Domů Procházet Nápověda
Registrovat se Přihlásit se
nongchang
/
kknongchang_2506
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: d57475ebb5
Větve Značky
kknongchang_250...
/
app
/
Module
/
OpenAPI
/
Services
/
RateLimitService.php

RateLimitService.php 11 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374 
  1. <?php
    2. 

  2. 

  3. namespace App\Module\OpenAPI\Services;
    4. 

  4. 

  5. use App\Module\OpenAPI\Models\OpenApiApp;
    6. 

  6. use App\Module\OpenAPI\Models\OpenApiRateLimit;
    7. 

  7. use Illuminate\Support\Facades\Cache;
    8. 

  8. use Illuminate\Support\Facades\Log;
    9. 

  9. use Illuminate\Http\Request;
    10. 

  10. 

  11. /**
    12. 

  12.  * 频率限制服务
    13. 

  13.  * 
    14. 

  14.  * 提供API调用频率限制功能,支持多种限制策略
    15. 

  15.  */
    16. 

  16. class RateLimitService
    17. 

  17. {
    18. 

  18.     /**
    19. 

  19.      * 检查频率限制
    20. 

  20.      *
    21. 

  21.      * @param OpenApiApp $app
    22. 

  22.      * @param Request $request
    23. 

  23.      * @param array|null $customLimits 自定义限制规则
    24. 

  24.      * @return array ['allowed' => bool, 'remaining' => int, 'reset_time' => int]
    25. 

  25.      */
    26. 

  26.     public function checkRateLimit(OpenApiApp $app, Request $request, ?array $customLimits = null): array
    27. 

  27.     {
    28. 

  28.         $ip = $request->ip();
    29. 

  29.         $appId = $app->app_id;
    30. 

  30.         $endpoint = $request->path();
    31. 

  31. 

  32.         // 获取限制配置
    33. 

  33.         $limits = $customLimits ?? $this->getAppRateLimits($app);
    34. 

  34. 

  35.         $result = [
    36. 

  36.             'allowed' => true,
    37. 

  37.             'remaining' => 0,
    38. 

  38.             'reset_time' => 0,
    39. 

  39.             'limit_type' => null,
    40. 

  40.         ];
    41. 

  41. 

  42.         // 检查各种限制
    43. 

  43.         foreach ($limits as $limitType => $limitValue) {
    44. 

  44.             if ($limitValue <= 0) continue;
    45. 

  45. 

  46.             $checkResult = $this->checkSpecificLimit($appId, $ip, $endpoint, $limitType, $limitValue);
    47. 

  47.             
    48. 

  48.             if (!$checkResult['allowed']) {
    49. 

  49.                 $result = $checkResult;
    50. 

  50.                 $result['limit_type'] = $limitType;
    51. 

  51.                 break;
    52. 

  52.             }
    53. 

  53. 

  54.             // 记录最小的剩余次数
    55. 

  55.             if ($result['remaining'] === 0 || $checkResult['remaining'] < $result['remaining']) {
    56. 

  56.                 $result['remaining'] = $checkResult['remaining'];
    57. 

  57.                 $result['reset_time'] = $checkResult['reset_time'];
    58. 

  58.             }
    59. 

  59.         }
    60. 

  60. 

  61.         // 记录限制检查日志
    62. 

  62.         $this->logRateLimitCheck($app, $request, $result);
    63. 

  63. 

  64.         return $result;
    65. 

  65.     }
    66. 

  66. 

  67.     /**
    68. 

  68.      * 检查特定类型的限制
    69. 

  69.      *
    70. 

  70.      * @param string $appId
    71. 

  71.      * @param string $ip
    72. 

  72.      * @param string $endpoint
    73. 

  73.      * @param string $limitType
    74. 

  74.      * @param int $limitValue
    75. 

  75.      * @return array
    76. 

  76.      */
    77. 

  77.     protected function checkSpecificLimit(string $appId, string $ip, string $endpoint, string $limitType, int $limitValue): array
    78. 

  78.     {
    79. 

  79.         $window = $this->getLimitWindow($limitType);
    80. 

  80.         $key = $this->buildCacheKey($appId, $ip, $endpoint, $limitType);
    81. 

  81. 

  82.         $current = Cache::get($key, 0);
    83. 

  83.         $remaining = max(0, $limitValue - $current);
    84. 

  84.         $resetTime = time() + $window;
    85. 

  85. 

  86.         if ($current >= $limitValue) {
    87. 

