public static bool CheckRequestIsValid(ApiMonitorLog monitorLog)
{
bool isValid = true;
DataHelper db = new DataHelper("db_codebook");
string reqprams = monitorLog.GetCollections(monitorLog.ActionParams);
string ip = monitorLog.IP;
string actionname = monitorLog.ActionName;
string controllname = monitorLog.ControllerName;
/*同一接口,同一IP,同一请求在10分钟内访问次数不超过500次,
* 1个小时内不超过4000次,在当天不超过20000次*/
//判断10分钟内是否超过限制
int perMinCount = Convert.ToInt32(ConfigurationManager.AppSettings["apiPerTenminCount"]);
perMinCount = perMinCount == 0 ? 500 : perMinCount;
//调试数据
//perMinCount = 6;
int apiMinCount = db.ExcuteScalarSQL($@"select count(id) from api_monitor_log where
action_name='{actionname}' and controll_name='{controllname}' and params_str='{reqprams}'
and ip='{ip}' and datediff(mi,start_time,getdate())<=10 ");
if (apiMinCount >= perMinCount)
{
SignToken.AddInvalidRequest(monitorLog, 0);
return(false);
}
//判断1小时内是否超过限制
int perHourCount = Convert.ToInt32(ConfigurationManager.AppSettings["apiPerHourCount"]);
perHourCount = perHourCount == 0 ? 4000 : perHourCount;
//调试数据
//perHourCount = 6;
int apiHourCount = db.ExcuteScalarSQL($@"select count(id) from api_monitor_log where
action_name='{actionname}' and controll_name='{controllname}' and params_str='{reqprams}'
and ip='{ip}' and datediff(hour,start_time,getdate())<=1 ");
if (apiHourCount >= perHourCount)
{
SignToken.AddInvalidRequest(monitorLog, 1);
return(false);
}
//判断当天是否超过限制
int perDayCount = Convert.ToInt32(ConfigurationManager.AppSettings["apiPerDayCount"]);
perDayCount = perDayCount == 0 ? 20000 : perDayCount;
////调试数据
//perDayCount = 6;
int apiDayCount = db.ExcuteScalarSQL($@"select count(id) from api_monitor_log where
action_name='{actionname}' and controll_name='{controllname}' and params_str='{reqprams}'
and ip='{ip}' and datediff(day,start_time,getdate())=0 ");
if (apiDayCount >= perDayCount)
{
SignToken.AddInvalidRequest(monitorLog, 2);
return(false);
}
return(true);
}
/// <summary>
/// action执行前调用的方法
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
ApiMonitorLog MonLog = new ApiMonitorLog();
MonLog.ExecuteStartTime = DateTime.Now;
//获取Action 参数
MonLog.ActionParams = actionContext.ActionArguments;
MonLog.ActionName = actionContext.ActionDescriptor.ActionName;
MonLog.ControllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
MonLog.IP = Util.GetUserIp();
MonLog.HttpRequestHeaders = actionContext.Request.Headers.Host;
MonLog.HttpMethod = actionContext.Request.Method.Method;
//#region 同一接口,同一IP,同一请求在10分钟内访问次数不超过300次,1个小时内不超过2000次,在当天不超过10000次
bool isValid = SignToken.CheckRequestIsValid(MonLog);
if (isValid)
{
base.OnActionExecuting(actionContext);
}
else
{
var resultMsg = new ApiResult {
success = false, status = ApiStatusCode.LimitRequest, message = ApiStatusCode.LimitRequest.GetEnumDesc()
};
actionContext.Response = actionContext.Request.CreateResponse(resultMsg);
}
//#endregion
}
/// <summary>
/// action执行前调用的方法
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
ApiMonitorLog MonLog = new ApiMonitorLog();
MonLog.ExecuteStartTime = DateTime.Now;
//获取Action 参数
MonLog.ActionParams = actionContext.ActionArguments;
MonLog.ActionName = actionContext.ActionDescriptor.ActionName;
MonLog.ControllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
MonLog.IP = Util.GetUserIp();
MonLog.HttpRequestHeaders = actionContext.Request.Headers.Referrer?.ToString();
MonLog.Host = actionContext.Request.Headers.Host;
MonLog.HttpMethod = actionContext.Request.Method.Method;
actionContext.Request.Properties[Key] = MonLog;
}
private static void AddInvalidRequest(ApiMonitorLog monitorLog, int forbid_type)
{
DataHelper db = new DataHelper("db_codebook");
string controll_name = monitorLog.ControllerName;
string action_name = monitorLog.ActionName;
string ip = monitorLog.IP;
string req_params = monitorLog.GetCollections(monitorLog.ActionParams);
string params_str = req_params.Length > 4000 ? req_params.Substring(0, 4000) : req_params;
string sql =
$@"select count(id) from api_invalid_request where
action_name='{action_name}' and controll_name='{controll_name}' and params_str='{params_str}'
and ip='{ip}' and forbid_type={forbid_type}";
if (forbid_type == 0)
{
sql += " and datediff(mi,create_time,getdate())<=10 ";
}
else if (forbid_type == 1)
{
sql += " and datediff(hour,create_time,getdate())<=1 ";
}
else if (forbid_type == 2)
{
sql += " and datediff(day,create_time,getdate())=0 ";
}
int count = db.ExcuteScalarSQL(sql);
if (count == 0)
{
db.Insert("api_invalid_request", new
{
action_name,
controll_name,
ip,
params_str,
forbid_type,
create_time = DateTime.Now
});
}
}