CN113726673B - Service gateway flow control method, device, equipment and storage medium - Google Patents
Service gateway flow control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113726673B CN113726673B CN202110787715.6A CN202110787715A CN113726673B CN 113726673 B CN113726673 B CN 113726673B CN 202110787715 A CN202110787715 A CN 202110787715A CN 113726673 B CN113726673 B CN 113726673B
- Authority
- CN
- China
- Prior art keywords
- flow control
- attribute
- access request
- preset attribute
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2408—Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure provides a service gateway flow control method, a device, equipment and a storage medium, which are used for solving the technical problem that a service gateway cannot realize a flow control white list function. According to the technical scheme, the flow control function of the API interface service gateway is expanded, the first preset attribute is carried in the access request to cooperate with the first preset attribute configured in the flow control strategy, and when the access request carries the first preset attribute and is consistent with the first preset attribute configured in the flow control strategy, the flow control processing is not carried out on the access request. According to the technical scheme, the flow control white list function of the specific access request can be realized, and the flexible flow control requirement of the service gateway can be met.
Description
Technical Field
The disclosure relates to the technical field of cloud computing, and in particular relates to a service gateway flow control method, device, equipment and storage medium.
Background
An application program interface (Application Interface, API) gateway is a service portal for a service system. The API gateway encapsulates the internal architecture of the service system, providing a customized API access interface for the client. Kong is an API gateway, kong plug-ins can exist independently in a separate code library and can be injected into any location of the requested lifecycle by several lines of code, similar to the AOP cut of java. The Kong plug-in development suite PDK interacts with the request/response object or stream to implement arbitrary logic. PDK is a set of Lua functions that Kong plugins can use to facilitate interactions between plugins and Kong's core components (or other components).
In order to ensure the service quality and the availability of the service system, each API gateway has an access upper limit, and when the access frequency or the concurrency exceeds the bearing range of the service system, measures such as current limiting must be considered to ensure the availability of the API gateway, so as to protect the back-end service.
To provide a continuous and stable service, flow control may be performed for the API interfaces of the partial service system by creating a flow control policy. The flow control strategy and the API interface are mutually independent, and only after the flow control strategy is bound with the API interface, the flow control strategy takes effect on the bound API interface.
Common techniques for flow control include leaky bucket, token bucket, and counter schemes. The leakage Bucket (leakage Bucket) algorithm thought is very simple, water (request) enters the leakage Bucket firstly, the leakage Bucket outputs water at a certain speed (the interface has response rate), when the water flowing speed is too high, the water can overflow directly (the access frequency exceeds the interface response rate), namely the overflowed request can be refused, and the leakage Bucket algorithm can be seen to limit the data transmission rate forcefully.
The Token Bucket algorithm (Token Bucket) is the same as the leak Bucket effect but is an opposite algorithm, and is easier to understand. Over time, the system will add tokens to the bucket at constant 1/second rate of queries QPS time intervals, will not add further if the bucket is full, will take tokens from the bucket temporarily, and will block or deny service if there are no tokens.
The principle of the counter algorithm is to have the maximum number of processing requests fixed during a time interval (time window) during which requests exceeding the maximum number are not processed. The threshold value of the counter algorithm can also be dynamically configured through the server side, so the API gateway can also provide flow control basic configuration through the counter algorithm, and the unit time can be selected from seconds, minutes, hours and days, such as 5000 times/minute. Wherein, at least one of the unit time of seconds, minutes, hours, days, months and years is needed to be configured, and a plurality of the units are supported to be configured. By configuring the basic flow control strategy, the flow limit of the API service interface, the user flow limit and the application flow limit can be realized.
However, for some special business requirements, such as banking business, etc. industries with relatively high security requirements, it is desirable that the flow control technique can achieve finer access control, for example, when a very important client, i.e., VIP client, accesses an API gateway, it can not be restricted by the flow control policy, but still maintain the flow control policy restriction when a general user accesses the API. However, the current API gateway cannot meet this requirement for the same API interface.
Disclosure of Invention
In view of this, the present disclosure provides a service gateway flow control method, device, equipment and storage medium, which are used for solving the technical problem that a service gateway cannot realize the flow control white list function.
The disclosure aims to provide a service gateway flow control method, which is used for realizing the function of executing different flow control strategies aiming at different access requests on the basis of a basic API gateway function so as to meet flexible flow control requirements.
