Kong Gateway - 17 基于网关服务的响应速率限制(Response Rate Limiting)

我们其实可以继续使用books的Restful api数据访问接口,现在换一个GeoIP国家的数据表来做本篇主题的实验

本篇文章同样是讲Resonse Rate Limiting 功能在具体的项目中我们该如何使用的文章,还有如何测试返回 429 Too Many Requests这样的返回信息,你可能已经搜遍了整个互联网,也没找到像我这样贴心的范例吧?

https://dev.maxmind.com/zh-hans/geoip/legacy/geolite/

[root@contoso ~]# curl -R -O http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 2480k  100 2480k    0     0   117k      0  0:00:21  0:00:21 --:--:--  209k
[root@contoso ~]# unzip GeoIPCountryCSV.zip

[root@contoso ~]# mysql -uroot -p123456 -h127.0.0.1
MariaDB [(none)]> use bookstore

MariaDB [(none)]> CREATE TABLE `countries` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `sip` varchar(20) DEFAULT NULL,
  `eip` varchar(20) DEFAULT NULL,
  `sip2long` int(11) DEFAULT NULL,
  `eip2long` int(11) DEFAULT NULL,
  `code` varchar(2) DEFAULT NULL,
  `country_name` varchar(50) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

MariaDB [bookstore]> load data local infile '/root/GeoIPCountryWhois.csv' into table countries fields terminated by ',' optionally enclosed by '"' escaped by '"'  lines terminated by '\n' (sip,eip,sip2long,eip2long,code,country_name);

我们依然使用本系列文章种第1篇bookstore项目进行扩展开发

/home/myth/www/bookstore/application/api/controller/v1/Country.php

<?php
namespace app\api\controller\v1;
use think\Controller;
use think\Request;
use think\Db;
class Country extends Controller {
    public function getCountries() {
        $countries = Db::table('countries')->paginate(10,false,['query'=>request()->param('page')]);
        return json($countries);
    }

    public function getCountryById($id) {
        $country = Db::name('countries')->where('id', $id)->select();
        return json($country);
    }

    public function addCountry(Request $request) {
        $sip = $request->param('sip');
        $eip = $request->param('eip');
        $sip2long = $request->param('sip2long');
        $eip2long = $request->param('eip2long');
        $code = $request->param('code');
        $country_name = $request->param('country_name');
        $country = ['sip' => $sip, 'eip' => $eip, 'sip2long' => $sip2long, 'eip2long' => $eip2long, 'code' => $code, 'country_name' => $country_name];
        // 启动事务
        Db::startTrans();
        try {
            Db::name('countries')->insert($country);
            // 提交事务
            Db::commit();
        } catch (Exception $ex) {
            // 回滚事务
            Db::rollback();
            return json(['message' => 'inserting not successfully']);
        }
        return json(['message' => 'inserted successfully']);
    }

    public function deleteCountryById($id) {
        // 启动事务
        Db::startTrans();
        try {
            Db::name('countries')->where('id', $id)->delete();
            // 提交事务
            Db::commit();
        } catch (Exception $ex) {
            // 回滚事务
            Db::rollback();
            return json(['message' => 'deleting not successfully']);
        }
        return json(['message' => 'deleted successfully']);
    }

    public function updateCountryById(Request $request) {
        $id = $request->param('id');
        $sip = $request->param('sip');
        $eip = $request->param('eip');
        $sip2long = $request->param('sip2long');
        $eip2long = $request->param('eip2long');
        $code = $request->param('code');
        $country_name = $request->param('country_name');
        $country = ['sip' => $sip, 'eip' => $eip, 'sip2long' => $sip2long, 'eip2long' => $eip2long, 'code' => $code, 'country_name' => $country_name];
        // 启动事务
        Db::startTrans();
        try {
            Db::table('countries')->where('id', $id)->update($country);
            // 提交事务
            Db::commit();
        } catch (Exception $ex) {
            // 回滚事务
            Db::rollback();
             return json(['message' => 'updating not successfully']);
        }
        return json(['message' => 'updated successfully']);
    }
}
/home/myth/www/bookstore/route/route.php  注意 header response头的定义格式 这个与Kong的 Response Size Limit相关 ------ 它实质上就是个限制用户访问次数的递减等差,官网上没有这么具体实现代码方案,官网上给出的命令格式是不对的,
--data "config.limits.{limit_name}=" \ 这个参数这么写 反正我没有玩转。
<?php

// GET    http://contoso.com/v1/books/2
Route::get(':version/books/:id', 'api/:version.Book/getBookById'); 
// POST   http://contoso.com/v1/books
Route::post(':version/books', 'api/:version.Book/addBook');  
// DELETE http://contoso.com/v1/books/2
Route::delete(':version/books/:id', 'api/:version.Book/deleteBookById'); 
// PUT    http://contoso.com/v1/books
Route::put(':version/books', 'api/:version.Book/updateBookById'); 
// GET    http://contoso.com/v1/books
Route::get(':version/books', 'api/:version.Book/getBooks');           

// GET    http://contoso.com/v1/countries/2
// Route::get(':version/countries/:id', 'api/:version.Country/getCountryById')->header(['X-Kong-Limit'=>'countries=1']); 
Route::get(':version/countries/:id', 'api/:version.Country/getCountryById')->header(['X-RateLimit-Limit-countries'=>'countries=3']); 
// POST   http://contoso.com/v1/countries
Route::post(':version/countries', 'api/:version.Country/addCountry')->header(['X-RateLimit-Limit-countries'=>'countries=3']);  
// DELETE http://contoso.com/v1/countries/2
Route::delete(':version/countries/:id', 'api/:version.Country/deleteCountryById')->header(['X-RateLimit-Limit-countries'=>'countries=3']); 
// PUT    http://contoso.com/v1/countries
Route::put(':version/countries', 'api/:version.Country/updateCountryById')->header(['X-RateLimit-Limit-countries'=>'countries=3']); 
// GET    http://contoso.com/v1/countries
Route::get(':version/countries', 'api/:version.Country/getCountries')->header(['X-RateLimit-Limit-countries'=>'countries=3']);           

// GET    http://contoso.com/v1
//Route::get(':version', 'api/Info/index');  
return [

];

Configure a Service in Kong
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=country' \
--data 'url=http://contoso.com/v1/countries'

HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:18:00 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "host": "contoso.com", 
    "created_at": 1526689080, 
    "connect_timeout": 60000, 
    "id": "e281052c-6672-4eb4-858b-db736f86e1f3", 
    "protocol": "http", 
    "name": "country", 
    "read_timeout": 60000, 
    "port": 80, 
    "path": "/v1/countries", 
    "updated_at": 1526689080, 
    "retries": 5, 
    "write_timeout": 60000
}
Add a Route to expose the Service
URL Format http://localhost:8001/services/{name of servie}/routes
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/country/routes \
--data 'paths[]=/v1/countries'
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:18:16 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526689096, 
    "strip_path": true, 
    "hosts": null, 
    "preserve_host": false, 
    "regex_priority": 0, 
    "updated_at": 1526689096, 
    "paths": [
        "/v1/countries"
    ], 
    "service": {
        "id": "e281052c-6672-4eb4-858b-db736f86e1f3"
    }, 
    "methods": null, 
    "protocols": [
        "http", 
        "https"
    ], 
    "id": "29eff1c5-376c-4519-b3a6-33f26954aeb7"   // {route_id} = id
}
Enabling the CORS plugin for a Service
URL Format http://localhost:8001/services/{name of servie}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/country/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:20:56 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526718056000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "64ad92be-df43-498e-9da0-ef06666ec52f", 
    "enabled": true, 
    "service_id": "e281052c-6672-4eb4-858b-db736f86e1f3", 
    "name": "cors"
}
Enabling the CORS plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/29eff1c5-376c-4519-b3a6-33f26954aeb7/plugins \
--data "name=cors"  \
--data "config.origins=http://contoso.com" \
--data "config.methods=GET, POST" \
--data "config.headers=Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:21:32 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526718089000, 
    "config": {
        "methods": [
            "GET", 
            "POST"
        ], 
        "exposed_headers": [
            "X-Auth-Token"
        ], 
        "max_age": 3600, 
        "headers": [
            "Accept", 
            "Accept-Version", 
            "Content-Length", 
            "Content-MD5", 
            "Content-Type", 
            "Date", 
            "X-Auth-Token"
        ], 
        "credentials": true, 
        "origins": [
            "http://contoso.com"
        ], 
        "preflight_continue": false
    }, 
    "id": "eab8cf39-69c0-486f-b749-88df0c58aae0", 
    "enabled": true, 
    "route_id": "29eff1c5-376c-4519-b3a6-33f26954aeb7", 
    "name": "cors"
}
default key-value "header_name": "x-kong-limit"
config.limits.{limit_name}.minute=10
Enabling the Request Size Limiting plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/country/plugins \
--data "name=response-ratelimiting"  \
--data "config.header_name=X-RateLimit-Limit-countries" \
--data "config.limits.countries.minute=10"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:22:20 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526718138000, 
    "config": {
        "redis_database": 0, 
        "policy": "cluster", 
        "redis_timeout": 2000, 
        "limit_by": "consumer", 
        "block_on_first_violation": false, 
        "redis_port": 6379, 
        "hide_client_headers": false, 
        "limits": {
            "countries": {
                "minute": 10
            }
        }, 
        "header_name": "X-RateLimit-Limit-countries", 
        "fault_tolerant": true
    }, 
    "id": "1e4ac46f-b46b-47c2-886e-9fa83b691aab", 
    "enabled": true, 
    "service_id": "e281052c-6672-4eb4-858b-db736f86e1f3", 
    "name": "response-ratelimiting"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# for i in `seq 1 6`
do
sleep 1
curl -i -X GET \
--url http://localhost:8000/v1/countries?page=$i
done
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 1284
Connection: keep-alive
Date: Sat, 19 May 2018 08:24:12 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 7
X-Kong-Upstream-Latency: 83
X-Kong-Proxy-Latency: 115
Via: kong/0.13.1

{
    "total": 170433, 
    "per_page": 10, 
    "current_page": "1", 
    "last_page": 17044, 
    "data": [
        {
            "id": 1, 
            "sip": "1.0.0.0", 
            "eip": "1.0.0.255", 
            "sip2long": 16777216, 
            "eip2long": 16777471, 
            "code": "AU", 
            "country_name": "Australia"
        }, 
        {
            "id": 2, 
            "sip": "1.0.1.0", 
            "eip": "1.0.3.255", 
            "sip2long": 16777472, 
            "eip2long": 16778239, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 3, 
            "sip": "1.0.4.0", 
            "eip": "1.0.7.255", 
            "sip2long": 16778240, 
            "eip2long": 16779263, 
            "code": "AU", 
            "country_name": "Australia"
        }, 
        {
            "id": 4, 
            "sip": "1.0.8.0", 
            "eip": "1.0.15.255", 
            "sip2long": 16779264, 
            "eip2long": 16781311, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 5, 
            "sip": "1.0.16.0", 
            "eip": "1.0.31.255", 
            "sip2long": 16781312, 
            "eip2long": 16785407, 
            "code": "JP", 
            "country_name": "Japan"
        }, 
        {
            "id": 6, 
            "sip": "1.0.32.0", 
            "eip": "1.0.63.255", 
            "sip2long": 16785408, 
            "eip2long": 16793599, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 7, 
            "sip": "1.0.64.0", 
            "eip": "1.0.127.255", 
            "sip2long": 16793600, 
            "eip2long": 16809983, 
            "code": "JP", 
            "country_name": "Japan"
        }, 
        {
            "id": 8, 
            "sip": "1.0.128.0", 
            "eip": "1.0.255.255", 
            "sip2long": 16809984, 
            "eip2long": 16842751, 
            "code": "TH", 
            "country_name": "Thailand"
        }, 
        {
            "id": 9, 
            "sip": "1.1.0.0", 
            "eip": "1.1.0.255", 
            "sip2long": 16842752, 
            "eip2long": 16843007, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 10, 
            "sip": "1.1.1.0", 
            "eip": "1.1.1.255", 
            "sip2long": 16843008, 
            "eip2long": 16843263, 
            "code": "AU", 
            "country_name": "Australia"
        }
    ]
}

