[英]Laravel rate limit to return a JSON payload
我正在 Laravel 之上構建 API。 我想通過使用Throttle
中間件來使用內置的速率限制功能。
問題是,當油門中間件觸發時,響應是:
// Response headers
Too Many Attempts.
我的 API 使用 JSON 格式的錯誤負載,如下所示:
// Response headers
{
"status": "error",
"error": {
"code": 404,
"message": "Resource not found."
}
}
讓Throttle
中間件以我需要的方式返回輸出的最佳方法是什么?
制作自己的閃亮中間件,按原件擴展,並覆蓋您想要覆蓋的方法。
$ php artisan make:middleware ThrottleRequests
打開kernel.php並刪除(注釋掉)原始中間件並添加你的。
ThrottleRequests.php
<?php
namespace App\Http\Middleware;
use Closure;
class ThrottleRequests extends \Illuminate\Routing\Middleware\ThrottleRequests
{
protected function buildResponse($key, $maxAttempts)
{
return parent::buildResponse($key, $maxAttempts); // TODO: Change the autogenerated stub
}
}
kernel.php
.
.
.
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
//'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
//'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'throttle' => \App\Http\Middleware\ThrottleRequests::class
];
所以我所做的是創建一個擴展ThrottleRequest中間件的自定義中間件。 您可以覆蓋handle函數來檢查請求,看看它是否期望JSON作為響應。 如果是這樣,請調用buildJsonResponse函數,該函數將格式化JSON 429響應。 您可以在buildJsonResponse中定制JsonResponse以滿足您的API需求。
這允許您的節流中間件處理JSON和其他響應。 如果請求期望JSON,它將返回json響應,否則它將返回標准的“Too Many Attempts”明文響應。
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\JsonResponse;
use Illuminate\Routing\Middleware\ThrottleRequests;
class ThrottlesRequest extends ThrottleRequests
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param int $maxAttempts
* @param float|int $decayMinutes
* @return mixed
*/
public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1)
{
$key = $this->resolveRequestSignature($request);
if ($this->limiter->tooManyAttempts($key, $maxAttempts, $decayMinutes)) {
// If the request expects JSON, build a JSON response, otherwise build standard response
if ($request->expectsJson()) {
return $this->buildJsonResponse($key, $maxAttempts);
} else {
return $this->buildResponse($key, $maxAttempts);
}
}
$this->limiter->hit($key, $decayMinutes);
$response = $next($request);
return $this->addHeaders(
$response, $maxAttempts,
$this->calculateRemainingAttempts($key, $maxAttempts)
);
}
/**
* Create a 'too many attempts' JSON response.
*
* @param string $key
* @param int $maxAttempts
* @return \Symfony\Component\HttpFoundation\Response
*/
protected function buildJsonResponse($key, $maxAttempts)
{
$response = new JsonResponse([
'error' => [
'code' => 429,
'message' => 'Too Many Attempts.',
],
], 429);
$retryAfter = $this->limiter->availableIn($key);
return $this->addHeaders(
$response, $maxAttempts,
$this->calculateRemainingAttempts($key, $maxAttempts, $retryAfter),
$retryAfter
);
}
}
在app / Http / Middleware /中創建一個新文件ApiThrottleRequests.php並粘貼以下代碼:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Cache\RateLimiter;
use Symfony\Component\HttpFoundation\Response;
class ApiThrottleRequests
{
/**
* The rate limiter instance.
*
* @var \Illuminate\Cache\RateLimiter
*/
protected $limiter;
/**
* Create a new request throttler.
*
* @param \Illuminate\Cache\RateLimiter $limiter
*/
public function __construct(RateLimiter $limiter)
{
$this->limiter = $limiter;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param int $maxAttempts
* @param int $decayMinutes
* @return mixed
*/
public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1)
{
$key = $this->resolveRequestSignature($request);
if ($this->limiter->tooManyAttempts($key, $maxAttempts, $decayMinutes)) {
return $this->buildResponse($key, $maxAttempts);
}
$this->limiter->hit($key, $decayMinutes);
$response = $next($request);
return $this->addHeaders(
$response, $maxAttempts,
$this->calculateRemainingAttempts($key, $maxAttempts)
);
}
/**
* Resolve request signature.
