5

rack-throttle在我的 rails 3 应用程序中用作限速引擎。Rack::Throttle::Interval我已经根据定义自定义速率限制逻辑创建了自己的类。我正在检查请求是否针对确切的控制器和确切的操作。如果我提出GET要求,这可以正常工作。但是,如果我发送POST请求,我会遇到一些问题。

class CustomLimiter < Rack::Throttle::Interval
  def allowed?(request)
    path_info = Rails.application.routes.recognize_path request.url rescue path_info = {} 
    if path_info[:controller] == "some_controller" and path_info[:action] == "some_action"
      super
    else
      true
    end
  end
end

这是我的控制器操作

def question
  #user is redirected here
end

def check_answer
  #some logic to check answer
  redirect_to question_path
end

我的路线

get "questions" => "application#question", :as => "question"
post "check_answer" => "application#check_answer", :as => "check_answer"

编辑:

问题是POST请求即将到达应用程序,因此allowed?调用了该方法。但是当我打电话时,Rails.application.routes.recognize_path我得到了一个Route set not finalized例外。我如何防止用户在确切控制器的确切操作的帮助下发送大量发布请求rack-throttle

添加中间件application.rb

class Application < Rails::Application
  #Set up rate limiting
  config.require "ip_limiter"
  config.require "ip_user_agent_limiter"
  config.middleware.use IpLimiter, :min => 0.2
  config.middleware.use IpUserAgentLimiter, :min => 2
end

两者IpLimiterIpUserAgentLimiter来自自定义限制器

4

2 回答 2

2

在阅读 Rails.application.routes.recognize_path ( http://apidock.com/rails/ActionDispatch/Routing/RouteSet/recognize_path ) 的代码后,此方法获得第二个参数,您可以在其中传递 METHOD。

尝试:

path_info = Rails.application.routes.recognize_path(request.url, {:method => request.request_method}) rescue path_info = {}

我想毕竟方法可以工作。

于 2012-03-12T11:12:28.000 回答
0

这对我有用,可以捕获所有 POST 请求,并忽略所有 GET 请求:

class CustomLimiter < Rack::Throttle::Interval

  def allowed?(request)
    return true unless request.request_method == "POST"
    super request
  end

end
于 2013-12-04T16:29:13.233 回答