javascript FeathersJS HTTP(REST API)和Web套接字连接的速率限制(Express,Node.js)

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了javascript FeathersJS HTTP(REST API)和Web套接字连接的速率限制(Express,Node.js)相关的知识,希望对你有一定的参考价值。

'use strict'

const bodyParser = require('body-parser')
const compress = require('compression')
const configuration = require('feathers-configuration')
const cors = require('cors')
const favicon = require('serve-favicon')
const feathers = require('feathers')
const hooks = require('feathers-hooks')
const limiter = require('limiter').RateLimiter // Generic limiter used for authentication attempts inside web socket connection
const middleware = require('./middleware')
const path = require('path')
const rateLimit = require('express-rate-limit') // Express middleware limiter used for HTTP requests
const rest = require('feathers-rest')
const serveStatic = require('feathers').static
const services = require('./services')
const socketio = require('feathers-socketio')

const app = feathers()

app.configure(configuration(path.join(__dirname, '..')))

const authLimiter = new rateLimit({
  windowMs: 15*60*1000, // 15 minutes window
  delayAfter: 1, // begin slowing down responses after the first request
  delayMs: 3*1000, // slow down subsequent responses by 3 seconds per request 
  max: 5 // start blocking after 5 requests
})

app.use(compress())
  .use('/auth/', authLimiter) // limit authentication attempts via REST API
  .use('/socket.io/', authLimiter) // limit web socket connections
  .options('*', cors())
  .use(cors())
  .use(favicon(path.join(app.get('public'), 'favicon.ico')))
  .use('/', serveStatic(app.get('public')))
  .use(bodyParser.json())
  .use(bodyParser.urlencoded({ extended: true }))
  .configure(hooks())
  .configure(rest())
  .configure(socketio(io => {
    io.on('connection', socket => {
      const socketLimiter = new limiter(1, 3000) // allow 1 authentication attempt every 3 seconds inside current web socket connection
      socket.on('authenticate', () => {
        if(!socketLimiter.tryRemoveTokens(1)) { // if exceeded, connection is dropped
          console.log('Too many socket.io auth attempts from %s, disconnecting.', socket.conn.remoteAddress)
          socket.send('Too many authentication attempts from you, disconnecting.')
          socket.disconnect()
        }
      })
    })
  }))
  .configure(services)
  .configure(middleware)

module.exports = app

以上是关于javascript FeathersJS HTTP(REST API)和Web套接字连接的速率限制(Express,Node.js)的主要内容,如果未能解决你的问题,请参考以下文章

FeathersJS 为集合创建复合索引

在 feathersjs 中使用 JWT 进行身份验证和会话处理

FeathersJS socketio客户端断开连接?

如何在feathersjs中建立与频道的连接?

Feathersjs - 如何创建自定义身份验证

feathersjs 错误:不允许创建 JWT 的身份验证策略(`jwt Strategies`)