前言
近期一个老项目出现了接口幂等性 校验问题,前端加了按钮置灰,
依然被人拉着接口参数一顿输出,还是重复调用了接口,小陈及时赶到现场,通过复制粘贴,完成了后端接口幂等性调用校验。
以前写过一篇关于接口简单限流防止重复调用的,但是跟该篇还是不一样的,该篇的角度是接口和参数整体一致才当做重复。
该篇内容:
实现接口调用的幂等性校验
方案 :自定义注解+redis+拦截器+MD5 实现
草图,意会(用户标识不是必要,看业务场景是针对个人还是只针对接口&参数):
话不多说,开始实战。
正文
自定义注解 怎么玩的 :
①标记哪个接口需要进行幂等性拦截
②每个接口可以要求幂等性范围时间不一样,举例:可以2秒内,可以3秒内,时间自己传
③ 一旦触发了,提示语可以不同 ,举例:VIP的接口,普通用户的接口,提示语不一样(开玩笑)
效果:
实战开始:
核心三件套
注解、拦截器、拦截器配置
① RepeatDaMie.java
import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * @Author: JCccc * @Date: 2022-6-13 9:04 * @Description: 自定义注解,防止重复提交 */ @Target({ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) public @interface RepeatDaMie { /** * 时间ms限制 */ public int second() default 1; /** * 提示消息 */ public String describe() default "重复提交了,兄弟"; }
②ApiRepeatInterceptor.java
import com.example.repeatdemo.annotation.RepeatDaMie; import com.example.repeatdemo.util.ContextUtil; import com.example.repeatdemo.util.Md5Encrypt; import com.example.repeatdemo.util.RedisUtils; import com.example.repeatdemo.wrapper.CustomHttpServletRequestWrapper; import com.fasterxml.jackson.databind.ObjectMapper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Objects; /** * @Author: JCccc * @Date: 2022-6-15 9:11 * @Description: 接口幂等性校验拦截器 */ @Component public class ApiRepeatInterceptor implements HandlerInterceptor { private final Logger log = LoggerFactory.getLogger(this.getClass()); private static final String POST="POST"; private static final String GET="GET"; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { try { if (handler instanceof HandlerMethod) { HandlerMethod handlerMethod = (HandlerMethod) handler; // 获取RepeatDaMie注解 RepeatDaMie repeatDaMie = handlerMethod.getMethodAnnotation(RepeatDaMie.class); if (null==repeatDaMie) { return true; } //限制的时间范围 int seconds = repeatDaMie.second(); //这个用户唯一标识,可以自己细微调整,是userId还是token还是sessionId还是不需要 String userUniqueKey = request.getHeader("userUniqueKey"); String method = request.getMethod(); String apiParams = ""; if (GET.equals(method)){ log.info("GET请求来了"); apiParams = new ObjectMapper().writeValueAsString(request.getParameterMap()); }else if (POST.equals(method)){ log.info("POST请求来了"); CustomHttpServletRequestWrapper wrapper = (CustomHttpServletRequestWrapper) request; apiParams = wrapper.getBody(); } log.info("当前参数是:{}",apiParams); // 存储key String keyRepeatDaMie = Md5Encrypt.md5(userUniqueKey+request.getServletPath()+apiParams) ; RedisUtils redisUtils = ContextUtil.getBean(RedisUtils.class); if (Objects.nonNull(redisUtils.get(keyRepeatDaMie))){ log.info("重复请求了,重复请求了,拦截了"); returnData(response,repeatDaMie.describe()); return false; }else { redisUtils.setWithTime(keyRepeatDaMie, true,seconds); } } return true; } catch (Exception e) { log.warn("请求出现异常,errorMsg={}",e.getMessage()); returnData(response,"请求出现异常"); return false; } return true; } public void returnData(HttpServletResponse response,String msg) throws IOException { response.setCharacterEncoding("UTF-8"); response.setContentType("application/json; charset=utf-8"); ObjectMapper objectMapper = new ObjectMapper(); //这里传提示语可以改成自己项目的返回数据封装的类 response.getWriter().println(objectMapper.writeValueAsString(msg)); return; } }
③ WebConfig.java
import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * @Author: JCccc * @Date: 2022-6-15 9:24 * @Description: */ @Configuration public class WebConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new ApiRepeatInterceptor()).addPathPatterns("/**"); } }
工具类三件套
①ContextUtil.java
import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; import org.springframework.stereotype.Component; /** * @Author: JCccc * @Date: 2022-6-15 9:24 * @Description: */ @Component public final class ContextUtil implements ApplicationContextAware { protected static ApplicationContext applicationContext ; @Override public void setApplicationContext(ApplicationContext arg0) throws BeansException { if (applicationContext == null) { applicationContext = arg0; } } public static Object getBean(String name) { //name表示其他要注入的注解name名 return applicationContext.getBean(name); } /** * 拿到ApplicationContext对象实例后就可以手动获取Bean的注入实例对象 */ public static <T> T getBean(Class<T> clazz) { return applicationContext.getBean(clazz); } }
②Md5Encrypt.java
import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; /** * @Author: JCccc * @CreateTime: 2018-10-30 * @Description: */ public class Md5Encrypt { private static final char[] DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; /** * 对字符串进行MD5加密 * * @param text 明文 * @return 密文 */ public static String md5(String text) { MessageDigest msgDigest = null; try { msgDigest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("System doesn't support MD5 algorithm."); } try { // 注意该接口是按照指定编码形式签名 msgDigest.update(text.getBytes("UTF-8")); } catch (UnsupportedEncodingException e) { throw new IllegalStateException("System doesn't support your EncodingException."); } byte[] bytes = msgDigest.digest(); String md5Str = new String(encodeHex(bytes)); return md5Str; } private static char[] encodeHex(byte[] data) { int l = data.length; char[] out = new char[l << 1]; // two characters form the hex value. for (int i = 0, j = 0; i < l; i++) { out[j++] = DIGITS[(0xF0 & data[i]) >>> 4]; out[j++] = DIGITS[0x0F & data[i]]; } return out; } }
③RedisUtils.java
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.*; import org.springframework.stereotype.Component; import java.io.Serializable; import java.util.List; import java.util.Set; import java.util.concurrent.TimeUnit; @Component public class RedisUtils { @Autowired private RedisTemplate redisTemplate; /** * 写入String型 [ 键,值] * * @param key * @param value * @return */ public boolean set(final String key, Object value) { boolean result = false; try { ValueOperations<Serializable, Object> operations = redisTemplate.opsForValue(); operations.set(key, value); result = true; } catch (Exception e) { e.printStackTrace(); } return result; } /** * 写入String型,顺便带有过期时间 [ 键,值] * * @param key * @param value * @return */ public boolean setWithTime(final String key, Object value,int seconds) { boolean result = false; try { ValueOperations<Serializable, Object> operations = redisTemplate.opsForValue(); operations.set(key, value,seconds, TimeUnit.SECONDS); result = true; } catch (Exception e) { e.printStackTrace(); } return result; } /** * 批量删除对应的value * * @param keys */ public void remove(final String... keys) { for (String key : keys) { remove(key); } } /** * 批量删除key * * @param pattern */ public void removePattern(final String pattern) { Set<Serializable> keys = redisTemplate.keys(pattern); if (keys.size() > 0) redisTemplate.delete(keys); } /** * 删除对应的value * * @param key */ public void remove(final String key) { if (exists(key)) { redisTemplate.delete(key); } } /** * 判断缓存中是否有对应的value * * @param key * @return */ public boolean exists(final String key) { return redisTemplate.hasKey(key); } /** * 读取缓存 * * @param key * @return */ public Object get(final String key) { Object result = null; ValueOperations<Serializable, Object> operations = redisTemplate.opsForValue(); result = operations.get(key); return result; } /** * 哈希 添加 * hash 一个键值(key->value)对集合 * * @param key * @param hashKey * @param value */ public void hmSet(String key, Object hashKey, Object value) { HashOperations<String, Object, Object> hash = redisTemplate.opsForHash(); hash.put(key, hashKey, value); } /** * Hash获取数据 * * @param key * @param hashKey * @return */ public Object hmGet(String key, Object hashKey) { HashOperations<String, Object, Object> hash = redisTemplate.opsForHash(); return hash.get(key, hashKey); } /** * 列表添加 * list:lpush key value1 * * @param k * @param v */ public void lPush(String k, Object v) { ListOperations<String, Object> list = redisTemplate.opsForList(); list.rightPush(k, v); } /** * 列表List获取 * lrange: key 0 10 (读取的个数 从0开始 读取到下标为10 的数据) * * @param k * @param l * @param l1 * @return */ public List<Object> lRange(String k, long l, long l1) { ListOperations<String, Object> list = redisTemplate.opsForList(); return list.range(k, l, l1); } /** * Set集合添加 * * @param key * @param value */ public void add(String key, Object value) { SetOperations<String, Object> set = redisTemplate.opsForSet(); set.add(key, value); } /** * Set 集合获取 * * @param key * @return */ public Set<Object> setMembers(String key) { SetOperations<String, Object> set = redisTemplate.opsForSet(); return set.members(key); } /** * Sorted set :有序集合添加 * * @param key * @param value * @param scoure */ public void zAdd(String key, Object value, double scoure) { ZSetOperations<String, Object> zset = redisTemplate.opsForZSet(); zset.add(key, value, scoure); } /** * Sorted set:有序集合获取 * * @param key * @param scoure * @param scoure1 * @return */ public Set<Object> rangeByScore(String key, double scoure, double scoure1) { ZSetOperations<String, Object> zset = redisTemplate.opsForZSet(); return zset.rangeByScore(key, scoure, scoure1); } /** * 根据key获取Set中的所有值 * * @param key 键 * @return */ public Set<Integer> sGet(String key) { try { return redisTemplate.opsForSet().members(key); } catch (Exception e) { e.printStackTrace(); return null; } } /** * 根据value从一个set中查询,是否存在 * * @param key 键 * @param value 值 * @return true 存在 false不存在 */ public boolean sHasKey(String key, Object value) { try { return redisTemplate.opsForSet().isMember(key, value); } catch (Exception e) { e.printStackTrace(); return false; } } }
