小贝子编程

Yii2-跳过速率限制:用户未登录



我尝试启用RateLimit并遵循Yii2的文档https://www.yiiframework.com/doc/guide/2.0/en/rest-rate-limiting

我用登录的用户测试它,在信息日志中我有:

2020-04-21 16:50:35 [172.18.0.1][5][-][info][yiifiltersRateLimiter::beforeAction] Rate limit skipped: user not logged in.
2020-04-21 16:50:35 [172.18.0.1][5][-][info][yiiwebUser::login] User '5' logged in from 172.18.0.1. Session not enabled.

所以RateLimit在用户登录之前对其进行检查?有什么建议吗?

更新-行为((

public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
];
$behaviors['verbs'] = [
'class' => yiifiltersVerbFilter::className(),
'actions' => [
'index' => ['get'],
'view' => ['get'],
'create' => ['post'],
'update' => ['put'],
'delete' => ['delete'],
],
];
// remove authentication filter
$auth = $behaviors['authenticator'];
unset($behaviors['authenticator']);
// add CORS filter
$behaviors['corsFilter'] = [
'class' => yiifiltersCors::className(),
'cors' => [
'Origin' => ['*'],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
'Access-Control-Request-Headers' => ['*'],
],
];
// re-add authentication filter
$behaviors['authenticator'] = $auth;
// avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
$behaviors['authenticator']['except'] = [
'options',
];
$behaviors['access'] = [
'class' => AccessControl::className(),
'rules' => [
....
],
];
return $behaviors;
}

事件处理程序按注册顺序触发。在行为的情况下,这意味着定义行为的顺序将决定执行行为的顺序。

yiirestController中定义的行为如下所示:

public function behaviors()
{
return [
'contentNegotiator' => [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
'application/xml' => Response::FORMAT_XML,
],
],
'verbFilter' => [
'class' => VerbFilter::className(),
'actions' => $this->verbs(),
],
'authenticator' => [
'class' => CompositeAuth::className(),
],
'rateLimiter' => [
'class' => RateLimiter::className(),
],
];
}

这意味着验证器行为应该在rateLimiter之前执行。

但在代码中,您要取消设置验证器定义,然后在添加一些其他行为后将其添加回来。这会将验证器移动到rateLimiter后面,并导致首先执行rateLimiteer。

您需要对rateLimiter执行和对验证器执行相同的操作。

public function behaviors()
{
$behaviors = parent::behaviors();
$rateLimiter = $behaviors['rateLimiter'];
unset($behaviors['rateLimiter']);
// ... other code ...
// re-add authentication filter
$behaviors['authenticator'] = $auth;
// re-add rate limiter
$behaviors['rateLimiter'] = $rateLimiter;
// ... the rest of code
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium