
        .
        .
        'apiThrottle' => \App\Http\Middleware\ThrottleRequestsMiddleware::class,
    ];

Web 路由标头:请求和响应

Content-Security-Policy: default-src 'none' ; script-src resource:; 
X-Firefox-Spdy: h2
cache-control: no-cache, private
content-type: application/json
date: Wed, 18 Apr 2018 11:57:50 GMT
retry-after: 53
server: nginx/1.13.6
set-cookie: XSRF-TOKEN=eyJpdiI6ImpRdGlIXC9KbnV3QTY2MkpKbEZUQ3d3PT0iLCJ2YWx1ZSI6IlU5YXFkZmpVXC9nMHpXSW5zK2RUZFlTVTA0N0YzaE9TeURpSHJlV0FUb1NkXC9rN3dvUUdVbzgwNHQ4MCtDU04rYjBNSHB6U2dsUzZ6cys2cGY5N1dUQVE9PSIsIm1hYyI6IjAzMTRkZTdkNmEwMzk5ODZhMTQ2ODhmYTJjOWE2ODIzODQ1YzQ0OThhY2I2NWUxOTk5MDRmNDc0ZjBjMmNjMDgifQ%3D%3D; expires=Wed, 18-Apr-2018 13:57:50 GMT; Max-Age=7200; path=/
larablog_session=eyJpdiI6IkZqaGZVUk10bFNpb2hUc2xPMXdBbVE9PSIsInZhbHVlIjoiY0hoXC9qMHFWdENIOEZZK3BaUklhMjZtQ2JoS2IwQlRTV053clUyQVd0RmpxTlRmMlVRc1Q4QW8zYUMwZSs0dmFuM3U2N3A2ZGJCZTBaN2JwdHJDSE13PT0iLCJtYWMiOiI1YzQ0ZTNjOGI4NDI3ZDg4NTI5MDQyMDRiMTc3ODk3OGZkYjk4OWJmNzhkODFkM2UwZGU1MTM0NDdmNjIxYTY1In0%3D; expires=Wed, 18-Apr-2018 13:57:50 GMT; Max-Age=7200; path=/; HttpOnly
x-ratelimit-limit: 5
x-ratelimit-remaining: 0
x-ratelimit-reset: 1524052723

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkNibkJQOUM3clJscElSWGZrcDVoZGc9PSIsInZhbHVlIjoiMzJuZGljNnRzUFoxNVVOYVZscFJBRElqMHJGSGxYa2dqVXkwR0VtZlhpQUFLUkI4cHJnOFdLSGIwdEdmRnA2R2Y5WHRXZHNtTFwvUVVpc2xKM1lQVHV3PT0iLCJtYWMiOiJmNmRjMjQwMDllOWFhZGY2Y2Q2YTVmYzFjZGQxNTE4MTk3ZjRkYWUyMTA2OWY0Y2E3NGNjYTg5MmEzYTZmZjJkIn0%3D; larablog_session=eyJpdiI6IlwvUm55cHBaTVdnR21rbkJVU05DUXVBPT0iLCJ2YWx1ZSI6IkJlYVV3dXB6SUNjMkRrUHJ2bTN2R3RUa294aVpjelJlTVFCUENXVldpSzlKNWdYUTdqeHJtY1JEWXV5UUpvbUc0bHB4UG5hcGltTG9OSVYrdjBMS29BPT0iLCJtYWMiOiI0M2ZjYWMyNjY0MjFkYTlhZjZkZmQ5MjVkMDFhODZiODFiNjQ4OGIzOTViZTNmY2E2NmNhMjQzYmRiY2I4ODdhIn0%3D
Host: project.test
Referer: https://project.test/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

API 路由标头:请求和响应

Content-Security-Policy: default-src 'none' ; script-src resource:; 
X-Firefox-Spdy: h2
cache-control: no-cache, private
content-type: application/json
date: Wed, 18 Apr 2018 11:55:55 GMT
retry-after: 57
server: nginx/1.13.6
x-ratelimit-limit: 60
x-ratelimit-remaining: 55
x-ratelimit-reset: 1524052612

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InFHZVFHNDg3M2hpcG9rUHd2WnlQclE9PSIsInZhbHVlIjoiQW1oZFZXbFc3NFhwVnpBTGZsM0tKbGlBaDhUNkM0TXpqMzZTb1FHUUI4bFk5XC9wWEdyK0lOZThyZ25vT2FLUHN2MXFZZGtuaVFta1lLdzBxZU9FdnR3PT0iLCJtYWMiOiJhMjM3MzA5ZDI1MmNjMjE0YTkyZjA4ODAyMzNmNDQwM2JjNTJjYzY4NzcyYWIwYWE5NjdmMWI0OTgwNjg5OGY4In0%3D; larablog_session=eyJpdiI6IjhTMnZTSmhMd3lSOUlLZzREd1BEN0E9PSIsInZhbHVlIjoiMVh2SFh4azM2RTJxRWFkV0g4YUxMUmRhVyt0bUVOYkZzbnZLRnBVb1gxQXB5OUQ2Y2lFZmNpMGt0NmNXSVlKSDFoWlE1aVZra2ROZEtYSzNpRzlVbGc9PSIsIm1hYyI6IjhmMDNmNzgzYWViODU3NzQ0MTExMzBlNWI1OTc0MTY5YzI2ZDZkZDQ2OThmZTM3NDJjZjA4MTkxN2Y0YTVhNmQifQ%3D%3D
Host: project.test
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

请指教,

【问题讨论】:

    标签: php laravel routes rate-limiting


    【解决方案1】:

    api 油门声明了两次,因此命中计数两次。

    对于所有 api 路由,在 app/Http/Kernel.php

    上声明了油门中间件 
        'api' => [
        'throttle:60,1',
        'bindings',
    ],

    要解决这个问题,你必须去掉内核文件中的api限制,你可以在api路由文件app/routes/api.php中定义单独的限制中间件组如下: 

    // limit to 60 hits in 1 min
Route::group(['middleware' => ['throttle:60,1'], 'prefix' => 'foo'], function () {
    Route::get('/', 'FooController@fooMethod');
});

// limit to 500 hits in 1 min
Route::group(['middleware' => ['throttle:500,1'], 'prefix' => 'bar'], function () {
    Route::get('/', 'BarController@barMethod');
});

    【讨论】:

    • 我设法通过将 api 中间件组 $middlewareGroups 中的节流阀更改为我的中间件 apiThrottle 来更改 api 路由行为
    【解决方案2】:

    我试过了,它对我有用。

    php artisan cache:clear

    【讨论】:

      猜你喜欢
      • 2018-09-26
      • 1970-01-01
      • 2019-07-10
      • 1970-01-01
      • 1970-01-01
      • 2019-03-31
      • 2018-12-17
      • 2018-08-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode