英文:
Using Rate Limiting in ASP.NET Core 7 Web API by IP address
问题
目前有一个NuGet包,可以通过IP地址进行速率限制,名为AspNetCoreRateLimit。然而,.NET 7引入了自己的速率限制版本,我想使用这个版本,因为它是由Microsoft发布的。我还没有找到一个好的例子,可以通过IP地址限制来模拟这个第三方包。我组合的代码如下:
builder.Services.AddRateLimiter(options =>{options.RejectionStatusCode = 429;options.AddPolicy("api", httpContext =>{var ipAddress = httpContext.Connection.RemoteIpAddress?.ToString();if (ipAddress != null){return RateLimitPartition.GetFixedWindowLimiter(ipAddress,partition => new FixedWindowRateLimiterOptions{AutoReplenishment = true,PermitLimit = 5,Window = TimeSpan.FromMinutes(1)});}else{return RateLimitPartition.GetNoLimiter("");}});});
然而,我遇到的问题是一个警告:"Warning CS8602: Dereference of a possibly null reference.",我猜想这是因为RemoteIpAddress可能为null。我想知道是否有更好的方法来使用这个新的.NET 7库实现IP速率限制。如果重要的话,我计划将这个Web API托管在Azure应用服务(Windows)中,并且由托管在应用服务中的SPA访问。
英文:
There is currently a nuget package that manages rate limiting by IP address called AspNetCoreRateLimit. However, .NET 7 introduced its own versino of rate limiting and I wanted to use this instead as its published by MS. I have not been able to find a good example that imitates this third party package by limiting by IP address. My code I put together is as follows:
builder.Services.AddRateLimiter(options =>{options.RejectionStatusCode = 429;options.AddPolicy("api", httpContext =>{var IpAddress = httpContext.Connection.RemoteIpAddress.ToString();if (IpAddress != null){return RateLimitPartition.GetFixedWindowLimiter(httpContext.Connection.RemoteIpAddress.ToString(),partition => new FixedWindowRateLimiterOptions{AutoReplenishment = true,PermitLimit = 5,Window = TimeSpan.FromMinutes(1)});}else{return RateLimitPartition.GetNoLimiter("");}});});
However, the issue I am getting is a warning "Warning CS8602: Dereference of a possibly null reference." which I assume is because RemoteIpAddress could be null. I am curious if there is a better way to implement this IP rate limiting using this new .NET 7 library. If it matter I am planning to host this web api in Azure app services (windows) and it is accessed by a SPA also hosted in an app service.
答案1
得分: 0
正如你提到的,关于可能为空引用的警告实际上不是一个错误。它来自于这行代码:
httpContext.Connection.RemoteIpAddress.ToString()
因为RemoteIpAddress属性可能为空(因此你的ToString()调用会抛出异常)。
然而,这与你实际问题无关,你的实际问题是:
"我想知道是否有更好的方法来使用这个新的.NET 7库来实现IP速率限制"
在Microsoft文档中直接提供了一个示例:
https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit?view=aspnetcore-7.0#limiter-with-onrejected-retryafter-and-globallimiter
具体来说,在该页面上可以找到以下代码:
limiterOptions.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, IPAddress>(context =>
{
IPAddress? remoteIpAddress = context.Connection.RemoteIpAddress;
if (!IPAddress.IsLoopback(remoteIpAddress!)){return RateLimitPartition.GetTokenBucketLimiter(remoteIpAddress!, _ =>new TokenBucketRateLimiterOptions{TokenLimit = myOptions.TokenLimit2,QueueProcessingOrder = QueueProcessingOrder.OldestFirst,QueueLimit = myOptions.QueueLimit,ReplenishmentPeriod = TimeSpan.FromSeconds(myOptions.ReplenishmentPeriod),TokensPerPeriod = myOptions.TokensPerPeriod,AutoReplenishment = myOptions.AutoReplenishment});}return RateLimitPartition.GetNoLimiter(IPAddress.Loopback);
});
这段代码设置了一个全局限制器(有点不相关),但如果你看他们的建议方法,它与你的方法非常相似。
他们并没有将IP地址转换为字符串,而是以不同的方式进行了检查。如果你想继续使用字符串并避免警告,你可以使用以下方法:
var ipAddressAsString = httpContext.Connection.RemoteIpAddress?.ToString();
这里我们使用了?.操作符。无论如何,我认为你的方法是正确的。
英文:
As you mentioned, the warning about the deference of a possibly null reference is not actually an error. It does come from this line:
httpContext.Connection.RemoteIpAddress.ToString()
Because the RemoteIpAddress property can be null (and therefore your ToString() call would throw).
However, this is (in my opinion), unrelated to your actual question, which was:
" I am curious if there is a better way to implement this IP rate limiting using this new .NET 7 library"
There is an example of this directly in the Microsoft documentation:
https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit?view=aspnetcore-7.0#limiter-with-onrejected-retryafter-and-globallimiter
Specifically, this code can be found on that page:
limiterOptions.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, IPAddress>(context =>{IPAddress? remoteIpAddress = context.Connection.RemoteIpAddress;if (!IPAddress.IsLoopback(remoteIpAddress!)){return RateLimitPartition.GetTokenBucketLimiter(remoteIpAddress!, _ =>new TokenBucketRateLimiterOptions{TokenLimit = myOptions.TokenLimit2,QueueProcessingOrder = QueueProcessingOrder.OldestFirst,QueueLimit = myOptions.QueueLimit,ReplenishmentPeriod = TimeSpan.FromSeconds(myOptions.ReplenishmentPeriod),TokensPerPeriod = myOptions.TokensPerPeriod,AutoReplenishment = myOptions.AutoReplenishment});}return RateLimitPartition.GetNoLimiter(IPAddress.Loopback);});
This particular code is setting up a global limiter (sort of besides the point), but if you look at their suggested approach it's truly similar to what you have.
Instead of converting to a string, they are doing their checks a different way. If you wanted to stick with strings and get away from your warning, you could probably use the following:
var ipAddressAsString = httpContext.Connection.RemoteIpAddress?.ToString();
Where we have the ?. operator being used. Regardless, I think you're on the right track with your approach.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论