feat(article): 添加文章访问限流功能

csfwff · csfwff · commit bb03e6596727 · 2025-12-27T02:33:06.000+08:00
- 引入 ConcurrentHashMap 实现文章访客限流
- 实现单 IP 每秒仅允许一次访问的限流机制
- 访客和登录用户共用限流规则
- 防止内存表过大，自动清理 60 秒前的记录
- 在文章详情和渲染接口中集成限流检查
- 超出限流时返回 503 服务不可用错误
diff --git a/src/main/java/org/b3log/symphony/processor/ArticleProcessor.java b/src/main/java/org/b3log/symphony/processor/ArticleProcessor.java
@@ -65,6 +65,7 @@
 import java.text.SimpleDateFormat;
 import java.util.List;
 import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * Article processor.
@@ -99,6 +100,11 @@ public class ArticleProcessor {
      */
     private static final Logger LOGGER = LogManager.getLogger(ArticleProcessor.class);
 
+    /**
+     * 文章访客限流：单 IP 每秒仅允许一次。
+     */
+    private static final ConcurrentHashMap<String, Long> ARTICLE_RATE_LIMIT = new ConcurrentHashMap<>();
+
     /**
      * Revision query service.
      */
@@ -422,6 +428,30 @@ public void showArticleMdApi(final RequestContext context) {
         context.getResponse().sendBytes(md.getBytes());
     }
 
+    /**
+     * 简单的每 IP 1 秒一次限流，访客和登录用户共用。
+     *
+     * @param request the specified request
+     * @return true if limited
+     */
+    private boolean hitArticleRateLimit(final Request request) {
+        final String ip = Requests.getRemoteAddr(request);
+        final long now = System.currentTimeMillis();
+        final Long last = ARTICLE_RATE_LIMIT.get(ip);
+        if (null != last && now - last < 1000) {
+            return true;
+        }
+
+        ARTICLE_RATE_LIMIT.put(ip, now);
+
+        // 防止表过大，简单清理 60 秒前的记录
+        if (ARTICLE_RATE_LIMIT.size() > 10000) {
+            final long cutoff = now - 60_000;
+            ARTICLE_RATE_LIMIT.entrySet().removeIf(e -> e.getValue() < cutoff);
+        }
+        return false;
+    }
+
     /**
      * api for get article details
      *
@@ -435,6 +465,11 @@ public void showArticleApi(final RequestContext context) {
         final String articleId = context.pathVar("id");
         final Request request = context.getRequest();
 
+        if (hitArticleRateLimit(request)) {
+            context.renderCodeMsg(503, "访问过快，请稍候再试");
+            return;
+        }
+
         final JSONObject article = articleQueryService.getArticleById(articleId);
         if (null == article) {
             context.renderCodeMsg(404, "帖子不存在!");
@@ -1180,6 +1215,11 @@ public void showArticle(final RequestContext context) {
         final String articleId = context.pathVar("articleId");
         final Request request = context.getRequest();
 
+        if (hitArticleRateLimit(request)) {
+            context.sendError(503);
+            return;
+        }
+
         final AbstractFreeMarkerRenderer renderer = new SkinRenderer(context, "article.ftl");
         final Map<String, Object> dataModel = renderer.getDataModel();
 
