新增加IPRateLimit限制

2022-04-04 18:53:02 +08:00
parent 6b0e6b11b3
commit 19c738b974
5 changed files with 106 additions and 4 deletions
--- a/ZR.Admin.WebApi/Extensions/IPRateExtension.cs
+++ b/ZR.Admin.WebApi/Extensions/IPRateExtension.cs
@@ -0,0 +1,27 @@
+using AspNetCoreRateLimit;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using System;
+
+namespace ZR.Admin.WebApi.Extensions
+{
+    public static class IPRateExtension
+    {
+        public static void AddIPRate(this IServiceCollection services, IConfiguration configuration)
+        {
+            if (services == null) throw new ArgumentNullException(nameof(services));
+
+            //从appsettings.json中加载常规配置，IpRateLimiting与配置文件中节点对应
+            services.Configure<IpRateLimitOptions>(configuration.GetSection("IpRateLimiting"));
+
+            //从appsettings.json中加载Ip规则
+            services.Configure<IpRateLimitPolicies>(configuration.GetSection("IpRateLimitPolicies"));
+            //注入计数器和规则存储
+            services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
+            services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
+            //配置（解析器、计数器密钥生成器）
+            services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
+            services.AddSingleton<IProcessingStrategy, AsyncKeyLockProcessingStrategy>();
+        }
+    }
+}
--- a/ZR.Admin.WebApi/Startup.cs
+++ b/ZR.Admin.WebApi/Startup.cs
@@ -1,3 +1,4 @@
+using AspNetCoreRateLimit;
 using Hei.Captcha;
 using Infrastructure;
 using Infrastructure.Extensions;
@@ -56,7 +57,9 @@ namespace ZR.Admin.WebApi
                .PersistKeysToFileSystem(new DirectoryInfo(Directory.GetCurrentDirectory() + Path.DirectorySeparatorChar + "DataProtection"));
            //<2F><>ͨ<EFBFBD><CDA8>֤<EFBFBD><D6A4>
            services.AddHeiCaptcha();
+            services.AddIPRate(Configuration);
            services.AddSession();
+            services.AddMemoryCache();
            services.AddHttpContextAccessor();

            //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Model<65><6C>
@@ -127,6 +130,8 @@ namespace ZR.Admin.WebApi
            app.UseAddTaskSchedulers();
            //ʹ<><CAB9>ȫ<EFBFBD><C8AB><EFBFBD>쳣<EFBFBD>м<EFBFBD><D0BC><EFBFBD>
            app.UseMiddleware<GlobalExceptionMiddleware>();
+            //<2F><><EFBFBD>ÿͻ<C3BF><CDBB><EFBFBD>IP<49><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+            app.UseIpRateLimiting();

            app.UseEndpoints(endpoints =>
            {
--- a/ZR.Admin.WebApi/ZR.Admin.WebApi.csproj
+++ b/ZR.Admin.WebApi/ZR.Admin.WebApi.csproj
@@ -22,6 +22,7 @@
  </ItemGroup>

