beheh/flaps 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

beheh/flaps

最新稳定版本:0.2.0

Composer 安装命令:

composer require beheh/flaps

包简介

Modular library for rate limiting requests in applications

README 文档

README

Travis Scrutinizer Coverage Scrutinizer Packagist Packagist

Flaps is a modular library for rate limiting requests in PHP applications.

The library supports custom storage backends, throttling strategies and violation handlers for flexible integration into any project.

Developed by @beheh and licensed under the ISC license.

Requirements

  • PHP 5.4 or newer
  • Persistent-ish storage (e.g. Redis, APC or anything supported by Doctrine\Cache)
  • Composer

Basic usage

use Predis\Client;
use BehEh\Flaps\Storage\PredisStorage;
use BehEh\Flaps\Flaps;
use BehEh\Flaps\Throttling\LeakyBucketStrategy;

// setup with Redis as storage backend
$storage = new PredisStorage(new Client());
$flaps = new Flaps($storage);

// allow 3 requests per 5 seconds
$flaps->login->pushThrottlingStrategy(new LeakyBucketStrategy(3, '5s'));
//or $flaps->__get('login')->pushThrottlingStrategy(...)

// limit by ip (default: send "HTTP/1.1 429 Too Many Requests" and die() on violation)
$flaps->login->limit($_SERVER['REMOTE_ADDR']);

Why rate limit?

There are many benefits from rate limiting your web application. At any point in time your server(s) could be hit by a huge number of requests from one or many clients. These could be:

  • Malicious clients trying to degrade your applications performance
  • Malicious clients bruteforcing user credentials
  • Bugged clients repeating requests over and over again
  • Automated web crawlers enumerating usernames or email adresses
  • Penetration frameworks testing for vulnerabilities
  • Bots registering a large number of users
  • Bots spamming links to malicious sites

Most of these problems can be solved in a variety of ways, for example by using a spam filter or a fully configured firewall. Rate limiting is nevertheless a basic tool for improving application security, but offers no full protection.

Advanced examples

Application-handled violation

use BehEh\Flaps\Throttling\LeakyBucketStrategy;
use BehEh\Flaps\Violation\PassiveViolationHandler;

$flap = $flaps->__get('api');
$flap->pushThrottlingStrategy(new LeakyBucketStrategy(15, '10s'));
$flap->setViolationHandler(new PassiveViolationHandler);
if (!$flap->limit(filter_var(INPUT_GET, 'api_key'))) {
	die(json_encode(array('error' => 'too many requests')));
}

Multiple throttling strategies

use BehEh\Flaps\Throttling\LeakyBucketStrategy;

$flap = $flaps->__get('add_comment');
$flap->pushThrottlingStrategy(new LeakyBucketStrategy(1, '30s'));
$flap->pushThrottlingStrategy(new LeakyBucketStrategy(10, '10m'));
$flap->limit($userid);

Storage

Redis

The easiest storage system to get started is Redis (via nrk/predis):

use Predis\Client;
use BehEh\Flaps\Storage\PredisStorage;
use BehEh\Flaps\Flaps;

$storage = new PredisStorage(new Client('tcp://10.0.0.1:6379'));
$flaps = new Flaps($storage);

Don't forget to composer require predis/predis.

Doctrine cache

You can use any of the Doctrine cache implementations by using the DoctrineCacheAdapter:

use Doctrine\Common\Cache\ApcCache;
use BehEh\Flaps\Storage\DoctrineCacheAdapter;
use BehEh\Flaps\Flaps;

$apc = new ApcCache();
$apc->setNamespace('MyApplication');
$storage = new DoctrineCacheAdapter($apc);
$flaps = new Flaps($storage);

The Doctrine caching implementations can be installed with composer require doctrine/cache.

Custom storage

Alternatively you can use your own storage system by implementing BehEh\Flaps\StorageInterface.

Throttling strategies

Leaky bucket strategy

This strategy is based on the leaky bucket algorithm. Each unique identifier of a flap corresponds to a leaky bucket. Clients can now access the buckets as much as they like, inserting water for every request. If a request would cause the bucket to overflow, it is denied. In order to allow later requests, the bucket leaks at a fixed rate.

use BehEh\Flaps\Throttle\LeakyBucketStrategy;

$flap->pushThrottlingStrategy(new LeakyBucketStrategy(60, '10m'));

Custom throttling strategy

Once again, you can supply your own throttling strategy by implementing BehEh\Flaps\ThrottlingStrategyInterface.

Violation handler

You can handle violations either using one of the included handlers or by writing your own.

HTTP violation handler

The HTTP violation handler is the most basic violation handler, recommended for simple scripts. It simply sends the correct HTTP header (status code 429) and die()s. This is not recommended for any larger application and should be replaced by one of the more customizable handlers.

use BehEh\Flaps\Violation\HttpViolationHandler;

$flap->setViolationHandler(new HttpViolationHandler);
$flap->limit($identifier);  // send "HTTP/1.1 429 Too Many Requests" and die() on violation

Passive violation handler

The passive violation handler allows you to easily react to violations. limit() will return false if the requests violates any throttling strategy, so you are able to log the request or return a custom error page.

use BehEh\Flaps\Violation\PassiveViolationHandler;

$flap->setViolationHandler(new PassiveViolationHandler);
if (!$flap->limit($identifier)) {
	// violation
}

Exception violation handler

The exception violation handler can be used in larger frameworks. It will throw a ThrottlingViolationException whenever a ThrottlingStrategy is violated. You should be able to setup your exception handler to catch any ThrottlingViolationException.

use BehEh\Flaps\Violation\ExceptionViolationHandler;
use BehEh\Flaps\Violation\ThrottlingViolationException;

$flap->setViolationHandler(new ExceptionViolationHandler);
try {
	$flap->limit($identifier); // throws ThrottlingViolationException on violation
}
catch (ThrottlingViolationException $e) {
	// violation
}

Custom violation handler

The corresponding interface for custom violation handlers is BehEh\Flaps\ViolationHandlerInterface.

Default violation handler

The Flaps object can pass a default violation handler to the flaps.

$flaps->setDefaultViolationHandler(new CustomViolationHandler);

$flap = $flaps->__get('login');
$flap->addThrottlingStrategy(new TimeBasedThrottlingStrategy(1, '1s'));
$flap->limit($identifier); // will use CustomViolationHandler

beheh/flaps 适用场景与选型建议

beheh/flaps 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 239.23k 次下载、GitHub Stars 达 65, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「http」 「throttle」 「rate limit」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 beheh/flaps 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 beheh/flaps 我们能提供哪些服务?
定制开发 / 二次开发

基于 beheh/flaps 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 239.23k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 69
  • 点击次数: 26
  • 依赖项目数: 2
  • 推荐数: 0

GitHub 信息

  • Stars: 65
  • Watchers: 4
  • Forks: 11
  • 开发语言: PHP

其他信息

  • 授权协议: ISC
  • 更新时间: 未知