后端某些接口在高并发的压力下往往会导致性能的严重下降，为了维持我们后端服务型的高性能和高可用，我们往往可以对某些接口或某些用户去设计限流机制，控制这些热点接口的访问量，我这里利用Redis的高性能优势，并整合AOP编程和引入Lua限流脚本在SpringBoot中对任意接口或某些用户实现了访问量限流的机制，其中，我这里给出了三种限流机制：用户，IP地址，全局限流

1.定义限流方式

 /*** 限流类型* @Author GuihaoLv*/
public enum LimitType {/*** 默认策略全局限流*/DEFAULT,/*** 根据请求者IP进行限流*/IP,/*** 根据请求者的用户ID进行限流*/USER,/*** 根据请求者的部门进行限流*/DEPT,
}

2.引入AOP，自定义限流注解和限流处理的切面类

/*** 限流注解* @Author GuihaoLv*/
//实例 @RateLimiter(time = 60, count = 5, limitType = LimitType.IP) 效果：同一IP 60秒内最多允许5次登录尝试。
@Target(ElementType.METHOD) //表示该注解仅能标注在方法上，用于对具体方法进行限流控制。
@Retention(RetentionPolicy.RUNTIME) //注解在运行时保留，可通过反射机制读取注解信息，实现动态限流逻辑。
@Documented //注解信息会包含在生成的 JavaDoc 中
public @interface RateLimiter {/*** 限流key*/public String key() default RedisConstant.RATE_LIMIT_KEY;/*** 限流时间,单位秒*/public int time() default 60;/*** 限流次数*/public int count() default 100;/*** 限流类型*/public LimitType limitType() default LimitType.DEFAULT;
}

/*** 限流处理切面* @Author GuihaoLv*/
@Aspect
@Component
//确保仅当配置项 spring.cache.type=redis 时，切面才会生效
@ConditionalOnProperty(prefix = "spring.cache", name = { "type" }, havingValue = "redis", matchIfMissing = false)
public class RateLimiterAspect
{private static final Logger log = LoggerFactory.getLogger(RateLimiterAspect.class);private RedisTemplate<Object, Object> redisTemplate; //redis 操作模板，用于执行 Lua 脚本和 Redis 命令private RedisScript<Long> limitScript; //限流核心逻辑的 Lua 脚本@Autowiredpublic void setRedisTemplate1(RedisTemplate<Object, Object> redisTemplate){this.redisTemplate = redisTemplate;}@Autowiredpublic void setLimitScript(RedisScript<Long> limitScript){this.limitScript = limitScript;}@Autowiredprivate ObjectMapper jacksonObjectMapper;@Before("@annotation(rateLimiter)")public void doBefore(JoinPoint point, RateLimiter rateLimiter) throws Throwable{//1. 获取注解参数int time = rateLimiter.time(); //时间窗口（秒）int count = rateLimiter.count();// 允许的请求次数//2. 生成唯一限流 KeyString combineKey = getCombineKey(rateLimiter, point);List<Object> keys = Collections.singletonList(combineKey);try{//3. 以key为参数执行 Lua 脚本（原子性操作） keys:Redis 存储的 Key//Lua脚本会检查Key是否存在，如果不存在则创建并设置过期时间，如果存在则递增计数器。Long number = redisTemplate.execute(limitScript, keys, count, time);if (StringUtils.isEmpty(number) || number.intValue() > count){throw new Exception("访问过于频繁，请稍候再试");}log.info("限制请求'{}',当前请求'{}',缓存key'{}'", count, number.intValue(), combineKey);} catch (RuntimeException e){throw new RuntimeException("服务器限流异常，请稍候再试");} catch (Exception e){throw e;}}//IP + 类名 + 方法名 的拼接方式，确保不同场景的Key不冲突。//Key结构清晰，便于调试和监控（如通过Redis直接查看计数器）。public String getCombineKey(RateLimiter rateLimiter, JoinPoint point){StringBuffer stringBuffer = new StringBuffer(rateLimiter.key());switch (rateLimiter.limitType()) {case IP:try {limitByIp(stringBuffer);} catch (IOException e) {e.printStackTrace();} catch (InterruptedException e) {e.printStackTrace();}break;case USER:limitByUser(stringBuffer);break;case DEFAULT:limitByDefault(stringBuffer,point);break;}return stringBuffer.toString();}/*** 按IP限流* @param stringBuffer*/private final HttpClient httpClient = HttpClient.newHttpClient();private void limitByIp(StringBuffer stringBuffer) throws IOException, InterruptedException {String[] services = {"https://api.ipify.org","https://icanhazip.com"};for (String serviceUrl : services) {HttpRequest request = HttpRequest.newBuilder().uri(URI.create(serviceUrl)).GET().build();HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());String ip = response.body().trim();stringBuffer.append(":ip:").append(ip);}}/*** 全局限流* @param stringBuffer* @param point*/private void limitByDefault(StringBuffer stringBuffer, JoinPoint point) {//按方法限流：拼接类名 + 方法名MethodSignature signature = (MethodSignature) point.getSignature();Method method = signature.getMethod();Class<?> targetClass = method.getDeclaringClass();stringBuffer.append(targetClass.getName()).append("-").append(method.getName());}/*** 按用户限流* @param stringBuffer*/private void limitByUser(StringBuffer stringBuffer) {//获取当前用户String userSubject = UserThreadLocal.getSubject();User user=new User();try {user = jacksonObjectMapper.readValue(userSubject, User.class);} catch (JsonProcessingException e) {throw new RuntimeException("无法获取当前用户");}stringBuffer.append(":user:").append(user.getId());}}

3. 在Redis的配置类中整合Lua语言自定义限流脚本的执行

/*** 限流脚本定义* @return*/
@Bean
public DefaultRedisScript<Long> limitScript() {DefaultRedisScript<Long> redisScript = new DefaultRedisScript<>();redisScript.setScriptText(limitScriptText()); //加载Lua脚本redisScript.setResultType(Long.class); // 返回类型为Longreturn redisScript;
}/*** 限流脚本*/
private String limitScriptText() {return "local key = KEYS[1]\n" +"local count = tonumber(ARGV[1])\n" +"local time = tonumber(ARGV[2])\n" +"local current = redis.call('get', key);\n" +"if current and tonumber(current) > count then\n" +"    return tonumber(current);\n" +"end\n" +"current = redis.call('incr', key)\n" +"if tonumber(current) == 1 then\n" +"    redis.call('expire', key, time)\n" +"end\n" +"return tonumber(current);";
}

4. 限流注解的使用

案例1：登录接口IP限流

@RateLimiter( key = "login_attempt", time = 300, // 5分钟 count = 5, 
limitType = LimitType.IP ) 
@PostMapping("/login") 
public Response login(@RequestBody LoginDTO dto) { // 登录逻辑 }

案例2：API用户维度限流

@RateLimiter( key = "api_v1:data_export", time = 3600, // 1小时 count = 10,

limitType = LimitType.USER )

@GetMapping("/export")

public void exportData() { // 数据导出逻辑 }

这样就能对上述接口实现对应的限流机制了