发表新帖
发表新帖

Yii2 Rate Limiting Api

前端 未结
关注
5 1479
抹茶落季
抹茶落季 2021-01-14 20:30

I\'m worried about Yii2 Rate limiting api?

What is Rate limiting api, why this used?

Here are some methods from Yii2 Can a yii guru explain in simple words a

相关标签:
5条回答
  • 半阙折子戏
    2021-01-14 20:32

    you can use rate limithing composer.

    add :"ethercreative/yii2-ip-ratelimiter": "1.*"

    public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['rateLimiter'] = [
        // Use class
        'class' => RateLimiter::className(),

        'rateLimit' => 1,
        'timePeriod' => 2,

        'separateRates' => false,
        'enableRateLimitHeaders' => false,
    ];
    return $behaviors;
}
    0 讨论(0)
  • 抹茶落季
    2021-01-14 20:34

    I implemented each step but not show the headers

    X-Rate-Limit-Limit, the maximum number of requests allowed with a time period X-Rate-Limit-Remaining, the number of remaining requests in the current time period X-Rate-Limit-Reset, the number of seconds to wait in order to get the maximum number of allowed requests `

    0 讨论(0)
  • 迷失自我
    2021-01-14 20:42

    Maybe Yii2 document could help you a lot,and link following, http://www.yiiframework.com/doc-2.0/guide-rest-rate-limiting.html you need to alter your user table in Database.The rate limiting takes effect for user loginned

    0 讨论(0)
  • 旧时难觅i
    2021-01-14 20:42 
    public function getRateLimit($request, $action) {
    $id = $action->getUniqueId();
    $limits = [
          'user/login' => [20,10],
          'article/index' => [100,10],
          .......
           'other' => [50,10]
    ];
   if(!array_key_existe($id,$limits)) $id = 'other';
    return $limits[$id];
}
    0 讨论(0)
  • 日久生厌
    2021-01-14 20:57

    THE METHODS

    getRateLimit(), loadAllowance() and saveAllowance() are three methods contained in the \yii\filters\RateLimitInterface Inteface that the user identity class should implement for enable rate limiting of your api.

    getRateLimit() is the first method and it returns the maximum number of api calls that you can do in x seconds:

    public function getRateLimit($request, $action) {
    return [1,20]; // There can be 1 api call every 20 seconds
}

    loadAllowance() return the number of the remaining allowed requests with the corresponding UNIX timestamp of the last time these where checked.

    public function loadAllowance($request, $action)
{
    return [$this->allowance, $this->allowance_updated_at]; 
}

    saveAllowance() assign to $this->allowance the value of remaining allowed requests and save the timestamp in $this->allowance_updated_at.

    public function saveAllowance($request, $action, $allowance, $timestamp)
{
    $this->allowance = $allowance; //Saving Remaining Requests
    $this->allowance_updated_at = $timestamp; // Saving Timestamp
    $this->save(); //Save the model
}

    IMPLEMENTATION

    This is how implemented the Rate Limiting in my example application (using advanced template):

    1 Set the user identity class

    In the config/main.php of your api application set the user component.

    'user' => [
        'identityClass' => 'api\models\User', // User Model for your api
        'enableSession' => false, 
        'loginUrl' => null,        
    ],

    2 Create a user model

    This is model should implement the \yii\filters\RateLimitInterface:

    This is mine:

    class User extends \common\models\User implements \yii\filters\RateLimitInterface
{

    public $rateLimit = 1;
    public $allowance;
    public $allowance_updated_at;

    public function getRateLimit($request, $action) {
        return [$this->rateLimit,1];
    }

    public function loadAllowance($request, $action)
    {
        return [$this->allowance, $this->allowance_updated_at];
    }

    public function saveAllowance($request, $action, $allowance, $timestamp)
    {
        $this->allowance = $allowance;
        $this->allowance_updated_at = $timestamp;
        $this->save();
    }

}

    After these two step Yii will automatically use yii\filters\RateLimiter configured as an action filter for yii\rest\Controller to perform rate limiting check (as cited in the documentation).

    The last thing you have to do is disable the Rate limit header in your rest controller behaviors:

    public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['rateLimiter']['enableRateLimitHeaders'] = false;
    return $behaviors;
}

    WHEN YOU SHOULD USE RATE LIMITING IN YOUR APPLICATION

    Api calls return data (with your filters) from your database so when they're called the server execute queries. More are the calls more are also the number of queries that are execute,

    You must limit the number of the calls in order to prevent Server heavy works and a resulting fallout of your system.

    Hope this will help. I'm not going far from the Yii2 Guide, but i don't think i can explain this in a simplier way.

    0 讨论(0)
 看不清?
提交回复
热议问题