大家是如何给Api接口加密限流的呢?
介绍
CorsUrls、IPLimit、SafeIps、Jwt 配置类库
1、快速入门
通过Nuget安装组件
Install-Package RuoVea.ExWeb
2、CorsUrls
// 配置化的CorsUrls
services.CorsUrls();
//UseCors,UseAuthenticationg两个位置的顺序很重要
app.UseCors();
相关配置文件
"Cors": {
/* === 跨域请求 (CORS)配置,多个url用豆号隔开,url为vue站点的地址,可以将发布后的地址也同时配置上 === */
"CorsUrls": "http://localhost:8081,http://localhost:8080",
/* 添加预检请求过期时间(秒) */
"PreflightMaxAge": 2520
}
3、IPLimit
// 配置化的IPLimit限流 启动服务
services.IpLimitSetup();
//启用限流,需在UseMvc前面
//app.UseIpRateLimiting();
app.UseMiddleware();
相关配置文件
/* IP限制 是用来单独定义白名单里面的 覆盖特定客户 */
"IpRateLimitPolicies": {
"IpRules": [
{
"Ip": "84.247.85.224",
"Rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 10
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 200
}
]
},
{
"Ip": "192.168.3.22/25",
"Rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 5
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 150
},
{
"Endpoint": "*",
"Period": "12h",
"Limit": 500
}
]
}
]
}
4、SafeIps
// 配置Ip
app.SafeIps();
/* 限制指定IP访问 */
"SafeIps": "127.0.0.1;192.168.0.0-192.168.0.255"
5、Jwt 配置(建议使用:RuoVea.ExJwtBearer 类库)
services.JwtOptiong();
/* Jwt配置 */
"JWTSettings": {
"ValidateIssuerSigningKey": true, // 是否验证密钥,bool 类型,默认true
"IssuerSigningKey": "3c1cbc3f546eda35168c3aa3cb91780fbe703f0996c6d123ea96dc85c70bbc0a", // 密钥,string 类型,必须是复杂密钥,长度大于16
"ValidateIssuer": true, // 是否验证签发方,bool 类型,默认true
"ValidIssuer": "SecurityDemo.Authentication.JWT", // 签发方,string 类型
"ValidateAudience": true, // 是否验证签收方,bool 类型,默认true
"ValidAudience": "jwtAudience", // 签收方,string 类型
"ValidateLifetime": true, // 是否验证过期时间,bool 类型,默认true,建议true
"ExpiredTime": 1440, // 过期时间,long 类型,单位分钟,默认20分钟
"ClockSkew": 5 // 过期时间容错值,long 类型,单位秒,默认5秒
}
6、使用 Jwt 进行权限控制思路
1. 定义个中间类
public class PermissionRequirement : IAuthorizationRequirement
{
}
2. 定义拦截中间件
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>{
private readonly IUserService _userService;
public PermissionHandler(IUserService userService)
{
_userService = userService;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
var httpContext = (context.Resource as Microsoft.AspNetCore.Http.DefaultHttpContext).HttpContext;
var isAuthenticated = httpContext.User.Identity.IsAuthenticated;
if (isAuthenticated)
{
long userId;
if (!long.TryParse(httpContext.User.Identity.Name, out userId))
{
return Task.CompletedTask;
}
var functions = _userService.GetFunctionsByUserId(userId);
var requestUrl = httpContext.Request.Path.Value.ToLower();
if (functions != null && functions.Count > 0 && functions.Contains(requestUrl))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
3. 导入Jwt 配置
services.AddAuthorization(options =>
{
options.AddPolicy("Permission", policy => policy.Requirements.Add(new PermissionRequirement()));
});
services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
7、公共方法 可扩展(BaseController)
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual IActionResult ToJsonResult(object data)
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="info">消息</param>
/// <returns></returns>
protected virtual IActionResult Success(string info)
/// <summary>
/// 返回成功数据
/// </summary>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual ActionResult Success(object data)
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="info">消息</param>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual ActionResult Success(string info, object data)
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="data">数据</param>
/// <param name="total">总行数</param>
/// <returns></returns>
protected virtual ActionResult PageDate(object data, int total)
/// <summary>
/// 返回失败消息
/// </summary>
/// <param name="info">消息</param>
/// <returns></returns>
protected virtual ActionResult Fail(string info)
/// <summary>
/// 返回失败消息
/// </summary>
/// <param name="info">消息</param>
/// <param name="data">消息</param>
/// <returns></returns>
protected virtual ActionResult Fail(string info, object data)
