亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

redis 實現登陸次數限制的思路詳解

發布時間:2020-10-13 20:18:51 來源:腳本之家 閱讀:389 作者:xiaoyureed 欄目:數據庫

title: redis-login-limitation 

利用 redis 實現登陸次數限制, 注解 + aop, 核心代碼很簡單.

基本思路

比如希望達到的要求是這樣: 在 1min 內登陸異常次數達到5次, 鎖定該用戶 1h

那么登陸請求的參數中, 會有一個參數唯一標識一個 user, 比如 郵箱/手機號/userName

用這個參數作為key存入redis, 對應的value為登陸錯誤的次數, string 類型, 并設置過期時間為 1min. 當獲取到的 value == "4" , 說明當前請求為第 5 次登陸異常, 鎖定.

所謂的鎖定, 就是將對應的value設置為某個標識符, 比如"lock", 并設置過期時間為 1h

核心代碼

定義一個注解, 用來標識需要登陸次數校驗的方法

package io.github.xiaoyureed.redispractice.anno;
import java.lang.annotation.*;
@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface RedisLimit {
  /**
   * 標識參數名, 必須是請求參數中的一個
   */
  String identifier();
  /**
   * 在多長時間內監控, 如希望在 60s 內嘗試
   * 次數限制為5次, 那么 watch=60; unit: s
   */
  long watch();
  /**
   * 鎖定時長, unit: s
   */
  long lock();
  /**
   * 錯誤的嘗試次數
   */
  int times();
}

編寫切面, 在目標方法前后進行校驗, 處理...

package io.github.xiaoyureed.redispractice.aop;
@Component
@Aspect
// Ensure that current advice is outer compared with ControllerAOP
// so we can handling login limitation Exception in this aop advice.
//@Order(9)
@Slf4j
public class RedisLimitAOP {
  @Autowired
  private StringRedisTemplate stringRedisTemplate;
  @Around("@annotation(io.github.xiaoyureed.redispractice.anno.RedisLimit)")
  public Object handleLimit(ProceedingJoinPoint joinPoint) {
    MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
    final Method   method     = methodSignature.getMethod();
    final RedisLimit redisLimitAnno = method.getAnnotation(RedisLimit.class);// 貌似可以直接在方法參數中注入 todo
    final String identifier = redisLimitAnno.identifier();
    final long  watch   = redisLimitAnno.watch();
    final int  times   = redisLimitAnno.times();
    final long  lock    = redisLimitAnno.lock();
    // final ServletRequestAttributes att       = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
    // final HttpServletRequest    request     = att.getRequest();
    // final String          identifierValue = request.getParameter(identifier);
    String identifierValue = null;
    try {
      final Object arg      = joinPoint.getArgs()[0];
      final Field declaredField = arg.getClass().getDeclaredField(identifier);
      declaredField.setAccessible(true);
      identifierValue = (String) declaredField.get(arg);
    } catch (NoSuchFieldException e) {
      log.error(">>> invalid identifier [{}], cannot find this field in request params", identifier);
    } catch (IllegalAccessException e) {
      e.printStackTrace();
    }
    if (StringUtils.isBlank(identifierValue)) {
      log.error(">>> the value of RedisLimit.identifier cannot be blank, invalid identifier: {}", identifier);
    }
    // check User locked
    final ValueOperations<String, String> ssOps = stringRedisTemplate.opsForValue();
    final String             flag = ssOps.get(identifierValue);
    if (flag != null && "lock".contentEquals(flag)) {
      final BaseResp result = new BaseResp();
      result.setErrMsg("user locked");
      result.setCode("1");
      return new ResponseEntity<>(result, HttpStatus.OK);
    }
    ResponseEntity result;
    try {
      result = (ResponseEntity) joinPoint.proceed();
    } catch (Throwable e) {
      result = handleLoginException(e, identifierValue, watch, times, lock);
    }
    return result;
  }
  private ResponseEntity handleLoginException(Throwable e, String identifierValue, long watch, int times, long lock) {
    final BaseResp result = new BaseResp();
    result.setCode("1");
    if (e instanceof LoginException) {
      log.info(">>> handle login exception...");
      final ValueOperations<String, String> ssOps = stringRedisTemplate.opsForValue();
      Boolean                exist = stringRedisTemplate.hasKey(identifierValue);
      // key doesn't exist, so it is the first login failure
      if (exist == null || !exist) {
        ssOps.set(identifierValue, "1", watch, TimeUnit.SECONDS);
        result.setErrMsg(e.getMessage());
        return new ResponseEntity<>(result, HttpStatus.OK);
      }
      String count = ssOps.get(identifierValue);
      // has been reached the limitation
      if (Integer.parseInt(count) + 1 == times) {
        log.info(">>> [{}] has been reached the limitation and will be locked for {}s", identifierValue, lock);
        ssOps.set(identifierValue, "lock", lock, TimeUnit.SECONDS);
        result.setErrMsg("user locked");
        return new ResponseEntity<>(result, HttpStatus.OK);
      }
      ssOps.increment(identifierValue);
      result.setErrMsg(e.getMessage() + "; you have try " + ssOps.get(identifierValue) + "times.");
    }
    log.error(">>> RedisLimitAOP cannot handle {}", e.getClass().getName());
    return new ResponseEntity<>(result, HttpStatus.OK);
  }
}

這樣使用:

package io.github.xiaoyureed.redispractice.web;
@RestController
public class SessionResources {
  @Autowired
  private SessionService sessionService;
  /**
   * 1 min 之內嘗試超過5次, 鎖定 user 1h
   */
  @RedisLimit(identifier = "name", watch = 30, times = 5, lock = 10)
  @RequestMapping(value = "/session", method = RequestMethod.POST)
  public ResponseEntity<LoginResp> login(@Validated @RequestBody LoginReq req) {
    return new ResponseEntity<>(sessionService.login(req), HttpStatus.OK);
  }
}

references

https://github.com/xiaoyureed/redis-login-limitation

總結

以上所述是小編給大家介紹的redis 實現登陸次數限制的思路詳解,希望對大家有所幫助,如果大家有任何疑問請給我留言,小編會及時回復大家的。在此也非常感謝大家對億速云網站的支持!
如果你覺得本文對你有幫助,歡迎轉載,煩請注明出處,謝謝!

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

泽库县| 塔河县| 淅川县| 保亭| 沽源县| 信宜市| 东台市| 通渭县| 内黄县| 迁西县| 从江县| 大埔区| 九寨沟县| 嵊泗县| 澜沧| 静安区| 慈利县| 丹棱县| 新河县| 扎兰屯市| 尉氏县| 驻马店市| 张家界市| 百色市| 神农架林区| 麻栗坡县| 固原市| 台中市| 东乌| 利津县| 阜阳市| 林甸县| 大姚县| 潍坊市| 晋城| 息烽县| 阿拉善盟| 威信县| 宁城县| 衡阳市| 渭南市|