我面臨以下問題:
案例1(工作案例):
文件 middleware.ts(中間件工具函數庫)
import { NextApiRequest, NextApiResponse } from 'next'
import rateLimit from 'express-rate-limit'
export function runMiddleware(req: NextApiRequest, res: NextApiResponse, fn: Function) {
return new Promise((resolve, reject) => {
fn(req, res, (result: any) => {
if (result instanceof Error) {
return reject(result)
}
return resolve(result)
})
})
}
export const limiter = rateLimit({
keyGenerator: function (req: any) {
return req.headers["x-forwarded-for"] || req.connection.remoteAddress;
}, // Needed because of issue : https://issueexplorer.com/issue/nfriedly/express-rate-limit/254
windowMs: 60 * 1000, // 1 minute
max: 5, // 5 requests per IP
})
文件login.ts
(我的 API 入口點)
import { NextApiRequest, NextApiResponse } from 'next'
import { limiter, runMiddleware } from '../../lib/middleware'
module.exports = async (req: NextApiRequest, res: NextApiResponse) => {
// Run middlewares
try {
await runMiddleware(req, res, limiter)
} catch {
res.status(500)
res.end(JSON.stringify({errorCode: 'unknown', errorValue: ''}))
return
}
if (req.method === 'POST') {
res.status(200)
res.end(JSON.stringify({errorCode: 'ok', errorValue: ''}))
}
}
在這種情況下,如果我嘗試超過 5 次來訪問我的 API,我會收到消息“請求過多...”,這正是我想要的。
案例2(非工作案例):
文件middleware.ts
(中間件工具函數庫)
import { NextApiRequest, NextApiResponse } from 'next'
export function runMiddleware(req: NextApiRequest, res: NextApiResponse, fn: Function) {
return new Promise((resolve, reject) => {
fn(req, res, (result: any) => {
if (result instanceof Error) {
return reject(result)
}
return resolve(result)
})
})
}
文件login.ts
(我的 API 入口點)
import { NextApiRequest, NextApiResponse } from 'next'
import rateLimit from 'express-rate-limit'
import { runMiddleware } from '../../lib/middleware'
// Run middlewares
try {
const limiter = rateLimit({
keyGenerator: function (req: any) {
return req.headers["x-forwarded-for"] || req.connection.remoteAddress;
}, // Needed because of issue : https://issueexplorer.com/issue/nfriedly/express-rate-limit/254
windowMs: 60 * 1000, // 1 minute
max: 5, // 5 requests per IP
})
await runMiddleware(req, res, limiter)
} catch {
res.status(500)
res.end(JSON.stringify({errorCode: 'unknown', errorValue: ''}))
return
}
if (req.method === 'POST') {
res.status(200)
res.end(JSON.stringify({errorCode: 'ok', errorValue: ''}))
}
我看不出這兩種情況之間的差異可以解釋它如何在我的第二種情況下不起作用。有人有解釋嗎?
提前致謝。
@juliomalves 在評論中給出了答案:
“那是因為你在每個請求上聲明並分配值給限制器, rateLimit 每次都會被調用。嘗試將限制器聲明移到處理程序函數之外。”
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句