本文旨在通过获取用户的连接session的id判断是否是同一个用户多次登录,如果发现不停访问,通过设置redis的值做限制
直接贴代码如下,此处对RegisterController下的两个方法进行切入:
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import cn.ztuo.bitrade.constant.SysConstant;
import cn.ztuo.bitrade.service.LocaleMessageSourceService;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.concurrent.TimeUnit;
/**
* 登录之后发送邮件或者短信频率最快也只能5秒钟一次
*
* @author CQ
* @date 2019年12月10日
*/
@Aspect
@Component
@Slf4j
public class AntiAttackAspect {
@Autowired
private RedisTemplate redisTemplate;
@Resource
private LocaleMessageSourceService localeMessageSourceService;
private ThreadLocal<Long> startTime = new ThreadLocal<>();
@Pointcut("execution(public * cn.ztuo.bitrade.controller.EmailController.regist(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.bindMobile(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.googleEnable(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.googleBind(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.resetPassword(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.resetJyPassword(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.addAddress(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.salePoint(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.receivePoint(..))"
+ "||execution(public * cn.ztuo.bitrade.controller.EmailController.widthdraw(..))" +
"||execution(public * cn.ztuo.bitrade.controller.SmsController.bindMobile(..))")
public void antiAttack() {
}
@Before("antiAttack()")
public void doBefore(JoinPoint joinPoint) throws Throwable {
log.info("❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤");
startTime.set(System.currentTimeMillis());
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
ValueOperations valueOperations = redisTemplate.opsForValue();
String key = SysConstant.ANTI_ATTACK_ + request.getSession().getId();
log.info("+++++++++++++++++防刷Key:{}", key);
Object code = valueOperations.get(key);
if (code != null) {
throw new IllegalArgumentException(localeMessageSourceService.getMessage("FREQUENTLY_REQUEST"));
}
// 设置防刷,5秒禁止
valueOperations.set(key, "send-sms-all-too-of-5S", 5, TimeUnit.SECONDS);
log.info("=================启动接口-----5秒防刷=============");
startTime.remove();
}
@AfterReturning(pointcut = "antiAttack()")
public void doAfterReturning() throws Throwable {
log.info("处理耗时:" + (System.currentTimeMillis() - startTime.get()) + "ms");
log.info("↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑");
startTime.remove();
}
}
版权声明:本文为weixin_40155504原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。