  87.             return [
    88. 

  88.                 'allowed' => false,
    89. 

  89.                 'remaining' => 0,
    90. 

  90.                 'reset_time' => $resetTime,
    91. 

  91.             ];
    92. 

  92.         }
    93. 

  93. 

  94.         // 增加计数
    95. 

  95.         Cache::put($key, $current + 1, $window);
    96. 

  96. 

  97.         return [
    98. 

  98.             'allowed' => true,
    99. 

  99.             'remaining' => $remaining - 1,
    100. 

  100.             'reset_time' => $resetTime,
    101. 

  101.         ];
    102. 

  102.     }
    103. 

  103. 

  104.     /**
    105. 

  105.      * 获取应用的频率限制配置
    106. 

  106.      *
    107. 

  107.      * @param OpenApiApp $app
    108. 

  108.      * @return array
    109. 

  109.      */
    110. 

  110.     protected function getAppRateLimits(OpenApiApp $app): array
    111. 

  111.     {
    112. 

  112.         $rateLimits = $app->rate_limits ?? [];
    113. 

  113. 

  114.         // 如果应用没有配置限制,使用默认配置
    115. 

  115.         if (empty($rateLimits)) {
    116. 

  116.             $rateLimits = config('openapi.rate_limit.default', [
    117. 

  117.                 'requests_per_minute' => 60,
    118. 

  118.                 'requests_per_hour' => 1000,
    119. 

  119.                 'requests_per_day' => 10000,
    120. 

  120.             ]);
    121. 

  121.         }
    122. 

  122. 

  123.         return $rateLimits;
    124. 

  124.     }
    125. 

  125. 

  126.     /**
    127. 

  127.      * 获取限制时间窗口(秒)
    128. 

  128.      *
    129. 

  129.      * @param string $limitType
    130. 

  130.      * @return int
    131. 

  131.      */
    132. 

  132.     protected function getLimitWindow(string $limitType): int
    133. 

  133.     {
    134. 

  134.         return match ($limitType) {
    135. 

  135.             'requests_per_minute' => 60,
    136. 

  136.             'requests_per_hour' => 3600,
    137. 

  137.             'requests_per_day' => 86400,
    138. 

  138.             'requests_per_week' => 604800,
    139. 

  139.             'requests_per_month' => 2592000,
    140. 

  140.             default => 3600, // 默认1小时
    141. 

  141.         };
    142. 

  142.     }
    143. 

  143. 

  144.     /**
    145. 

  145.      * 构建缓存键
    146. 

  146.      *
    147. 

  147.      * @param string $appId
    148. 

  148.      * @param string $ip
    149. 

  149.      * @param string $endpoint
    150. 

  150.      * @param string $limitType
    151. 

  151.      * @return string
    152. 

  152.      */
    153. 

  153.     protected function buildCacheKey(string $appId, string $ip, string $endpoint, string $limitType): string
    154. 

  154.     {
    155. 

  155.         $timeWindow = $this->getTimeWindow($limitType);
    156. 

  156.         return "rate_limit:{$limitType}:{$appId}:{$ip}:{$endpoint}:{$timeWindow}";
    157. 

  157.     }
    158. 

  158. 

  159.     /**
    160. 

  160.      * 获取时间窗口标识
    161. 

  161.      *
    162. 

  162.      * @param string $limitType
    163. 

  163.      * @return string
    164. 

  164.      */
    165. 

  165.     protected function getTimeWindow(string $limitType): string
    166. 

  166.     {
    167. 

  167.         return match ($limitType) {
    168. 

  168.             'requests_per_minute' => date('Y-m-d-H-i'),
    169. 

  169.             'requests_per_hour' => date('Y-m-d-H'),
    170. 

  170.             'requests_per_day' => date('Y-m-d'),
    171. 

  171.             'requests_per_week' => date('Y-W'),
    172. 

  172.             'requests_per_month' => date('Y-m'),
    173. 

  173.             default => date('Y-m-d-H'),
    174. 

  174.         };
    175. 

  175.     }
    176. 

  176. 

  177.     /**
    178. 

  178.      * 记录频率限制检查日志
    179. 

  179.      *
    180. 

  180.      * @param OpenApiApp $app
    181. 

  181.      * @param Request $request
    182. 

  182.      * @param array $result
    183. 

  183.      * @return void
    184. 

  184.      */
    185. 

  185.     protected function logRateLimitCheck(OpenApiApp $app, Request $request, array $result): void
    186. 