REDIS配置类
RedisConfig.java
import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.PropertyAccessor; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.cache.CacheManager; import org.springframework.cache.annotation.EnableCaching; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.cache.RedisCacheConfiguration; import org.springframework.data.redis.cache.RedisCacheManager; import org.springframework.data.redis.connection.RedisConnectionFactory; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer; import org.springframework.data.redis.serializer.RedisSerializationContext; import org.springframework.data.redis.serializer.StringRedisSerializer; import static org.springframework.data.redis.cache.RedisCacheConfiguration.defaultCacheConfig; /** * @Author: JCccc * @CreateTime: 2018-09-11 * @Description: */ @Configuration @EnableCaching public class RedisConfig { @Bean public CacheManager cacheManager(RedisConnectionFactory connectionFactory) { RedisCacheConfiguration cacheConfiguration = defaultCacheConfig() .disableCachingNullValues() .serializeValuesWith(RedisSerializationContext.SerializationPair.fromSerializer(new Jackson2JsonRedisSerializer(Object.class))); return RedisCacheManager.builder(connectionFactory).cacheDefaults(cacheConfiguration).build(); } @Bean public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) { RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>(); redisTemplate.setConnectionFactory(factory); Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class); ObjectMapper om = new ObjectMapper(); om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY); om.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL); jackson2JsonRedisSerializer.setObjectMapper(om); //序列化设置 ,这样为了存储操作对象时正常显示的数据,也能正常存储和获取 redisTemplate.setKeySerializer(new StringRedisSerializer()); redisTemplate.setValueSerializer(jackson2JsonRedisSerializer); redisTemplate.setHashKeySerializer(new StringRedisSerializer()); redisTemplate.setHashValueSerializer(jackson2JsonRedisSerializer); return redisTemplate; } @Bean public StringRedisTemplate stringRedisTemplate(RedisConnectionFactory factory) { StringRedisTemplate stringRedisTemplate = new StringRedisTemplate(); stringRedisTemplate.setConnectionFactory(factory); return stringRedisTemplate; } }
最后写测试接口,看看效果(一个POST,一个GET):
故意把时间放大,1000秒内重复调用,符合我们拦截规则的都会被拦截。
TestController.java
import com.example.repeatdemo.dto.PayOrderApply; import com.example.repeatdemo.annotation.RepeatDaMie; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.bind.annotation.*; /** * @Author: JCccc * @Date: 2022-6-05 9:44 * @Description: */ @RestController public class TestController { private final Logger log = LoggerFactory.getLogger(this.getClass()); @RepeatDaMie(second = 1000,describe = "尊敬的客户,您慢点") @PostMapping(value = "/doPost") @ResponseBody public void test(@RequestBody PayOrderApply payOrderApply) { log.info("Controller POST请求:"+payOrderApply.toString()); } @RepeatDaMie(second = 1000,describe = "大哥,你冷静点") @GetMapping(value = "/doGet") @ResponseBody public void doGet( PayOrderApply payOrderApply) { log.info("Controller GET请求:"+payOrderApply.toString()); } }
PayOrderApply.java
/** * @Author: JCccc * @Date: 2022-6-12 9:46 * @Description: */ public class PayOrderApply { private String sn; private Long amount; private String proCode; public String getSn() { return sn; } public void setSn(String sn) { this.sn = sn; } public Long getAmount() { return amount; } public void setAmount(Long amount) { this.amount = amount; } public String getProCode() { return proCode; } public void setProCode(String proCode) { this.proCode = proCode; } @Override public String toString() { return "PayOrderApply{" + "sn='" + sn + '\'' + ", amount=" + amount + ", proCode='" + proCode + '\'' + '}'; } }
好了,该篇就到这吧、