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 1302
Connection: keep-alive
Date: Sat, 19 May 2018 08:24:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 4
X-Kong-Upstream-Latency: 107
X-Kong-Proxy-Latency: 4
Via: kong/0.13.1

{
    "total": 170433, 
    "per_page": 10, 
    "current_page": "2", 
    "last_page": 17044, 
    "data": [
        {
            "id": 11, 
            "sip": "1.1.2.0", 
            "eip": "1.1.63.255", 
            "sip2long": 16843264, 
            "eip2long": 16859135, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 12, 
            "sip": "1.1.64.0", 
            "eip": "1.1.127.255", 
            "sip2long": 16859136, 
            "eip2long": 16875519, 
            "code": "JP", 
            "country_name": "Japan"
        }, 
        {
            "id": 13, 
            "sip": "1.1.128.0", 
            "eip": "1.1.255.255", 
            "sip2long": 16875520, 
            "eip2long": 16908287, 
            "code": "TH", 
            "country_name": "Thailand"
        }, 
        {
            "id": 14, 
            "sip": "1.2.0.0", 
            "eip": "1.2.2.255", 
            "sip2long": 16908288, 
            "eip2long": 16909055, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 15, 
            "sip": "1.2.3.0", 
            "eip": "1.2.3.255", 
            "sip2long": 16909056, 
            "eip2long": 16909311, 
            "code": "US", 
            "country_name": "United States"
        }, 
        {
            "id": 16, 
            "sip": "1.2.4.0", 
            "eip": "1.2.127.255", 
            "sip2long": 16909312, 
            "eip2long": 16941055, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 17, 
            "sip": "1.2.128.0", 
            "eip": "1.2.255.255", 
            "sip2long": 16941056, 
            "eip2long": 16973823, 
            "code": "TH", 
            "country_name": "Thailand"
        }, 
        {
            "id": 18, 
            "sip": "1.3.0.0", 
            "eip": "1.3.255.255", 
            "sip2long": 16973824, 
            "eip2long": 17039359, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 19, 
            "sip": "1.4.0.0", 
            "eip": "1.4.0.255", 
            "sip2long": 17039360, 
            "eip2long": 17039615, 
            "code": "AU", 
            "country_name": "Australia"
        }, 
        {
            "id": 20, 
            "sip": "1.4.1.0", 
            "eip": "1.4.127.255", 
            "sip2long": 17039616, 
            "eip2long": 17072127, 
            "code": "CN", 
            "country_name": "China"
        }
    ]
}

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 1325
Connection: keep-alive
Date: Sat, 19 May 2018 08:24:15 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 1
X-Kong-Upstream-Latency: 52
X-Kong-Proxy-Latency: 0
Via: kong/0.13.1

