SpringBoot学习之高并发接口优化

SpringBoot学习之高并发接口优化—–秒杀接口地址隐藏(验证码)+接口限流防刷

秒杀接口地址隐藏

思路：秒杀开始之前，先去请求接口获取秒杀地址。

- 接口改造，带上PathVariable参数
- 添加生成地址的接口
- 秒杀收到请求，先验证PathVariable

随机生成一个字符串，作为地址加在url上，然后生成的时候，存入 redis缓存中，根据前端请求的url获取path。 判断与缓存中的字符串是否一致，一致就认为对的。就可以执行秒杀操作，否则失败。

对于秒杀接口，不是直接去请求秒杀的这个接口了， 而是先请求下获取path。之后拼接成秒杀地址。

前端代码：

function getMiaoshaPath() {
    goodsId:$("#goodsId").val(),
    g_showLoading();
    $.ajax({
        url:"/miaosha/path",
        type:"GET",
        data:{
            goodsId:$("#goodsId").val(),
            verifyCode:$("#verifyCode").val()
        },
        success:function (data) {
            if(data.code == 0){
                var path = data.data;
                doMiaosha(path);
            }else {
                layer.msg(data.msg);
            }
        },
        error:function() {
            layer.msg("客户端请求错误");
        }
    });
}

对应的后端代码：

@AccessLimit(seconds = 5,maxCount = 5, needLogin = true)
@RequestMapping(value = "/path",method = RequestMethod.GET)
@ResponseBody
public Result<String> getSecKillPath(HttpServletRequest request, SecKillUser user,
                                     @RequestParam("goodsId") long goodsId,
                                     @RequestParam(value = "verifyCode", defaultValue = "0") int verifyCode){
    if (user == null){
        return Result.error(CodeMsg.SESSION_ERROR);
    }

    //验证码的校验
    boolean check = secKillService.checkVerifyCode(user,goodsId,verifyCode);
    if (!check){
        return Result.error(CodeMsg.REQUEST_ILLEGAL);
    }
    //生成path
    String path = secKillService.createSecKillPath(user,goodsId);
    return Result.success(path);
}

生成path，存入redis中

public  String createSecKillPath(SecKillUser user, Long goodsId) {
        if (user == null || goodsId <= 0){
            return null;
        }
        String str = MD5Util.md5(UUIDUtil.uuid() + "123456");
        redisService.set(SecKillKey.getPath,user.getId()+"_"+goodsId,str);
        return str;
    }

秒杀接口，先拿到这个path验证一下是否正确，正确再进入下面的逻辑：

//验证path
boolean check = secKillService.checkPath(user,goodsId,path);
if (!check){
    return Result.error(CodeMsg.REQUEST_ILLEGAL);
}

具体的验证，就是取出缓存中的path，与前端传来的path进行对比，相等，说明是这个用户发来的请求：

/**
* 验证秒杀接口参数
* @param user
* @param goodsId
* @param path
* @return
*/
public  boolean checkPath(SecKillUser user, long goodsId, String path) {
    if (user == null || path == null){
        return false;
    }
    String pathOld = redisService.get(SecKillKey.getPath,""+user.getId()+"_"+goodsId,String.class);
    return path.equals(pathOld);
}

然后前端拼接出秒杀的地址

function doMiaosha(path){
	$.ajax({
		url:"/miaosha/"+path+"/do_miaosha",
		type:"POST",
		data:{
			goodsId:$("#goodsId").val()
		},
		success:function(data){
			if(data.code == 0){
				// window.location.href="/order_detail.htm?orderId="+data.data.id;
                getMiaoShaResult($("#goodsId").val());
			}else{
				layer.msg(data.msg);
			}
		},
		error:function(){
			layer.msg("客户端请求有误");
		}
	});
}

公式验证码

思路：点击秒杀之前，先输入验证码，分散用户的请求

前端增加获取验证码显示验证码输入验证码上传。

<div class="row">
	<div class="form-inline">
    	<img id="verifyCodeImg" width="80" height="32" style="display: none" 					onclick="refreshVerifyCode()"/>
    	<input id="verifyCode" class="form-control" style="display: none"/>
    	<button class="btn btn-primary" type="button" 						   					id="buyButton"onclick="getMiaoshaPath()">立即秒杀</button>
    </div>
</div>

增加返回验证码的接口

/**
     * 获取验证码
     * @param response
     * @param user
     * @param goodsId
     * @return
     */
    @RequestMapping(value = "/verifyCode",method = RequestMethod.GET)
    @ResponseBody
    public Result<String> getMiaoshaVerifyCode(HttpServletResponse response, SecKillUser 											user, @RequestParam("goodsId") long goodsId){
        if (user == null){
            return Result.error(CodeMsg.SESSION_ERROR);
        }
        BufferedImage  image = secKillService.createSecKillVerifyCode(user,goodsId);
        try{
            OutputStream out = response.getOutputStream();  //输出流
            ImageIO.write(image,"JPEG",out);  //图片写入输出流
            out.flush();
            out.close();
            return null;
        }catch (Exception e){
            e.printStackTrace();
            return Result.error(CodeMsg.SECKILL_FAILED);
        }
    }

在每次秒杀的时候，要先判断这个验证码是否正确

//验证码的校验
boolean check = secKillService.checkVerifyCode(user,goodsId,verifyCode);
if (!check){
	return Result.error(CodeMsg.REQUEST_ILLEGAL);
}

生成数字验证码并存入redis中，判断也是从redis中取出来判断

public BufferedImage createSecKillVerifyCode(SecKillUser user, long goodsId) {
        if (user == null || goodsId <= 0){
            return null;
        }
        int width = 80;
        int height = 32;
        //生成图片
        BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
        Graphics g = image.getGraphics();
        // 背景
        g.setColor(new Color(0xDCDCDC));
        g.fillRect(0, 0, width, height);
        // 背景上生成矩形框
        g.setColor(Color.black);
        g.drawRect(0, 0, width - 1, height - 1);
        // 随机数
        Random rdm = new Random();
        // 生成干扰点
        for (int i = 0; i < 50; i++) {
            int x = rdm.nextInt(width);
            int y = rdm.nextInt(height);
            g.drawOval(x, y, 0, 0);
        }
        // 生成验证码
        String verifyCode = generateVerifyCode(rdm);
        g.setColor(new Color(0, 100, 0));
        g.setFont(new Font("Candara", Font.BOLD, 24));
        g.drawString(verifyCode, 8, 24);
        g.dispose();
        //把验证码存到redis中
        int rnd = calc(verifyCode);
        redisService.set(SecKillKey.getSecKillVerifyCode, user.getId()+","+goodsId, rnd);
        //输出图片
        return image;

    }

    private static char[] ops = new char[] {'+', '-', '*'};
    /**
     * 生成验证码公式
     * + - *
     * */
    private String generateVerifyCode(Random rdm) {
        int num1 = rdm.nextInt(10);
        int num2 = rdm.nextInt(10);
        int num3 = rdm.nextInt(10);
        char op1 = ops[rdm.nextInt(3)];
        char op2 = ops[rdm.nextInt(3)];
        String exp = ""+ num1 + op1 + num2 + op2 + num3;
        return exp;
    }

    /**
     * Java ScriptEngine 解析js计算验证码
     * @param exp 验证码
     * @return
     */
    private static int calc(String exp) {
        try {
            ScriptEngineManager manager = new ScriptEngineManager();
            ScriptEngine engine = manager.getEngineByName("JavaScript");
            return (Integer)engine.eval(exp);
        }catch(Exception e) {
            e.printStackTrace();
            return 0;
        }
    }

前端在function getMiaoshaPath()这个函数中将结果传到后端，后端在这个获取真正秒杀链接的时候进行判断是否正确：

verifyCode:$("#verifyCode").val()

后端接收验证码验证

@AccessLimit(seconds = 5,maxCount = 5, needLogin = true)
   @RequestMapping(value = "/path",method = RequestMethod.GET)
   @ResponseBody
   public Result<String> getMiaoshaPath(HttpServletRequest request, SecKillUser user,
                                        @RequestParam("goodsId") long goodsId,
                                        @RequestParam(value = "verifyCode", defaultValue = "0") int verifyCode){
       if (user == null){
           return Result.error(CodeMsg.SESSION_ERROR);
       }

       //验证码的校验
       boolean check = secKillService.checkVerifyCode(user,goodsId,verifyCode);
       if (!check){
           return Result.error(CodeMsg.REQUEST_ILLEGAL);
       }
       String path = secKillService.createSecKillPath(user,goodsId);
       return Result.success(path);
   }

redis中取出生成时存入的验证码并与前端传进来的验证码做校验

/**
    * 验证码的验证
    * @param user 用户
    * @param goodsId 商品id
    * @param verifyCode 验证码
    * @return
    */
   public boolean checkVerifyCode(SecKillUser user, long goodsId, int verifyCode) {
       if (user == null || goodsId <= 0){
           return false;
       }
       Integer codeOld = redisService.get(SecKillKey.getSecKillVerifyCode, user.getId()+","+goodsId, Integer.class);
       if (codeOld == null || codeOld - verifyCode != 0){
           return false;
       }
       //把当前的验证码清除
       redisService.delete(SecKillKey.getSecKillVerifyCode, user.getId()+","+goodsId);
       return true;

   }

接口限流防刷

思路：对接口做限流

可以使用拦截器减少对业务的侵入

点击秒杀之后，首先是生成path，那假如我们对这个接口进行限制：5秒之内用户只能点击5次。

这放在redis中是非常好实现的，因为redis有个自增(自减)和缓存时间，可以很好地实现这个效果。

这里使用注解的方式来实现接口的限流防刷，使用注解的话就可以做成通用的方法，在你想使用限流防刷的接口就可以添加上该注解

假设，我想在5秒内最多请求5次，并且必须要登陆：相应的注解就是这样的：

@AccessLimit(seconds = 5,maxCount = 5,needLogin = true)

首先是实现这个注解：

package com.springboot.SecKill.access;

import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.METHOD;

/**
 * 注解
 * @author WilsonSong
 * @date 2018/8/9/009
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(METHOD)
public @interface AccessLimit {
    int seconds();
    int maxCount();
    boolean needLogin() default true;
}

要想这个注解能够生效，必须要配置拦截器AccessInterceptor：

package com.springboot.SecKill.access;

import com.alibaba.fastjson.JSON;
import com.springboot.SecKill.domain.SecKillUser;
import com.springboot.SecKill.redis.AccessKey;
import com.springboot.SecKill.redis.RedisService;
import com.springboot.SecKill.result.CodeMsg;
import com.springboot.SecKill.result.Result;
import com.springboot.SecKill.service.SecKillUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.OutputStream;

/**
 * 拦截器
 * @author WilsonSong
 * @date 2018/8/9/009
 */
@Service
public class AccessInterceptor extends HandlerInterceptorAdapter{
    @Autowired
    SecKillUserService secKillUserService;
    @Autowired
    RedisService redisService;

    //方法执行前执行
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if(handler instanceof HandlerMethod){
            SecKillUser user = getUser(request,response);
            UserContext.setUser(user);       //把用户保存在本地线程变量中,并且该user与线程绑定一直执行到结束

            HandlerMethod handlerMethod = (HandlerMethod)handler;
            AccessLimit accessLimit = handlerMethod.getMethodAnnotation(AccessLimit.class);     //取方法上的注解
            if (accessLimit == null){
                return true;
            }
            int seconds = accessLimit.seconds();
            int maxCount = accessLimit.maxCount();
            boolean needLogin = accessLimit.needLogin();
            String key = request.getRequestURI();

            if (needLogin){
                if (user == null){
                    render(response,CodeMsg.SESSION_ERROR);
                    return false;
                }
                key +="_" + user.getId();
            }else {
                //da nothing
            }

            //访问次数限制 访问次数存入内存
            AccessKey accessKey = AccessKey.withExpires(seconds);
            Integer count = redisService.get(accessKey,key, Integer.class);
            if (count == null){
                redisService.set(accessKey,key, 1);
            }else if (count < maxCount){
                redisService.incr(accessKey,key);
            }else {
                render(response,CodeMsg.ACCESS_LIMIT_REACHED);
                return false;
            }
        }
        return true;
    }

    /**
     * 返回客户端的错误信息
     * @param response
     * @param cm
     * @throws Exception
     */
    public void render(HttpServletResponse response,CodeMsg cm) throws Exception{
        response.setContentType("application/json;charset=UTF-8");   //返回的数据的编码方式
        OutputStream outputStream = response.getOutputStream();
        String str = JSON.toJSONString(Result.error(cm));
        outputStream.write(str.getBytes("UTF-8"));
        outputStream.flush();
        outputStream.close();
    }

    /**
     * 通过cookie获取用户
     * @param request
     * @param response
     * @return
     */
    private SecKillUser getUser(HttpServletRequest request, HttpServletResponse response){
        String paramToken = request.getParameter(SecKillUserService.COOKIE_NAME_TOKEN);
        String cookieToken = getCookieValue(request,SecKillUserService.COOKIE_NAME_TOKEN);

        if (StringUtils.isEmpty(cookieToken) && StringUtils.isEmpty(paramToken)){
            return null;
        }
        String token = StringUtils.isEmpty(paramToken)?cookieToken:paramToken;
        return secKillUserService.getByToken(response,token);
    }

    /**
     * 获取cookie
     * @param request
     * @param cookieName
     * @return
     */
    private String getCookieValue(HttpServletRequest request,String cookieName){
        Cookie[] cookies = request.getCookies();

        if(cookies == null || cookies.length <= 0){
            return null;
        }
        for (Cookie cookie : cookies){
            if (cookie.getName().equals(cookieName)){
                return cookie.getValue();
            }
        }
        return null;
    }

}

要想这个拦截器工作，我们要重写WebMvcConfigurerAdapter中的addInterceptors方法，将我们的拦截器添加进去就可以了：

public void addInterceptors(InterceptorRegistry registry) {
    registry.addInterceptor(accessInterceptor);
}

这样，利用注解和拦截器就实现了接口通用的限流功能。