package io.github.xiaoyureed.redispractice.anno;import java.lang.annotation.*;@Documented@Target({ElementType.METHOD})@Retention(RetentionPolicy.RUNTIME)public @interface RedisLimit {  /**   * 標識參數名, 必須是請求參數中的一個   */  String identifier();  /**   * 在多長時間內監控, 如希望在 60s 內嘗試   * 次數限制為5次, 那么 watch=60; unit: s   */  long watch();  /**   * 鎖定時長, unit: s   */  long lock();  /**   * 錯誤的嘗試次數   */  int times();}

package io.github.xiaoyureed.redispractice.aop;@Component@Aspect// Ensure that current advice is outer compared with ControllerAOP// so we can handling login limitation Exception in this aop advice.//@Order(9)@Slf4jpublic class RedisLimitAOP {  @Autowired  private StringRedisTemplate stringRedisTemplate;  @Around("@annotation(io.github.xiaoyureed.redispractice.anno.RedisLimit)")  public Object handleLimit(ProceedingJoinPoint joinPoint) {    MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();    final Method   method     = methodSignature.getMethod();    final RedisLimit redisLimitAnno = method.getAnnotation(RedisLimit.class);// 貌似可以直接在方法參數中注入 todo    final String identifier = redisLimitAnno.identifier();    final long  watch   = redisLimitAnno.watch();    final int  times   = redisLimitAnno.times();    final long  lock    = redisLimitAnno.lock();    // final ServletRequestAttributes att       = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();    // final HttpServletRequest    request     = att.getRequest();    // final String          identifierValue = request.getParameter(identifier);    String identifierValue = null;    try {      final Object arg      = joinPoint.getArgs()[0];      final Field declaredField = arg.getClass().getDeclaredField(identifier);      declaredField.setAccessible(true);      identifierValue = (String) declaredField.get(arg);    } catch (NoSuchFieldException e) {      log.error(">>> invalid identifier [{}], cannot find this field in request params", identifier);    } catch (IllegalAccessException e) {      e.printStackTrace();    }    if (StringUtils.isBlank(identifierValue)) {      log.error(">>> the value of RedisLimit.identifier cannot be blank, invalid identifier: {}", identifier);    }    // check User locked    final ValueOperations<String, String> ssOps = stringRedisTemplate.opsForValue();    final String             flag = ssOps.get(identifierValue);    if (flag != null && "lock".contentEquals(flag)) {      final BaseResp result = new BaseResp();      result.setErrMsg("user locked");      result.setCode("1");      return new ResponseEntity<>(result, HttpStatus.OK);    }    ResponseEntity result;    try {      result = (ResponseEntity) joinPoint.proceed();    } catch (Throwable e) {      result = handleLoginException(e, identifierValue, watch, times, lock);    }    return result;  }  private ResponseEntity handleLoginException(Throwable e, String identifierValue, long watch, int times, long lock) {    final BaseResp result = new BaseResp();    result.setCode("1");    if (e instanceof LoginException) {      log.info(">>> handle login exception...");      final ValueOperations<String, String> ssOps = stringRedisTemplate.opsForValue();      Boolean                exist = stringRedisTemplate.hasKey(identifierValue);      // key doesn't exist, so it is the first login failure      if (exist == null || !exist) {        ssOps.set(identifierValue, "1", watch, TimeUnit.SECONDS);        result.setErrMsg(e.getMessage());        return new ResponseEntity<>(result, HttpStatus.OK);      }      String count = ssOps.get(identifierValue);      // has been reached the limitation      if (Integer.parseInt(count) + 1 == times) {        log.info(">>> [{}] has been reached the limitation and will be locked for {}s", identifierValue, lock);        ssOps.set(identifierValue, "lock", lock, TimeUnit.SECONDS);        result.setErrMsg("user locked");        return new ResponseEntity<>(result, HttpStatus.OK);      }      ssOps.increment(identifierValue);      result.setErrMsg(e.getMessage() + "; you have try " + ssOps.get(identifierValue) + "times.");    }    log.error(">>> RedisLimitAOP cannot handle {}", e.getClass().getName());    return new ResponseEntity<>(result, HttpStatus.OK);  }}

package io.github.xiaoyureed.redispractice.web;@RestControllerpublic class SessionResources {  @Autowired  private SessionService sessionService;  /**   * 1 min 之內嘗試超過5次, 鎖定 user 1h   */  @RedisLimit(identifier = "name", watch = 30, times = 5, lock = 10)  @RequestMapping(value = "/session", method = RequestMethod.POST)  public ResponseEntity<LoginResp> login(@Validated @RequestBody LoginReq req) {    return new ResponseEntity<>(sessionService.login(req), HttpStatus.OK);  }}