如果 API 速率限制超过使用 WebApiThrottle - C# Web API,则阻止 API 请求 5 分钟
Block API requests for 5 mins if API rate limit exceeds using WebApiThrottle - C# Web API
有一个非常好的库 WebApiThrottle 用于 API Web 中的速率限制 API。
如 Wiki 页面所述,我可以根据 API 调用的授权令牌 header 对 API 进行速率限制。
但是,如果超过 api 速率限制,我该如何在接下来的 5 分钟内阻止 api 调用?此外,并不是说接下来 5 分钟内的任何请求都会重置速率限制超时时间。
我检查了代码,但找不到此功能。如果有人可以建议,还有其他方法吗?
目前,我正在使用 WebApiThrottle 的 fork 并手动将 dll 添加到解决方案中. @adamriyadi 已经在 fork 中实现了这个特性。等待它进入 NuGet 包。
更新: 后来,我使用 HttpRuntime.Cache 实现了自己的 API 速率限制和阻塞期。所以不需要添加任何额外的库。
public class ThrottleAttribute : ActionFilterAttribute
{
private int _API_RATEQUOTA = 60;
// per x minute value
private int _API_TIMELIMIT = 1;
private int _API_BLOCKDURATION = 5;
private readonly object syncLock = new object();
public override void OnActionExecuting(HttpActionContext actionContext)
{
// Extract access_token or id or ip address to uniquely identify an API call
var access_token = AuthHelper.GetAuthToken(actionContext.Request);
if (access_token != null)
{
string throttleBaseKey = GetThrottleBaseKey(access_token);
string throttleCounterKey = GetThrottleCounterKey(access_token);
lock (syncLock)
{
//add a listner for new api request count
if (HttpRuntime.Cache[throttleBaseKey] == null)
{
// add api unique key.. this cache will get expire after _API_TIMELIMIT
HttpRuntime.Cache.Add(throttleBaseKey,
DateTime.UtcNow,
null,
DateTime.Now.AddMinutes(_API_TIMELIMIT),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
// add count as value for that api.. this cache will get expire after _API_TIMELIMIT
HttpRuntime.Cache.Add(throttleCounterKey,
1,
null,
DateTime.Now.AddMinutes(_API_TIMELIMIT),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
}
else
{
//listener exists for api request count
var current_requests = (int)HttpRuntime.Cache[throttleCounterKey];
if (current_requests < _API_RATEQUOTA)
{
// increase api count
HttpRuntime.Cache.Insert(throttleCounterKey,
current_requests + 1,
null,
DateTime.Now.AddMinutes(_API_TIMELIMIT),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
}
//hit rate limit, wait for another 5 minutes (_API_BLOCKDURATION)
else
{
HttpRuntime.Cache.Insert(throttleBaseKey,
DateTime.UtcNow,
null,
DateTime.Now.AddMinutes(_API_BLOCKDURATION),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
HttpRuntime.Cache.Insert(throttleCounterKey,
current_requests + 1,
null,
DateTime.Now.AddMinutes(_API_BLOCKDURATION),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
Forbidden(actionContext);
}
}
}
}
else
{
BadRequest(actionContext);
}
base.OnActionExecuting(actionContext);
}
private string GetThrottleBaseKey(string app_id)
{
return Identifier.THROTTLE_BASE_IDENTIFIER + app_id;
}
private string GetThrottleCounterKey(string app_id)
{
return Identifier.THROTTLE_COUNTER_IDENTIFIER + app_id;
}
private void BadRequest(HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest);
}
private void Forbidden(HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, "Application Rate Limit Exceeded");
}
}
public static class Identifier
{
public static readonly string THROTTLE_BASE_IDENTIFIER = "LA_THROTTLE_BASE_";
public static readonly string THROTTLE_COUNTER_IDENTIFIER = "LA_THROTTLE_COUNT_";
}
现在用[ThrottleAttribute]
修饰所需的API
有一个非常好的库 WebApiThrottle 用于 API Web 中的速率限制 API。
如 Wiki 页面所述,我可以根据 API 调用的授权令牌 header 对 API 进行速率限制。
但是,如果超过 api 速率限制,我该如何在接下来的 5 分钟内阻止 api 调用?此外,并不是说接下来 5 分钟内的任何请求都会重置速率限制超时时间。
我检查了代码,但找不到此功能。如果有人可以建议,还有其他方法吗?
目前,我正在使用 WebApiThrottle 的 fork 并手动将 dll 添加到解决方案中. @adamriyadi 已经在 fork 中实现了这个特性。等待它进入 NuGet 包。
更新: 后来,我使用 HttpRuntime.Cache 实现了自己的 API 速率限制和阻塞期。所以不需要添加任何额外的库。
public class ThrottleAttribute : ActionFilterAttribute
{
private int _API_RATEQUOTA = 60;
// per x minute value
private int _API_TIMELIMIT = 1;
private int _API_BLOCKDURATION = 5;
private readonly object syncLock = new object();
public override void OnActionExecuting(HttpActionContext actionContext)
{
// Extract access_token or id or ip address to uniquely identify an API call
var access_token = AuthHelper.GetAuthToken(actionContext.Request);
if (access_token != null)
{
string throttleBaseKey = GetThrottleBaseKey(access_token);
string throttleCounterKey = GetThrottleCounterKey(access_token);
lock (syncLock)
{
//add a listner for new api request count
if (HttpRuntime.Cache[throttleBaseKey] == null)
{
// add api unique key.. this cache will get expire after _API_TIMELIMIT
HttpRuntime.Cache.Add(throttleBaseKey,
DateTime.UtcNow,
null,
DateTime.Now.AddMinutes(_API_TIMELIMIT),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
// add count as value for that api.. this cache will get expire after _API_TIMELIMIT
HttpRuntime.Cache.Add(throttleCounterKey,
1,
null,
DateTime.Now.AddMinutes(_API_TIMELIMIT),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
}
else
{
//listener exists for api request count
var current_requests = (int)HttpRuntime.Cache[throttleCounterKey];
if (current_requests < _API_RATEQUOTA)
{
// increase api count
HttpRuntime.Cache.Insert(throttleCounterKey,
current_requests + 1,
null,
DateTime.Now.AddMinutes(_API_TIMELIMIT),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
}
//hit rate limit, wait for another 5 minutes (_API_BLOCKDURATION)
else
{
HttpRuntime.Cache.Insert(throttleBaseKey,
DateTime.UtcNow,
null,
DateTime.Now.AddMinutes(_API_BLOCKDURATION),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
HttpRuntime.Cache.Insert(throttleCounterKey,
current_requests + 1,
null,
DateTime.Now.AddMinutes(_API_BLOCKDURATION),
Cache.NoSlidingExpiration,
CacheItemPriority.High,
null);
Forbidden(actionContext);
}
}
}
}
else
{
BadRequest(actionContext);
}
base.OnActionExecuting(actionContext);
}
private string GetThrottleBaseKey(string app_id)
{
return Identifier.THROTTLE_BASE_IDENTIFIER + app_id;
}
private string GetThrottleCounterKey(string app_id)
{
return Identifier.THROTTLE_COUNTER_IDENTIFIER + app_id;
}
private void BadRequest(HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest);
}
private void Forbidden(HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, "Application Rate Limit Exceeded");
}
}
public static class Identifier
{
public static readonly string THROTTLE_BASE_IDENTIFIER = "LA_THROTTLE_BASE_";
public static readonly string THROTTLE_COUNTER_IDENTIFIER = "LA_THROTTLE_COUNT_";
}
现在用[ThrottleAttribute]