Yii2 Rate Limiting Api

前端未结

关注

 5  1610

抹茶落季 2021-01-14 20:30

I\'m worried about Yii2 Rate limiting api?

What is Rate limiting api, why this used?

Here are some methods from Yii2 Can a yii guru explain in simple words a

5条回答

日久生厌 (楼主)

2021-01-14 20:57
THE METHODS

getRateLimit(), loadAllowance() and saveAllowance() are three methods contained in the \yii\filters\RateLimitInterface Inteface that the user identity class should implement for enable rate limiting of your api.

getRateLimit() is the first method and it returns the maximum number of api calls that you can do in x seconds:
```
public function getRateLimit($request, $action) {
    return [1,20]; // There can be 1 api call every 20 seconds
}
```
loadAllowance() return the number of the remaining allowed requests with the corresponding UNIX timestamp of the last time these where checked.
```
public function loadAllowance($request, $action)
{
    return [$this->allowance, $this->allowance_updated_at]; 
}
```
saveAllowance() assign to $this->allowance the value of remaining allowed requests and save the timestamp in $this->allowance_updated_at.
```
public function saveAllowance($request, $action, $allowance, $timestamp)
{
    $this->allowance = $allowance; //Saving Remaining Requests
    $this->allowance_updated_at = $timestamp; // Saving Timestamp
    $this->save(); //Save the model
} 
```
IMPLEMENTATION

This is how implemented the Rate Limiting in my example application (using advanced template):

1 Set the user identity class

In the config/main.php of your api application set the user component.
```
'user' => [
        'identityClass' => 'api\models\User', // User Model for your api
        'enableSession' => false, 
        'loginUrl' => null,        
    ],
```
2 Create a user model

This is model should implement the \yii\filters\RateLimitInterface:

This is mine:
```
class User extends \common\models\User implements \yii\filters\RateLimitInterface
{

    public $rateLimit = 1;
    public $allowance;
    public $allowance_updated_at;

    public function getRateLimit($request, $action) {
        return [$this->rateLimit,1];
    }

    public function loadAllowance($request, $action)
    {
        return [$this->allowance, $this->allowance_updated_at];
    }

    public function saveAllowance($request, $action, $allowance, $timestamp)
    {
        $this->allowance = $allowance;
        $this->allowance_updated_at = $timestamp;
        $this->save();
    }

}
```
After these two step Yii will automatically use yii\filters\RateLimiter configured as an action filter for yii\rest\Controller to perform rate limiting check (as cited in the documentation).

The last thing you have to do is disable the Rate limit header in your rest controller behaviors:
```
public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['rateLimiter']['enableRateLimitHeaders'] = false;
    return $behaviors;
}
```
WHEN YOU SHOULD USE RATE LIMITING IN YOUR APPLICATION

Api calls return data (with your filters) from your database so when they're called the server execute queries. More are the calls more are also the number of queries that are execute,

You must limit the number of the calls in order to prevent Server heavy works and a resulting fallout of your system.

Hope this will help. I'm not going far from the Yii2 Guide, but i don't think i can explain this in a simplier way.
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...