  186.     {
    187. 

  187.         if (!$result['allowed']) {
    188. 

  188.             Log::warning('Rate limit exceeded', [
    189. 

  189.                 'app_id' => $app->app_id,
    190. 

  190.                 'ip' => $request->ip(),
    191. 

  191.                 'endpoint' => $request->path(),
    192. 

  192.                 'limit_type' => $result['limit_type'] ?? 'unknown',
    193. 

  193.                 'user_agent' => $request->userAgent(),
    194. 

  194.             ]);
    195. 

  195. 

  196.             // 记录到数据库
    197. 

  197.             $this->recordRateLimitViolation($app, $request, $result);
    198. 

  198.         }
    199. 

  199.     }
    200. 

  200. 

  201.     /**
    202. 

  202.      * 记录频率限制违规
    203. 

  203.      *
    204. 

  204.      * @param OpenApiApp $app
    205. 

  205.      * @param Request $request
    206. 

  206.      * @param array $result
    207. 

  207.      * @return void
    208. 

  208.      */
    209. 

  209.     protected function recordRateLimitViolation(OpenApiApp $app, Request $request, array $result): void
    210. 

  210.     {
    211. 

  211.         try {
    212. 

  212.             OpenApiRateLimit::create([
    213. 

  213.                 'app_id' => $app->app_id,
    214. 

  214.                 'ip_address' => $request->ip(),
    215. 

  215.                 'endpoint' => $request->path(),
    216. 

  216.                 'limit_type' => $result['limit_type'] ?? 'unknown',
    217. 

  217.                 'window_start' => now(),
    218. 

  218.                 'request_count' => 1,
    219. 

  219.                 'is_blocked' => true,
    220. 

  220.                 'user_agent' => $request->userAgent(),
    221. 

  221.                 'headers' => json_encode($request->headers->all()),
    222. 

  222.             ]);
    223. 

  223.         } catch (\Exception $e) {
    224. 

  224.             Log::error('Failed to record rate limit violation', [
    225. 

  225.                 'error' => $e->getMessage(),
    226. 

  226.                 'app_id' => $app->app_id,
    227. 

  227.             ]);
    228. 

  228.         }
    229. 

  229.     }
    230. 

  230. 

  231.     /**
    232. 

  232.      * 获取应用的限流统计
    233. 

  233.      *
    234. 

  234.      * @param string $appId
    235. 

  235.      * @param string $period 统计周期:hour, day, week, month
    236. 

  236.      * @return array
    237. 

  237.      */
    238. 

  238.     public function getRateLimitStats(string $appId, string $period = 'day'): array
    239. 

  239.     {
    240. 

  240.         $startTime = $this->getStatsPeriodStart($period);
    241. 

  241. 

  242.         $stats = OpenApiRateLimit::where('app_id', $appId)
    243. 

  243.             ->where('window_start', '>=', $startTime)
    244. 

  244.             ->selectRaw('
    245. 

  245.                 limit_type,
    246. 

  246.                 COUNT(*) as violation_count,
    247. 

  247.                 SUM(request_count) as total_requests,
    248. 

  248.                 COUNT(DISTINCT ip_address) as unique_ips
    249. 

  249.             ')
    250. 

  250.             ->groupBy('limit_type')
    251. 

  251.             ->get();
    252. 

  252. 

  253.         return [
    254. 

  254.             'period' => $period,
    255. 

  255.             'start_time' => $startTime,
    256. 

  256.             'stats' => $stats->toArray(),
    257. 

  257.             'total_violations' => $stats->sum('violation_count'),
    258. 

  258.             'total_blocked_requests' => $stats->sum('total_requests'),
    259. 

  259.         ];
    260. 

  260.     }
    261. 

  261. 

  262.     /**
    263. 

  263.      * 获取统计周期的开始时间
    264. 

  264.      *
    265. 

  265.      * @param string $period
    266. 

  266.      * @return \Carbon\Carbon
    267. 

  267.      */
    268. 

  268.     protected function getStatsPeriodStart(string $period): \Carbon\Carbon
    269. 

  269.     {
    270. 

  270.         return match ($period) {
    271. 

  271.             'hour' => now()->subHour(),
    272. 

  272.             'day' => now()->subDay(),
    273. 

  273.             'week' => now()->subWeek(),
    274. 

  274.             'month' => now()->subMonth(),
    275. 

  275.             default => now()->subDay(),
    276. 

  276.         };
    277. 

  277.     }
    278. 