{
    "total": 170433, 
    "per_page": 10, 
    "current_page": "3", 
    "last_page": 17044, 
    "data": [
        {
            "id": 21, 
            "sip": "1.4.128.0", 
            "eip": "1.4.255.255", 
            "sip2long": 17072128, 
            "eip2long": 17104895, 
            "code": "TH", 
            "country_name": "Thailand"
        }, 
        {
            "id": 22, 
            "sip": "1.5.0.0", 
            "eip": "1.5.255.255", 
            "sip2long": 17104896, 
            "eip2long": 17170431, 
            "code": "JP", 
            "country_name": "Japan"
        }, 
        {
            "id": 23, 
            "sip": "1.6.0.0", 
            "eip": "1.7.255.255", 
            "sip2long": 17170432, 
            "eip2long": 17301503, 
            "code": "IN", 
            "country_name": "India"
        }, 
        {
            "id": 24, 
            "sip": "1.8.0.0", 
            "eip": "1.8.255.255", 
            "sip2long": 17301504, 
            "eip2long": 17367039, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 25, 
            "sip": "1.9.0.0", 
            "eip": "1.9.255.255", 
            "sip2long": 17367040, 
            "eip2long": 17432575, 
            "code": "MY", 
            "country_name": "Malaysia"
        }, 
        {
            "id": 26, 
            "sip": "1.10.0.0", 
            "eip": "1.10.9.255", 
            "sip2long": 17432576, 
            "eip2long": 17435135, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 27, 
            "sip": "1.10.10.0", 
            "eip": "1.10.10.255", 
            "sip2long": 17435136, 
            "eip2long": 17435391, 
            "code": "AU", 
            "country_name": "Australia"
        }, 
        {
            "id": 28, 
            "sip": "1.10.11.0", 
            "eip": "1.10.127.255", 
            "sip2long": 17435392, 
            "eip2long": 17465343, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 29, 
            "sip": "1.10.128.0", 
            "eip": "1.10.255.255", 
            "sip2long": 17465344, 
            "eip2long": 17498111, 
            "code": "TH", 
            "country_name": "Thailand"
        }, 
        {
            "id": 30, 
            "sip": "1.11.0.0", 
            "eip": "1.11.255.255", 
            "sip2long": 17498112, 
            "eip2long": 17563647, 
            "code": "KR", 
            "country_name": "Korea, Republic of"
        }
    ]
}

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 1340
Connection: keep-alive
Date: Sat, 19 May 2018 08:24:16 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 0
X-Kong-Upstream-Latency: 81
X-Kong-Proxy-Latency: 2
Via: kong/0.13.1

{
    "total": 170433, 
    "per_page": 10, 
    "current_page": "4", 
    "last_page": 17044, 
    "data": [
        {
            "id": 31, 
            "sip": "1.12.0.0", 
            "eip": "1.15.255.255", 
            "sip2long": 17563648, 
            "eip2long": 17825791, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 32, 
            "sip": "1.16.0.0", 
            "eip": "1.19.255.255", 
            "sip2long": 17825792, 
            "eip2long": 18087935, 
            "code": "KR", 
            "country_name": "Korea, Republic of"
        }, 
        {
            "id": 33, 
            "sip": "1.20.0.0", 
            "eip": "1.20.255.255", 
            "sip2long": 18087936, 
            "eip2long": 18153471, 
            "code": "TH", 
            "country_name": "Thailand"
        }, 
        {
            "id": 34, 
            "sip": "1.21.0.0", 
            "eip": "1.21.255.255", 
            "sip2long": 18153472, 
            "eip2long": 18219007, 
            "code": "JP", 
            "country_name": "Japan"
        }, 
        {
            "id": 35, 
            "sip": "1.22.0.0", 
            "eip": "1.23.255.255", 
            "sip2long": 18219008, 
            "eip2long": 18350079, 
            "code": "IN", 
            "country_name": "India"
        }, 
        {
            "id": 36, 
            "sip": "1.24.0.0", 
            "eip": "1.31.255.255", 
            "sip2long": 18350080, 
            "eip2long": 18874367, 
            "code": "CN", 
            "country_name": "China"
        }, 
        {
            "id": 37, 
            "sip": "1.32.0.0", 
            "eip": "1.32.127.255", 
            "sip2long": 18874368, 
            "eip2long": 18907135, 
            "code": "MY", 
            "country_name": "Malaysia"
        }, 
        {
            "id": 38, 
            "sip": "1.32.128.0", 
            "eip": "1.32.191.255", 
            "sip2long": 18907136, 
            "eip2long": 18923519, 
            "code": "SG", 
            "country_name": "Singapore"
        }, 
        {
            "id": 39, 
            "sip": "1.32.192.0", 
            "eip": "1.32.193.255", 
            "sip2long": 18923520, 
            "eip2long": 18924031, 
            "code": "HK", 
            "country_name": "Hong Kong"
        }, 
        {
            "id": 40, 
            "sip": "1.32.194.0", 
            "eip": "1.32.194.255", 
            "sip2long": 18924032, 
            "eip2long": 18924287, 
            "code": "TW", 
            "country_name": "Taiwan"
        }
    ]
}

