我使用INCR和EXPIRE来实现速率限制(对于下面的示例,每个分钟只允许5个请求):
if EXISTS counter
count = INCR counter
else
EXPIRE counter 60
count = INCR counter
if count > 5
print "Exceeded the limit"
但是存在一个问题,即人们可以在最后一秒发送5个请求,在下一分钟发送5个其他请求,换句话说,在两秒钟内发出10个请求。
有没有更好的方法来避免这个问题?
更新:我刚才提出了一个想法:使用列表来实现它。
times = LLEN counter
if times < 5
LPUSH counter now()
else
time = LINDEX counter -1
if now() - time < 60
print "Exceeded the limit"
else
LPUSH counter now()
LTRIM counter 5
这是一个好方法吗?
您可以从“最后一分钟的5个请求”切换到“分钟x的5个请求”。通过这种方式可以做到:
counter = current_time # for example 15:03
count = INCR counter
EXPIRE counter 60 # just to make sure redis doesn't store it forever
if count > 5
print "Exceeded the limit"
如果你想继续使用“最后一分钟的5个请求”,那么你可以这样做
counter = Time.now.to_i # this is Ruby and it returns the number of milliseconds since 1/1/1970
key = "counter:" + counter
INCR key
EXPIRE key 60
number_of_requests = KEYS "counter"*"
if number_of_requests > 5
print "Exceeded the limit"
如果您有生产限制(尤其是性能),则使用not advised关键字是KEYS。我们可以改用套装:
counter = Time.now.to_i # this is Ruby and it returns the number of milliseconds since 1/1/1970
set = "my_set"
SADD set counter 1
members = SMEMBERS set
# remove all set members which are older than 1 minute
members {|member| SREM member if member[key] < (Time.now.to_i - 60000) }
if (SMEMBERS set).size > 5
print "Exceeded the limit"
这是所有伪Ruby代码,但应该给你一个想法。
这是一个已经回答过的老问题,但这是我从这里获得灵感的一个实现。我正在使用ioredis作为Node.js
这是所有异步但无竞争条件(我希望)荣耀的滚动窗口时间限制器:
var Ioredis = require('ioredis');
var redis = new Ioredis();
// Rolling window rate limiter
//
// key is a unique identifier for the process or function call being limited
// exp is the expiry in milliseconds
// maxnum is the number of function calls allowed before expiry
var redis_limiter_rolling = function(key, maxnum, exp, next) {
redis.multi([
['incr', 'limiter:num:' + key],
['time']
]).exec(function(err, results) {
if (err) {
next(err);
} else {
// unique incremented list number for this key
var listnum = results[0][1];
// current time
var tcur = (parseInt(results[1][1][0], 10) * 1000) + Math.floor(parseInt(results[1][1][1], 10) / 1000);
// absolute time of expiry
var texpiry = tcur - exp;
// get number of transacation in the last expiry time
var listkey = 'limiter:list:' + key;
redis.multi([
['zadd', listkey, tcur.toString(), listnum],
['zremrangebyscore', listkey, '-inf', texpiry.toString()],
['zcard', listkey]
]).exec(function(err, results) {
if (err) {
next(err);
} else {
// num is the number of calls in the last expiry time window
var num = parseInt(results[2][1], 10);
if (num <= maxnum) {
// does not reach limit
next(null, false, num, exp);
} else {
// limit surpassed
next(null, true, num, exp);
}
}
});
}
});
};
这是一种锁定式限速器:
// Lockout window rate limiter
//
// key is a unique identifier for the process or function call being limited
// exp is the expiry in milliseconds
// maxnum is the number of function calls allowed within expiry time
var util_limiter_lockout = function(key, maxnum, exp, next) {
// lockout rate limiter
var idkey = 'limiter:lock:' + key;
redis.incr(idkey, function(err, result) {
if (err) {
next(err);
} else {
if (result <= maxnum) {
// still within number of allowable calls
// - reset expiry and allow next function call
redis.expire(idkey, exp, function(err) {
if (err) {
next(err);
} else {
next(null, false, result);
}
});
} else {
// too many calls, user must wait for expiry of idkey
next(null, true, result);
}
}
});
};
Here's a gist of the functions。如果您发现任何问题,请告诉我。
进行速率限制的规范方法是通过Leaky bucket algorithm。使用计数器的缺点是,用户可以在计数器重置后立即执行一堆请求,即在下一分钟的第一秒中为您的情况执行5次操作。 Leaky桶算法解决了这个问题。简而言之,您可以使用有序集来存储“漏桶”,使用操作时间戳作为填充它的键。
查看本文的具体实现:Better Rate Limiting With Redis Sorted Sets
更新:
还有另一种算法,与漏桶相比具有一些优势。它被称为Generic Cell Rate Algorithm。以下是它在更高级别的工作方式,如Rate Limiting, Cells, and GCRA所述:
GCRA通过称为“理论到达时间”(TAT)的时间跟踪剩余限制来工作,该时间通过将表示其成本的持续时间添加到当前时间而在第一请求上播种。成本计算为我们的“排放间隔”(T)的乘数,该乘数来自我们希望铲斗重新填充的速率。当任何后续请求进入时,我们采用现有的TAT,从中减去表示限制总突发容量的固定缓冲区(τ+ T),并将结果与当前时间进行比较。此结果表示下次允许请求。如果它在过去,我们允许传入的请求,如果它在将来,我们不会。在成功请求之后,通过添加T来计算新的TAT。
有一个redis模块可以在GitHub上实现这个算法:https://github.com/brandur/redis-cell
注意:以下代码是Java中的示例实现。 private final String COUNT =“count”;
@Autowired
private StringRedisTemplate stringRedisTemplate;
private HashOperations hashOperations;
@PostConstruct
private void init() {
hashOperations = stringRedisTemplate.opsForHash();
}
@Override
public boolean isRequestAllowed(String key, long limit, long timeout, TimeUnit timeUnit) {
Boolean hasKey = stringRedisTemplate.hasKey(key);
if (hasKey) {
Long value = hashOperations.increment(key, COUNT, -1l);
return value > 0;
} else {
hashOperations.put(key, COUNT, String.valueOf(limit));
stringRedisTemplate.expire(key, timeout, timeUnit);
}
return true;
}
您的更新是一个非常好的算法,虽然我做了几个更改:
times = LLEN counter
if times < 5
LPUSH counter now()
else
time = LINDEX counter -1
if now() - time <= 60
print "Exceeded the limit"
else
LPUSH counter now()
RPOP counter
这是我使用Redis leaky bucket进行速率限制的Lists实现。
注意:以下代码是php中的示例实现,您可以使用自己的语言实现它。
$list = $redis->lRange($key, 0, -1); // get whole list
$noOfRequests = count($list);
if ($noOfRequests > 5) {
$expired = 0;
foreach ($list as $timestamp) {
if ((time() - $timestamp) > 60) { // Time difference more than 1 min == expired
$expired++;
}
}
if ($expired > 0) {
$redis->lTrim($key, $expired, -1); // Remove expired requests
if (($noOfRequests - $expired) > 5) { // If still no of requests greater than 5, means fresh limit exceeded.
die("Request limit exceeded");
}
} else { // No expired == all fresh.
die("Request limit exceeded");
}
}
$redis->rPush($key, time()); // Add this request as a genuine one to the list, and proceed.
这是另一种方法。如果目标是在收到第一个请求时从定时器开始限制每Y秒X请求的请求数,那么您可以为要跟踪的每个用户创建2个密钥:一个用于第一个请求的时间收到的是另一个请求的数量。
key = "123"
key_count = "ct:#{key}"
key_timestamp = "ts:#{key}"
if (not redis[key_timestamp].nil?) && (not redis[key_count].nil?) && (redis[key_count].to_i > 3)
puts "limit reached"
else
if redis[key_timestamp].nil?
redis.multi do
redis.set(key_count, 1)
redis.set(key_timestamp, 1)
redis.expire(key_timestamp,30)
end
else
redis.incr(key_count)
end
puts redis[key_count].to_s + " : " + redis[key_timestamp].to_s + " : " + redis.ttl(key_timestamp).to_s
end
我尝试过LIST,EXPIRE和PTTL
如果tps是每秒5,那么 吞吐量= 5 rampup = 1000(1000ms = 1sec) 间隔= 200ms
local counter = KEYS[1]
local throughput = tonumber(ARGV[1])
local rampUp = tonumber(ARGV[2])
local interval = rampUp / throughput
local times = redis.call('LLEN', counter)
if times == 0 then
redis.call('LPUSH', counter, rampUp)
redis.call('PEXPIRE', counter, rampUp)
return true
elseif times < throughput then
local lastElemTTL = tonumber(redis.call('LINDEX', counter, 0))
local currentTTL = redis.call('PTTL', counter)
if (lastElemTTL-currentTTL) < interval then
return false
else
redis.call('LPUSH', counter, currentTTL)
return true
end
else
return false
end
更简单的版本:
local tpsKey = KEYS[1]
local throughput = tonumber(ARGV[1])
local rampUp = tonumber(ARGV[2])
-- Minimum interval to accept the next request.
local interval = rampUp / throughput
local currentTime = redis.call('PTTL', tpsKey)
-- -2 if the key does not exist, so set an year expiry
if currentTime == -2 then
currentTime = 31536000000 - interval
redis.call('SET', tpsKey, 31536000000, "PX", currentTime)
end
local previousTime = redis.call('GET', tpsKey)
if (previousTime - currentTime) >= interval then
redis.call('SET', tpsKey, currentTime, "PX", currentTime)
return true
else
redis.call('ECHO',"0. ERR - MAX PERMIT REACHED IN THIS INTERVAL")
return false
end