Fig. 1 is a flowchart of steps of a service gateway flow control method according to an embodiment of the present disclosure, where the method is applied to an API gateway, and the method includes:
s101, when an API gateway receives an access request aiming at a first API interface, judging whether the first API interface has a bound flow control strategy or not;
s102, judging whether the access request carries a first preset attribute or not when the first API interface binds a first streaming strategy;
s103, when the access request carries a first preset attribute and the carried first preset attribute is consistent with a first preset attribute configured in a first streaming strategy, forwarding the access request to the first API interface;
s104, when the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first flow control strategy, performing flow control processing on the access request based on the basic flow control attribute configured in the first flow control strategy.
Further, a basic flow control attribute and a request head attribute are configured in the first flow control strategy, and a first preset attribute is configured in the request head attribute;
carrying the first preset attribute in the access request means that the request header of the access request carries the first preset attribute.
Further, a basic flow control attribute and a request body attribute are configured in the first flow control strategy, and a first preset attribute is configured in the request body attribute;
carrying the first preset attribute in the access request means that the request body of the access request carries the first preset attribute.
Further, a basic flow control attribute, a request head attribute and a request body attribute are configured in the first flow control strategy, and a first preset attribute is configured in the request head attribute and/or the request body attribute;
carrying the first preset attribute in the access request means that the first preset attribute is carried in a request head and/or a request body of the access request;
when the access request carries a first preset attribute, and the carried first preset attribute is consistent with the first preset attribute configured in the first streaming policy, it means that:
the first preset attribute carried in the request header of the access request is consistent with the first preset attribute configured in the request header attribute in the first streaming control strategy; or the first preset attribute carried in the request body of the access request is consistent with the first preset attribute configured in the request body attribute in the first streaming policy.
In another embodiment of the present disclosure, further comprising the steps of:
judging whether the access request carries a second preset attribute or not under the condition that the first API interface binds a first streaming strategy and the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first streaming strategy;
and refusing to forward the access request and feeding back a refusal response message to a request sender when the access request carries a second preset attribute and the carried second preset attribute is consistent with the second preset attribute configured in the first streaming control strategy.
Based on another aspect of the disclosure, the disclosure further provides a service gateway flow control device, which is applied to an application program interface API gateway, and the device includes:
the receiving response module is used for receiving an access request aiming at the first API interface and feeding back a flow control response message to a requester according to a flow control processing result;
the first judging module is used for judging whether the first API interface has a bound flow control strategy or not and judging whether the access request carries a first preset attribute or not;
the white list processing module is used for forwarding the access request to the first API interface when the access request carries a first preset attribute and the carried first preset attribute is consistent with a first preset attribute configured in a first streaming policy;
and the flow control processing module is used for performing flow control processing on the access request based on the basic flow control attribute configured in the first flow control strategy when the first preset attribute is not carried in the access request or is inconsistent with the first preset attribute configured in the first flow control strategy.
Further, a basic flow control attribute, a request head attribute and a request body attribute are configured in the first flow control strategy, and a first preset attribute is configured in the request head attribute and/or the request body attribute;
carrying the first preset attribute in the access request means that the first preset attribute is carried in a request head and/or a request body of the access request;
when the access request carries a first preset attribute, and the carried first preset attribute is consistent with the first preset attribute configured in the first streaming policy, it means that:
the first preset attribute carried in the request header of the access request is consistent with the first preset attribute configured in the request header attribute in the first streaming control strategy; or the first preset attribute carried in the request body of the access request is consistent with the first preset attribute configured in the request body attribute in the first streaming policy.
Further, a second judging module, configured to judge whether the access request carries a second preset attribute if the first API interface binds a first streaming policy and the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with a first preset attribute configured in the first streaming policy;
and the blacklist processing module is used for refusing to forward the access request and feeding back a refusal response message to the request sender when the access request carries a second preset attribute and the carried second preset attribute is consistent with the second preset attribute configured in the first streaming policy.
According to the technical scheme, the flow control function of the API interface service gateway is expanded, the first preset attribute is carried in the access request to cooperate with the first preset attribute configured in the flow control strategy, and when the access request carries the first preset attribute and is consistent with the first preset attribute configured in the flow control strategy, the flow control processing is not carried out on the access request. According to the technical scheme, the flow control white list function of the specific access request can be realized, and the flexible flow control requirement of the service gateway can be met.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the following description will briefly describe the drawings that are required to be used in the embodiments of the present disclosure or the description in the prior art, and it is apparent that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings may also be obtained according to these drawings of the embodiments of the present disclosure for those skilled in the art.