*
* @param \Illuminate\Http\Request $request
* @return string
*/
protected function resolveRequestSignature($request)
{
return $request->fingerprint();
}
/**
* Create a 'too many attempts' response.
*
* @param string $key
* @param int $maxAttempts
* @return \Illuminate\Http\Response
*/
protected function buildResponse($key, $maxAttempts)
{
$message = json_encode([
'error' => [
'message' => 'Too many attempts, please slow down the request.' //may comes from lang file
],
'status' => 4029 //your custom code
]);
$response = new Response($message, 429);
$retryAfter = $this->limiter->availableIn($key);
return $this->addHeaders(
$response, $maxAttempts,
$this->calculateRemainingAttempts($key, $maxAttempts, $retryAfter),
$retryAfter
);
}
/**
* Add the limit header information to the given response.
*
* @param \Symfony\Component\HttpFoundation\Response $response
* @param int $maxAttempts
* @param int $remainingAttempts
* @param int|null $retryAfter
* @return \Illuminate\Http\Response
*/
protected function addHeaders(Response $response, $maxAttempts, $remainingAttempts, $retryAfter = null)
{
$headers = [
'X-RateLimit-Limit' => $maxAttempts,
'X-RateLimit-Remaining' => $remainingAttempts,
];
if (!is_null($retryAfter)) {
$headers['Retry-After'] = $retryAfter;
$headers['Content-Type'] = 'application/json';
}
$response->headers->add($headers);
return $response;
}
/**
* Calculate the number of remaining attempts.
*
* @param string $key
* @param int $maxAttempts
* @param int|null $retryAfter
* @return int
*/
protected function calculateRemainingAttempts($key, $maxAttempts, $retryAfter = null)
{
if (!is_null($retryAfter)) {
return 0;
}
return $this->limiter->retriesLeft($key, $maxAttempts);
}
}
然后轉到app / Http /目錄中的kernel.php文件並替換
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
同
'throttle' => \App\Middleware\ApiThrottleRequests::class,
並使用它
middleware('throttle:60,1')
或添加
'apiThrottle' => \App\Http\Middleware\ApiThrottleRequests::class,
你用這種方式
middleware('apiThrottle:60,1')
和幫助鏈接
我知道這是一個非常古老的問題,但我對這個問題有一個非常簡短的解決方案。
我們可以在 Handler.php 中捕獲並處理 ThrottleRequestsException 並相應地返回 JSON 響應,而不是創建新的中間件。
應用\\異常\\Hanlder.php
<?php
namespace App\Exceptions;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Throwable;
use Request;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\Exceptions\ThrottleRequestsException;
class Handler extends ExceptionHandler
{
/**
* A list of the exception types that are not reported.
*
* @var array
*/
protected $dontReport = [
//
];
/**
* A list of the inputs that are never flashed for validation exceptions.
*
* @var array
*/
protected $dontFlash = [
'password',
'password_confirmation',
];
/**
* Report or log an exception.
*
* @param \Throwable $exception
* @return void
*
* @throws \Throwable
*/
public function report(Throwable $exception)
{
parent::report($exception);
}
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Throwable $exception
* @return \Symfony\Component\HttpFoundation\Response
*
* @throws \Throwable
*/
public function render($request, Throwable $exception)
{
if ($exception instanceof ThrottleRequestsException && $request->wantsJson()) {
return json_encode([
'message' => 'Too many attempts, please slow down the request.',
'status' => false
]);
}
return parent::render($request, $exception);
}
}
對於 Laravel 8 上的任何人:
RateLimiter::for("verify",function(Request $request){
return Limit::perMinute(2)->by($request->ip())->response(function(){
return response()->json(["state"=>false,"error"=>"Youve tried too many times"],200);
});
});
然后將油門中間件添加到您的路線中
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.