独家优惠奖金 100% 高达 1 BTC + 180 免费旋转

Spring Cloud Gateway Custom Api limiter

In my previous article, I talk about how to make spring cloud gateway routes configurable from database. So in current article, we will talk about other spring cloud gateway feature.

To set a new KeyResolver, we need to create a bean of KeyResolver class. Here’s the example.

After we create a bean of KeyResolver, then we can set Rate Limiter to the route that we want. Here’s the example of application.properties to set Rate Limiter.

From configuration above, user only allowed to hit ‘/get’ path 10 times per second, and allowed to burst request up to 15 request at a time. Since Rate Limiter cache it’s quite fast, you need to use JMeter or similar tools to burst request.

If your request exceed maximum allowed request, you will get 429 Too Many Request Http Status.

But current article will not stop here, since default Rate Limiter cannot set cache expiration time we’ll try to make it configurable. And we’ll try to move Rate Limiter configuration from properties into database, so we can maintain it dynamically.

For current example, we will use postgresql as database. If you new to postgresql, and wonder how to install it. You can refer to my other article to install postgresql using docker.

Here’s the SQL script to create table that we will use.

For current example, we will use several spring dependencies to support our example.

Or you can put dependencies manually to your existing pom.xml file (please update several information that match your current information).

To bind our table with our class, we need to create a model class. Here’s the code.

Here code for TableName class, a constant class that saved all of our table name.

Spring boot will automatically create this repository implementation when application start.

After all of codes above complete, you need to add several properties for r2dbc to make it works.

In current example, we will find suitable api limiter data for request path through path and method field in api limiter table.

Path field in api limiter table can save regex, so we need to create a custom query to matching requested path and path regex in api limiter table.

To make this possible, we need to create our own custom repository for api limiter table.

We need to make our ApiLimiterRepository extend our custom repository.

After api limiter repository is done, we need to make implementation for our custom repository.

In our implementation, we will create a native postgresql query to get api limiter that match with our requested path and method.

And we will use DatabaseClient bean to execute our native query.

Then we already able to find suitable api limiter for requested path.

From this point we already able to find suitable api limiter for requested path, so for the next step we will apply the api limiter.

So we need a service class to pass suitable api limiter from repository.

Then we will create an implementation for api limiter service class.

As we can see before, KeyResolver class return a string to differentiate each request, so we need to convert our api limiter to string that can be returned by api limiter.

We will create a helper class that will help us to convert an object into a string that will returned by api limiter.

From ObjectHelper class above, we have to method that will help us to convert object into string and vice versa.

Then we able to return our suitable api limiter in KeyResolver, so we need to create our custom Key Resolver.

We need to update our api limiter path with requested path to differentiate for each path, since our api limiter path data can contains regex path.

After we can return our suitable api limiter from our custom Key Resolver, we should be able to configure our api limiter with our suitable api limiter.

To configure this api limiter, we need to create a custom api limiter class.

We also need constant class for cache key.

And we also need a dto class for api limiter cache data that we will process.

Our custom api limiter will counting every request and saved it to redis.

The counter in redis will be expired during ttl that we get from our api limiter data. After our counter is expired, it will reset.

If counter reach threshold that we get from our api limiter data, we will reject the request.

We will return several additional headers for user to let him know his current limit.

These headers include :

At this point all of our configuration class for api limiter is completed, so the next step is to applied it in our route configuration.

So all of our code is completed now, we can try to test it.

You can try to insert some api limiter data in database, here’s an example.

From the example we will set api limiter for path /get with method GET.

We only allow 10 request in 5 minutes.

If you try to hit /get path, you will get several additional headers like this.

And if you try to hit /get path until maximum number of request, you will get 429 Too Many Requests response with several additional headers.

From this experiment, we can say that our api limiter successfully applied.

To make this example more perfect, we can add several endpoints to maintain our api limiter data.

First we need to update our api limiter service class to add several CRUD / Create-Read-Update-Delete methods.

Then we need to create an implementation for each method that we add.

After service methods is ready, we will create a controller class to receive request from user.

From service and controller class, we need to create additional class, that is new models class and constant class.

From what we try in this article, we got that if we want to create a custom api limiter we need to create a custom KeyResolver and custom RateLimiter class.

And after those both class already created, we need to add custom properties to our rate limiter configuration properties.

Add a comment

What is your view?

Send

Related posts:

VR Property Viewings Helps You to Stay Home and Stay Safe from COVID

Through the use of new technologies, digital transformation allows companies to update their SOPs, simplify their original organization structure, increase the efficiency of teamwork and provide…