  <ItemGroup>
+	<PackageReference Include="AspNetCoreRateLimit" Version="4.0.2" />
 	<PackageReference Include="EPPlus" Version="5.8.6" />
 	<PackageReference Include="Hei.Captcha" Version="0.3.0" />
 	<PackageReference Include="IPTools.China" Version="1.6.0" />
--- a/ZR.Admin.WebApi/appsettings.json
+++ b/ZR.Admin.WebApi/appsettings.json
@@ -54,5 +54,74 @@
  "RedisServer": {
    "Cache": "127.0.0.1:6379,defaultDatabase=0,poolsize=50,ssl=false,writeBuffer=10240,prefix=cache:",
    "Session": "127.0.0.1:6379,defaultDatabase=0,poolsize=50,ssl=false,writeBuffer=10240,prefix=session:"
+  },
+  //<2F>ӿ<EFBFBD><D3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+  "IpRateLimiting": {
+    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>5<EFBFBD><35>ÿ<EFBFBD><C3BF><EFBFBD>ӷ<EFBFBD><D3B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Falseʱ<65><CAB1><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF>ÿ<EFBFBD><C3BF><EFBFBD>ӿڶ<D3BF><DAB6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><C4B8>ӿڣ<D3BF>ֻҪ<D6BB><D2AA>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ۼƹ<DBBC>5<EFBFBD>Σ<EFBFBD><CEA3><EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD><D6B9><EFBFBD>ʡ<EFBFBD>
+    //True<75><65><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>5<EFBFBD><35>GetData<74>ӿڣ<D3BF><DAA3><EFBFBD><EFBFBD>ýӿڽ<D3BF><DABD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>ڽ<EFBFBD>ֹ<EFBFBD><D6B9><EFBFBD>ʣ<EFBFBD><CAA3><EFBFBD><EFBFBD>ǻ<EFBFBD><C7BB><EFBFBD><EFBFBD>Է<EFBFBD><D4B7><EFBFBD>PostData()5<><35>,<2C>ܵ<EFBFBD><DCB5><EFBFBD>˵<EFBFBD><CBB5>ÿ<EFBFBD><C3BF><EFBFBD>ӿڶ<D3BF><DAB6><EFBFBD>5<EFBFBD><35><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>ӣ<EFBFBD><D3A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>š<EFBFBD>
+    "EnableEndpointRateLimiting": true,
+    //false<73><65><EFBFBD>ܾ<EFBFBD><DCBE><EFBFBD>API<50><49><EFBFBD>ò<EFBFBD><C3B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӵ<EFBFBD><D3B5><EFBFBD><EFBFBD>ô<EFBFBD><C3B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<3B><> <20>ͻ<EFBFBD><CDBB><EFBFBD>ÿ<EFBFBD>뷢<EFBFBD><EBB7A2>3<EFBFBD><33><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><C3BF>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ƣ<EFBFBD><C6A3><EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD>ӻ<EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƽ<EFBFBD><C6BD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><C2BC>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD>ã<EFBFBD><C3A3><EFBFBD><EFBFBD>ɹ<EFBFBD><C9B9><EFBFBD>API<50><49><EFBFBD>á<EFBFBD><C3A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϣ<EFBFBD><CFA3><EFBFBD><EFBFBD><EFBFBD>ܾ<EFBFBD><DCBE><EFBFBD>API<50><49><EFBFBD>ü<EFBFBD><C3BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD>ӣ<EFBFBD>Сʱ<D0A1>ȣ<EFBFBD>
+    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>StackBlockedRequestsΪtrue<75><65>
+    "StackBlockedRequests": false,
+    "RealIpHeader": "X-Real-IP",
+    //ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀͻ<C4BF><CDBB><EFBFBD>ID<49><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˱<EFBFBD>ͷ<EFBFBD>д<EFBFBD><D0B4>ڿͻ<DABF><CDBB><EFBFBD>ID<49><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ClientWhitelist<73><74>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD>ֵƥ<D6B5>䣬<EFBFBD><E4A3AC><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ơ<EFBFBD>
