ASP.NET Core 请求限速的ActionFilter

文章目录


前言

以下是一个基于内存缓存实现的自定义限流Action Filter。

一、实现步骤

1)创建自定义Action Filter

示例1:

  1. MyRateLimitAttribute.cs

    bash 复制代码
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.AspNetCore.Mvc.Filters;
    using Microsoft.Extensions.Caching.Memory;
    
     public class MyRateLimitAttribute : TypeFilterAttribute
     {
         public MyRateLimitAttribute() 
             :base(typeof(MyRateLimitFilter))
         {
         }
         public class MyRateLimitFilter : IAsyncActionFilter
         {
             private readonly IMemoryCache _memoryCache;
    
             public MyRateLimitFilter(IMemoryCache memoryCache)
             {
                 _memoryCache = memoryCache;
             }
    
             public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
             {
                 string ip = context.HttpContext.Connection.RemoteIpAddress.ToString();
                 if (string.IsNullOrEmpty(ip))
                 {
                     context.Result = new BadRequestObjectResult("Invalid Client IP");
                     return;
                 }
                 string cacheKey = $"MyRateLimit_{ip}";
                 _memoryCache.TryGetValue<long?>(cacheKey, out long? lastVisit);
                 if (lastVisit == null || Environment.TickCount64 - lastVisit > 1000)
                 {
                     _memoryCache.Set(cacheKey, Environment.TickCount64, TimeSpan.FromSeconds(10));
                     await next();
                 }
                 else
                 {
                     context.Result = new ObjectResult("访问太频繁") { StatusCode=429};                    
                 }
             }
         }
     }

示例2:

  1. RateLimitAttribute.cs

    bash 复制代码
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.AspNetCore.Mvc.Filters;
    using Microsoft.Extensions.Caching.Memory;
    
    public class RateLimitAttribute : TypeFilterAttribute
    {
        public RateLimitAttribute(int maxRequests,int secondsWindow) 
            : base(typeof(RateLimitFilter))
        {
            Arguments = new object[] { maxRequests,secondsWindow};
        }
    
        public class RateLimitFilter : IAsyncActionFilter
        {
            private readonly IMemoryCache _memoryCache;
            private readonly int _maxRequests;
            private readonly int _secondsWindow;
    
            public RateLimitFilter(IMemoryCache memoryCache, int maxRequests, int secondsWindow)
            {
                _memoryCache = memoryCache;
                _maxRequests = maxRequests;
                _secondsWindow = secondsWindow;
            }
    
            public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
            {
                var ip=context.HttpContext.Connection.RemoteIpAddress?.ToString();
                if (string.IsNullOrEmpty(ip))
                {
                    context.Result = new BadRequestObjectResult("Invalid client IP");
                    return;
                }
                var cacheKey = $"RateLimit_{ip}";
                var windowStart = DateTime.UtcNow.AddSeconds(-DateTime.UtcNow.Second % _secondsWindow);
                if (!_memoryCache.TryGetValue(cacheKey, out RateLimitCounter counter) ||
                    windowStart > counter.WindowStart)
                {
                    counter = new RateLimitCounter
                    {
                        Count = 1,
                        WindowStart = windowStart,
                    };
                }
                else
                {
                    counter.Count++;
                }
    
                if (counter.Count > _maxRequests)
                {
                    context.Result = new ObjectResult("Too many requests")
                    {
                        StatusCode = 429
                    };
                    return;
                }
                _memoryCache.Set(cacheKey, counter, counter.WindowStart.AddSeconds(_secondsWindow));
                await next();
            }
            private class RateLimitCounter
            {
                public int Count { get; set; }
                public DateTime WindowStart { get; set; }
            }
        }
    }

2)注册服务

  1. 内存缓存服务

    bash 复制代码
    builder.Services.AddMemoryCache();

3)使用

  1. 示例:

    bash 复制代码
    [HttpGet]
    //[RateLimit(maxRequests: 5, secondsWindow: 60)] // 每分钟最多5次请求
    [MyRateLimit]
    public async Task<ActionResult<Book>> GetAllBookAsync()
    {
        var res=await _bookRepository.GetAllAsync();
        return Ok(res);
    }

二、实现说明

  1. 使用IP地址识别客户端(需考虑代理场景)
  2. 基于固定时间窗口算法(每分钟/小时重置计数器)(示例2)
  3. 使用IMemoryCache存储计数器
  4. 返回429状态码(Too Many Requests)时阻止请求

总结

  1. 内存缓存方案仅适用于单实例部署
  2. 高并发场景建议使用Interlocked类处理计数器原子操作
  3. 生产环境推荐使用分布式缓存(如Redis
  4. 建议使用成熟的限流库(如AspNetCoreRateLimit
相关推荐
程序员小刚24 分钟前
基于SpringBoot + Vue 的火车票订票系统
vue.js·spring boot·后端
fanTuanye2 小时前
【SpringBoot篇】详解短信验证码登录功能实现
spring boot·后端
DonciSacer2 小时前
第一章-Rust入门
开发语言·后端·rust
西京刀客2 小时前
golang常用库之-标准库text/template
开发语言·后端·golang
愛芳芳6 小时前
springboot+mysql+element-plus+vue完整实现汽车租赁系统
前端·vue.js·spring boot·后端·mysql·elementui·汽车
magic 2456 小时前
Spring 框架中 @Configuration 注解详解
java·后端·spring
菜鸟分享录7 小时前
使用 Semantic Kernel 快速对接国产大模型实战指南(DeepSeek/Qwen/GLM)
microsoft·.netcore·semantic kernel
海风极客7 小时前
Go小技巧&易错点100例(二十八)
开发语言·后端·golang
Absinthe_苦艾酒10 小时前
Spring 容器相关的核心注解
java·后端·spring