HTTP/1.1 429 Too Many Requests
Server: openresty/1.13.6.1
Date: Sat, 19 May 2018 08:24:15 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 191
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 0
X-Kong-Upstream-Latency: 55
X-Kong-Proxy-Latency: 1
Via: kong/0.13.1

<html>
<head><title>429 Too Many Requests</title></head>
<body bgcolor="white">
<center><h1>429 Too Many Requests</h1></center>
<hr><center>openresty/1.13.6.1</center>
</body>
</html>

HTTP/1.1 429 Too Many Requests
Server: openresty/1.13.6.1
Date: Sat, 19 May 2018 08:24:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 191
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 0
X-Kong-Upstream-Latency: 63
X-Kong-Proxy-Latency: 1
Via: kong/0.13.1

<html>
<head><title>429 Too Many Requests</title></head>
<body bgcolor="white">
<center><h1>429 Too Many Requests</h1></center>
<hr><center>openresty/1.13.6.1</center>
</body>
</html>
Enabling the Response Size Limiting plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/29eff1c5-376c-4519-b3a6-33f26954aeb7/plugins \
--data "name=response-ratelimiting"  \
--data "config.header_name=X-RateLimit-Limit-countries" \
--data "config.limits.countries.minute=10"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:35:48 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526690148000, 
    "config": {
        "redis_database": 0, 
        "policy": "cluster", 
        "redis_timeout": 2000, 
        "limit_by": "consumer", 
        "block_on_first_violation": false, 
        "redis_port": 6379, 
        "hide_client_headers": false, 
        "limits": {
            "countries": {
                "minute": 10
            }
        }, 
        "header_name": "X-RateLimit-Limit-countries", 
        "fault_tolerant": true
    }, 
    "id": "e0e13969-5f03-4786-8284-65fcbd84d008", 
    "enabled": true, 
    "route_id": "29eff1c5-376c-4519-b3a6-33f26954aeb7", 
    "name": "response-ratelimiting"
}
A client-user Requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# for i in `seq 1 6`
do
sleep 1
curl -i -X GET \
--url http://localhost:8000/v1/countries?page=$i
done

此处输出效果与上面粘贴出来的数据完全类似,就不浪费篇幅再次贴几乎一样的内容啦


Enabling the Basic Authentication plugin for a Service
URL Format http://localhost:8001/services/{service}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/services/country/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"

HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:36:49 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526719007000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "e5bdff23-8e74-4858-b6a4-d7ee054ba38c", 
    "enabled": true, 
    "service_id": "e281052c-6672-4eb4-858b-db736f86e1f3", 
    "name": "basic-auth"
}
Enabling the Basic Authentication plugin for a Route
URL Format http://localhost:8001/routes/{route_id}/plugins
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/routes/29eff1c5-376c-4519-b3a6-33f26954aeb7/plugins \
--data "name=basic-auth"  \
--data "config.hide_credentials=true"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:37:26 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526719045000, 
    "config": {
        "hide_credentials": true, 
        "anonymous": ""
    }, 
    "id": "92f0540e-ef9c-49cb-a6b4-773fafd6840a", 
    "enabled": true, 
    "route_id": "29eff1c5-376c-4519-b3a6-33f26954aeb7", 
    "name": "basic-auth"
}
Create a Consumer
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/  \
--data "username=jack"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:37:51 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526719072000, 
    "username": "jack", 
    "id": "2a15a391-a19e-47b2-9e49-34e81c3bc210"
}
Create a Credential
URL Format  http://localhost:8001/consumers/{username or consumer_id}/basic-auth    
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/consumers/jack/basic-auth \
--data "username=jack@hotmail.com" \
--data "password=123456"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:38:27 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526719107000, 
    "id": "4d5ef172-ef71-4ac3-8c25-40b74df11c3a", 
    "username": "jack@hotmail.com", 
    "password": "ceb5eb164d6a4d4ffa23bab1f8167ab7e2d57c73", 
    "consumer_id": "2a15a391-a19e-47b2-9e49-34e81c3bc210"
}
On line base64 tool address is http://tool.oschina.net/encrypt?type=3    
Key-Value about jack@hotmail.com:123456,its base64 value is :    
amFja0Bob3RtYWlsLmNvbToxMjM0NTY=    
for user jack sign in to pass Basic Authenctiaction,we'll get a country record(id = 3)  

A client-user requesting the country microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/countries/3 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 123
Connection: keep-alive
Date: Sat, 19 May 2018 08:39:58 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 7
X-Kong-Upstream-Latency: 27
X-Kong-Proxy-Latency: 33
Via: kong/0.13.1

[
    {
        "id": 3, 
        "sip": "1.0.4.0", 
        "eip": "1.0.7.255", 
        "sip2long": 16778240, 
        "eip2long": 16779263, 
        "code": "AU", 
        "country_name": "Australia"
    }
]
Enabling the Response Size Limiting plugin for a Consumer
consumer_id={consumer_id}
[root@contoso ~]# curl -i -X POST \
--url http://localhost:8001/plugins \
--data "name=response-ratelimiting" \
--data "consumer_id=2a15a391-a19e-47b2-9e49-34e81c3bc210"  \
--data "config.header_name=X-RateLimit-Limit-countries" \
--data "config.limits.countries.minute=10"
HTTP/1.1 201 Created
Date: Sat, 19 May 2018 08:43:07 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.13.1

{
    "created_at": 1526719388000, 
    "config": {
        "redis_database": 0, 
        "policy": "cluster", 
        "redis_timeout": 2000, 
        "limit_by": "consumer", 
        "block_on_first_violation": false, 
        "redis_port": 6379, 
        "hide_client_headers": false, 
        "limits": {
            "countries": {
                "minute": 10
            }
        }, 
        "header_name": "X-RateLimit-Limit-countries", 
        "fault_tolerant": true
    }, 
    "id": "705bd457-0010-4d7f-ae4a-2e9c1309ecc8", 
    "name": "response-ratelimiting", 
    "enabled": true, 
    "consumer_id": "2a15a391-a19e-47b2-9e49-34e81c3bc210"
}
A client-user requesting the book microservice exposed through Kong's proxy server
[root@contoso ~]# curl -i -X GET \
--url http://localhost:8000/v1/countries/30 \
--header "Authorization: Basic amFja0Bob3RtYWlsLmNvbToxMjM0NTY="
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 137
Connection: keep-alive
Date: Sat, 19 May 2018 08:44:09 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.13
X-Powered-By: PHP/7.1.13
Vary: Origin
Access-Control-Allow-Origin: http://contoso.com
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Auth-Token
X-RateLimit-Limit-countries-minute: 10
X-RateLimit-Remaining-countries-minute: 7
X-Kong-Upstream-Latency: 24
X-Kong-Proxy-Latency: 3
Via: kong/0.13.1

[
    {
        "id": 30, 
        "sip": "1.11.0.0", 
        "eip": "1.11.255.255", 
        "sip2long": 17498112, 
        "eip2long": 17563647, 
        "code": "KR", 
        "country_name": "Korea, Republic of"
    }
]

最后附带上Response Size Limiting在客户端浏览器上的运行效果视频:

https://pan.baidu.com/s/1STDGowau0LeOM9uI0NqisA

相关文章
相关标签/搜索