Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
64370f1a
Commit
64370f1a
authored
Mar 03, 2014
by
Qiang Xue
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implemented rate limiter.
parent
93861e09
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
145 additions
and
4 deletions
+145
-4
Controller.php
framework/rest/Controller.php
+21
-4
RateLimitInterface.php
framework/rest/RateLimitInterface.php
+39
-0
RateLimiter.php
framework/rest/RateLimiter.php
+85
-0
No files found.
framework/rest/Controller.php
View file @
64370f1a
...
...
@@ -49,6 +49,12 @@ class Controller extends \yii\web\Controller
*/
public
$authMethods
=
[
'yii\rest\HttpBasicAuth'
,
'yii\rest\HttpBearerAuth'
,
'yii\rest\QueryParamAuth'
];
/**
* @var string|array the rate limiter class or configuration. If this is not set or empty,
* the rate limiting will be disabled.
* @see checkRateLimit()
*/
public
$rateLimiter
=
'yii\rest\RateLimiter'
;
/**
* @var string the chosen API version number
* @see supportedVersions
*/
...
...
@@ -186,15 +192,26 @@ class Controller extends \yii\web\Controller
/**
* Ensures the rate limit is not exceeded.
* You may override this method to log the API usage and make sure the rate limit is not exceeded.
* If exceeded, you should throw a [[TooManyRequestsHttpException]], and you may also send some HTTP headers,
* such as `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`,
* to explain the rate limit information.
*
* This method will use [[rateLimiter]] to check rate limit. In order to perform rate limiting check,
* the user must be authenticated and the user identity object (`Yii::$app->user->identity`) must
* implement [[RateLimitInterface]].
*
* @param \yii\base\Action $action the action to be executed
* @throws TooManyRequestsHttpException if the rate limit is exceeded.
*/
protected
function
checkRateLimit
(
$action
)
{
if
(
empty
(
$this
->
rateLimiter
))
{
return
;
}
$identity
=
Yii
::
$app
->
getUser
()
->
getIdentity
(
false
);
if
(
$identity
instanceof
RateLimitInterface
)
{
/** @var RateLimiter $rateLimiter */
$rateLimiter
=
Yii
::
createObject
(
$this
->
rateLimiter
);
$rateLimiter
->
check
(
$identity
,
Yii
::
$app
->
getRequest
(),
Yii
::
$app
->
getResponse
(),
$action
);
}
}
/**
...
...
framework/rest/RateLimitInterface.php
0 → 100644
View file @
64370f1a
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace
yii\rest
;
/**
* RateLimitInterface is the interface that may be implemented by an identity object to enforce rate limiting.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
interface
RateLimitInterface
{
/**
* Returns the maximum number of allowed requests and the window size.
* @param array $params the additional parameters associated with the rate limit.
* @return array an array of two elements. The first element is the maximum number of allowed requests,
* and the second element is the size of the window in seconds.
*/
public
function
getRateLimit
(
$params
=
[]);
/**
* Loads the number of allowed requests and the corresponding timestamp from a persistent storage.
* @param array $params the additional parameters associated with the rate limit.
* @return array an array of two elements. The first element is the number of allowed requests,
* and the second element is the corresponding UNIX timestamp.
*/
public
function
loadAllowance
(
$params
=
[]);
/**
* Saves the number of allowed requests and the corresponding timestamp to a persistent storage.
* @param integer $allowance the number of allowed requests remaining.
* @param integer $timestamp the current timestamp.
* @param array $params the additional parameters associated with the rate limit.
*/
public
function
saveAllowance
(
$allowance
,
$timestamp
,
$params
=
[]);
}
framework/rest/RateLimiter.php
0 → 100644
View file @
64370f1a
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace
yii\rest
;
use
yii\base\Component
;
use
yii\base\Action
;
use
yii\web\Request
;
use
yii\web\Response
;
use
yii\web\TooManyRequestsHttpException
;
/**
* RateLimiter implements a rate limiting algorithm based on the [leaky bucket algorithm](http://en.wikipedia.org/wiki/Leaky_bucket).
*
* You may call [[check()]] to enforce rate limiting.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
class
RateLimiter
extends
Component
{
/**
* @var boolean whether to include rate limit headers in the response
*/
public
$enableRateLimitHeaders
=
true
;
/**
* @var string the message to be displayed when rate limit exceeds
*/
public
$errorMessage
=
'Rate limit exceeded.'
;
/**
* Checks whether the rate limit exceeds.
* @param RateLimitInterface $user the current user
* @param Request $request
* @param Response $response
* @param Action $action the action to be executed
* @throws TooManyRequestsHttpException if rate limit exceeds
*/
public
function
check
(
$user
,
$request
,
$response
,
$action
)
{
$current
=
time
();
$params
=
[
'request'
=>
$request
,
'action'
=>
$action
,
];
list
(
$limit
,
$window
)
=
$user
->
getRateLimit
(
$params
);
list
(
$allowance
,
$timestamp
)
=
$user
->
loadAllowance
(
$params
);
$allowance
+=
(
int
)((
$current
-
$timestamp
)
*
$limit
/
$window
);
if
(
$allowance
>
$limit
)
{
$allowance
=
$limit
;
}
if
(
$allowance
<
1
)
{
$user
->
saveAllowance
(
0
,
$current
,
$params
);
$this
->
addRateLimitHeaders
(
$response
,
$limit
,
0
,
$window
);
throw
new
TooManyRequestsHttpException
(
$this
->
errorMessage
);
}
else
{
$user
->
saveAllowance
(
$allowance
-
1
,
$current
,
$params
);
$this
->
addRateLimitHeaders
(
$response
,
$limit
,
0
,
(
int
)((
$limit
-
$allowance
)
*
$window
/
$limit
));
}
}
/**
* Adds the rate limit headers to the response
* @param Response $response
* @param integer $limit the maximum number of allowed requests during a period
* @param integer $remaining the remaining number of allowed requests within the current period
* @param integer $reset the number of seconds to wait before having maximum number of allowed requests again
*/
protected
function
addRateLimitHeaders
(
$response
,
$limit
,
$remaining
,
$reset
)
{
if
(
$this
->
enableRateLimitHeaders
)
{
$response
->
getHeaders
()
->
set
(
'X-Rate-Limit-Limit'
,
$limit
)
->
set
(
'X-Rate-Limit-Remaining'
,
$remaining
)
->
set
(
'X-Rate-Limit-Reset'
,
$reset
);
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment