限制速率以防止ExpressJS中的恶意行为

本文介绍了限制速率以防止ExpressJS中的恶意行为的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

有人让我意识到我正在开展的一个应用程序中的一些缺陷（大部分在我前面的JavaScript中），这样就可以一次点击一吨按钮，并发出一个吨的交易电子邮件。这显然不是很好。

我认为在ExpressJS中处理这一点的一种方法是使用 app.all（）来计算在一定时间内发生的请求数。我会把这个存储在会话元数据中，其中包含时间戳，如果在Y时间内发生了超过X个请求，我将它们关闭一段时间直到限制到期。

以前有人做过这个或者有任何提示/提示来帮助我吗？很容易掉入我的应用程序的东西是可取的。谢谢！

解决方案

您可以在网页中使用 Collate 对象。

 函数整理（超时）{
 this.timeout = timeout || 1000; 
} 
 Collate.prototype = {
 time：0，
 
 idle：function（）{
 var t = new Date（）。getTime ）; 
 return（t  -  this.time> this.timeout&（this.time = t））; 
}，
 
 prefer：function（func）{
 this.func = func; 
 clearTimeout（this.timer）; 
 this.timer = setTimeout（func，this.timeout）; 
} 
};

如果您希望功能运行一次，并且在接下来的1秒内不再运行。
如果要阻止用户多次提交表单，请执行以下操作：

  var timer =新装箱（3000）; // 3秒
 button1.onclick = function（）{
 if（timer.idle（））{
 button1.form.submit（）; 
} else alert（请勿点击太快！）; 
} 
 
 //或在表单标签上
 
< script> var submitTimer = new Collate（3000）;< / script> 
< form action =postonsubmit =return submitTimer.idle（）;>

如果您希望事件多次触发，并且只想对上次触发时做出反应。
喜欢如果你想在用户完成打字后搜索，你可以这样做：

  var timer = new Collate （700）; //0.7秒
 textfield1.onkeyup = function（）{
 timer.prefer（function（）{
 autocomplete.search（textfield1.value）; 
}）; 
};

Someone made me aware of some flaws in an application I'm working on (mostly within my JavaScript on the front-end), that leaves open the possibility of, say, clicking a ton of buttons at once and sending out a ton of transactional emails. This is clearly not good.

I think one way to handle this in ExpressJS is by using app.all() to count the number of requests that happen within a certain timeframe. I'd store this in the session metadata with timestamps, and if more than X requests happen in Y time, I cut them off for awhile until the limit expires.

Has anyone done this before or have any tips/hints to help me out? Something that's easy to drop in and out of my app is preferable. Thanks!

解决方案

You could use the Collate object in your webpage.

function Collate(timeout) {
  this.timeout = timeout || 1000;
}
Collate.prototype = {
  time: 0,

  idle: function() {
    var t = new Date().getTime();
    return (t - this.time > this.timeout && (this.time = t));
  },

  prefer: function(func) {
    this.func = func;
    clearTimeout(this.timer);
    this.timer = setTimeout(func, this.timeout);
  }
};

If you want a function to run once and not run again within the next 1 second.Like if you want to prevent the user from submitting a form many times, you do this:

var timer = new Collate(3000);  //3 seconds
button1.onclick = function() {
    if(timer.idle()) {
        button1.form.submit();
    } else alert("Don't click too quickly!");
}

//or on the form tag

<script>var submitTimer = new Collate(3000);</script>
<form action="post" onsubmit="return submitTimer.idle();">

If you expect an event to fire multiple times and only want to react to the last time it fires.Like if you want to search after a user has finished typing, you do this:

var timer = new Collate(700); //0.7 seconds
textfield1.onkeyup = function() {
    timer.prefer(function() {
        autocomplete.search(textfield1.value);
    });
};

这篇关于限制速率以防止ExpressJS中的恶意行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！