  278. 

  279.     /**
    280. 

  280.      * 清理过期的限流记录
    281. 

  281.      *
    282. 

  282.      * @param int $daysToKeep 保留天数
    283. 

  283.      * @return int 清理的记录数
    284. 

  284.      */
    285. 

  285.     public function cleanExpiredRecords(int $daysToKeep = 30): int
    286. 

  286.     {
    287. 

  287.         $cutoffDate = now()->subDays($daysToKeep);
    288. 

  288. 

  289.         return OpenApiRateLimit::where('window_start', '<', $cutoffDate)->delete();
    290. 

  290.     }
    291. 

  291. 

  292.     /**
    293. 

  293.      * 重置应用的限流计数
    294. 

  294.      *
    295. 

  295.      * @param string $appId
    296. 

  296.      * @param string|null $limitType 限制类型,null表示重置所有
    297. 

  297.      * @return void
    298. 

  298.      */
    299. 

  299.     public function resetRateLimit(string $appId, ?string $limitType = null): void
    300. 

  300.     {
    301. 

  301.         $pattern = $limitType
    302. 

  302.             ? "rate_limit:{$limitType}:{$appId}:*"
    303. 

  303.             : "rate_limit:*:{$appId}:*";
    304. 

  304. 

  305.         // 清除缓存
    306. 

  306.         $keys = Cache::getRedis()->keys($pattern);
    307. 

  307.         if (!empty($keys)) {
    308. 

  308.             Cache::getRedis()->del($keys);
    309. 

  309.         }
    310. 

  310. 

  311.         Log::info('Rate limit reset', [
    312. 

  312.             'app_id' => $appId,
    313. 

  313.             'limit_type' => $limitType ?? 'all',
    314. 

  314.             'cleared_keys' => count($keys),
    315. 

  315.         ]);
    316. 

  316.     }
    317. 

  317. 

  318.     /**
    319. 

  319.      * 检查IP是否被临时封禁
    320. 

  320.      *
    321. 

  321.      * @param string $ip
    322. 

  322.      * @param string $appId
    323. 

  323.      * @return bool
    324. 

  324.      */
    325. 

  325.     public function isIpTemporarilyBanned(string $ip, string $appId): bool
    326. 

  326.     {
    327. 

  327.         $banKey = "ip_ban:{$appId}:{$ip}";
    328. 

  328.         return Cache::has($banKey);
    329. 

  329.     }
    330. 

  330. 

  331.     /**
    332. 

  332.      * 临时封禁IP
    333. 

  333.      *
    334. 

  334.      * @param string $ip
    335. 

  335.      * @param string $appId
    336. 

  336.      * @param int $minutes 封禁分钟数
    337. 

  337.      * @param string $reason 封禁原因
    338. 

  338.      * @return void
    339. 

  339.      */
    340. 

  340.     public function temporarilyBanIp(string $ip, string $appId, int $minutes = 60, string $reason = 'Rate limit exceeded'): void
    341. 

  341.     {
    342. 

  342.         $banKey = "ip_ban:{$appId}:{$ip}";
    343. 

  343.         Cache::put($banKey, [
    344. 

  344.             'reason' => $reason,
    345. 

  345.             'banned_at' => now(),
    346. 

  346.             'expires_at' => now()->addMinutes($minutes),
    347. 

  347.         ], $minutes * 60);
    348. 

  348. 

  349.         Log::warning('IP temporarily banned', [
    350. 

  350.             'ip' => $ip,
    351. 

  351.             'app_id' => $appId,
    352. 

  352.             'duration_minutes' => $minutes,
    353. 

  353.             'reason' => $reason,
    354. 

  354.         ]);
    355. 

  355.     }
    356. 

  356. 

  357.     /**
    358. 

  358.      * 解除IP封禁
    359. 

  359.      *
    360. 

  360.      * @param string $ip
    361. 

  361.      * @param string $appId
    362. 

  362.      * @return void
    363. 

  363.      */
    364. 

  364.     public function unbanIp(string $ip, string $appId): void
    365. 

  365.     {
    366. 

  366.         $banKey = "ip_ban:{$appId}:{$ip}";
    367. 

  367.         Cache::forget($banKey);
    368. 

  368. 

  369.         Log::info('IP ban removed', [
    370. 

  370.             'ip' => $ip,
    371. 

  371.             'app_id' => $appId,
    372. 

  372.         ]);
    373. 

  373.     }
    374. 

  374. }
    375.