+    "ClientIdHeader": "X-ClientId",
+    "HttpStatusCode": 429,
+    //<2F>˵<EFBFBD><CBB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+    //"EndpointWhitelist": [ "get:/api/xxx", "*:/api/yyy" ],
+    //<2F>ͻ<EFBFBD><CDBB>˰<EFBFBD><CBB0><EFBFBD><EFBFBD><EFBFBD>
+    //"ClientWhitelist": [ "dev-id-1", "dev-id-2" ],
+    "QuotaExceededResponse": {
+      "Content": "{{\"code\":429,\"msg\":\"<22><><EFBFBD>ʹ<EFBFBD><CAB9><EFBFBD>Ƶ<EFBFBD><C6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ժ<EFBFBD><D4BA><EFBFBD><EFBFBD><EFBFBD>\"}}",
+      "ContentType": "application/json",
+      "StatusCode": 429
+    },
+    //ͨ<>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD>api<70><69><EFBFBD><EFBFBD>,<2C><>βһ<CEB2><D2BB>Ҫ<EFBFBD><D2AA>*
+    "GeneralRules": [
+      {
+        "Endpoint": "*:/captchaImage",
+        //ʱ<><CAB1><EFBFBD>Σ<EFBFBD><CEA3><EFBFBD>ʽ<EFBFBD><CABD>{<7B><><EFBFBD><EFBFBD>}{<7B><>λ}<7D><><EFBFBD><EFBFBD>ʹ<EFBFBD>õ<EFBFBD>λ<EFBFBD><CEBB>s, m, h, d
+        "Period": "3s",
+        "Limit": 5
+      },
+      {
+        "Endpoint": "post:*",
+        //ʱ<><CAB1><EFBFBD>Σ<EFBFBD><CEA3><EFBFBD>ʽ<EFBFBD><CABD>{<7B><><EFBFBD><EFBFBD>}{<7B><>λ}<7D><><EFBFBD><EFBFBD>ʹ<EFBFBD>õ<EFBFBD>λ<EFBFBD><CEBB>s, m, h, d
+        "Period": "3s",
+        "Limit": 1
+      },
+      {
+        "Endpoint": "put:*",
+        //ʱ<><CAB1><EFBFBD>Σ<EFBFBD><CEA3><EFBFBD>ʽ<EFBFBD><CABD>{<7B><><EFBFBD><EFBFBD>}{<7B><>λ}<7D><><EFBFBD><EFBFBD>ʹ<EFBFBD>õ<EFBFBD>λ<EFBFBD><CEBB>s, m, h, d
+        "Period": "3s",
+        "Limit": 1
+      }
+      //{
+      //  "Endpoint": "*",
+      //  //ʱ<><CAB1><EFBFBD>Σ<EFBFBD><CEA3><EFBFBD>ʽ<EFBFBD><CABD>{<7B><><EFBFBD><EFBFBD>}{<7B><>λ}<7D><><EFBFBD><EFBFBD>ʹ<EFBFBD>õ<EFBFBD>λ<EFBFBD><CEBB>s, m, h, d
+      //  "Period": "1s",
+      //  "Limit": 2
+      //}
+      //{
+      //  "Endpoint": "*",
+      //  "Period": "15m",
+      //  "Limit": 100
+      //},
+      //{
+      //  "Endpoint": "*",
+      //  "Period": "12h",
+      //  "Limit": 1000
+      //},
+      //{
+      //  "Endpoint": "*",
+      //  "Period": "7d",
+      //  "Limit": 10000
+      //}
+    ],
+    "IpRateLimitPolicies": {
+      //ip<69><70><EFBFBD><EFBFBD>
+      "IpRules": [
+      ]
+    }
  }
 }
--- a/ZR.Vue/src/utils/request.js
+++ b/ZR.Vue/src/utils/request.js
@@ -57,7 +57,7 @@ service.interceptors.response.use(res => {
      })

      return Promise.reject('无效的会话，或者会话已过期，请重新登录。')
-    } else if (code == 0 || code == 1 || code == 110 || code == 101 || code == 403 || code == 500) {
+    } else if (code == 0 || code == 1 || code == 110 || code == 101 || code == 403 || code == 500 || code == 429) {
      Message({
        message: msg,
        type: 'error'
@@ -70,13 +70,13 @@ service.interceptors.response.use(res => {
  },
  error => {
    console.log('err' + error)
-    let {
-      message
-    } = error;
+    let { message } = error;
    if (message == "Network Error") {
      message = "后端接口连接异常";
    } else if (message.includes("timeout")) {
      message = "系统接口请求超时";
+    } else if (message.includes("Request failed with status code 429")) {
+      message = "请求过于频繁，请稍后再试";
    } else if (message.includes("Request failed with status code")) {
      message = "系统接口" + message.substr(message.length - 3) + "异常";
    }