Fig. 1 is a flowchart illustrating steps of a service gateway flow control method according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating steps of the service gateway flow control method provided in the embodiment;
fig. 3 is a schematic structural diagram of a service gateway flow control device according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a service gateway flow control electronic device according to an embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the disclosure. As used in the embodiments of the present disclosure, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The term "and/or" as used in this disclosure refers to any or all possible combinations including one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in embodiments of the present disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of embodiments of the present disclosure. Depending on the context, furthermore, the word "if" used may be interpreted as "at … …" or "at … …" or "in response to a determination".
In order to make the technical solution provided in the present disclosure clearer, a Kong gateway is taken as an example, and a specific implementation process of the technology in this embodiment of the present disclosure is specifically described with reference to the accompanying drawings. The service gateway flow control method provided by the disclosure can realize the flow control white list function, and realize finer granularity and more flexible flow control on the access request of the API interface.
The Kong gateway does not have a flow control white list function, and in the embodiment, an API gateway plug-in with the flow control white list function is developed by using a plug-in development kit PDK of the LUA language based on the Kong gateway so as to achieve the aim of the invention.
Fig. 2 is a flowchart of the steps of the service gateway flow control method provided in this embodiment, including:
s201, configuring a flow control strategy Policy1 for an API interface 1 of a service 1 at an API gateway, and binding the API interface 1 with the configured flow control strategy Policy 1;
in an embodiment of the present disclosure, a basic flow control attribute and a request header attribute field are configured in Policy1 configured for API interface 1 of service 1, and one or more whitelist flow control attributes are preconfigured in a list manner in the request header attribute field. The configuration file of the flow control Policy1 is exemplified as follows:
the basic flow control attributes included in Policy1 include:
"" mine ":5": the flow control statistics period and the flow control times threshold are adopted;
"status_code":200": is a flow control response code;
"body": "Access to mux, wait a movement-! "": is flow control response information.
The cooperation of the three basic flow control attributes can be realized: every minute is a statistics period, in one statistics period, if the Access request from the same user is received for more than 5 times, the Access request is refused to be forwarded and a flow control response message is returned to the user side, wherein the error code 200 is included, and the response information contained in the body of the message is "Access to mux, wait a movement-! ".
In the above example, the request header attribute field is "items_header", in which a plurality of preconfigured whitelist flow control attributes, k1, k2 and k3 respectively, are included in a list manner in the "whitelist" attribute field, and each attribute includes two parts of a key and a value, for example, "k1" in the "k1: v1" attribute is a key and "v1" is a value.
S202, when a Kong gateway receives an access request for an API interface 1, acquiring a flow control strategy bound with the API interface 1;
s203, judging whether the API interface 1 has a bound flow control strategy; if no flow control strategy is bound, executing step S204, otherwise executing step 205;
s204, adopting a default flow control strategy or not performing flow control treatment;
s205, acquiring a flow control strategy Policy1 bound by an API interface 1, analyzing the Policy1, and acquiring a basic flow control attribute and a request header attribute;
s206, judging whether the access request carries a white list flow control attribute (a first preset attribute) and is consistent with the white list flow control attribute configured in the request header attribute in Policy1, if yes, executing a step S207, otherwise, executing a step S208;
s207, forwarding an access request to the API interface 1;
based on the configuration of Policy1, when the access request contains a request header and any one of whitelist attributes is carried in the request header, the access request is not limited by the flow control Policy. For example, when the request header of the access request carries 'k 1:v1', the Kong gateway judges that the whitelist flow control attribute 'k 1:v1' carried in the request is consistent with 'k 1:v1' in the whitelist attribute configured in the request header attribute 'items_header' of the Policy1, and the Kong gateway does not perform flow control processing on the request, thereby realizing the function of flow control whitelist.
S208, performing flow control processing on the access request based on the basic flow control attribute configured in the Policy 1.
When the access request does not carry the white list flow control attribute or is inconsistent with the flow control white list attribute configured in Policy1, the access request is subjected to flow control processing, namely the access request sent by the same user is subjected to flow control processing according to the basic flow control attribute. For example, according to the configuration of Policy1, when the Access request sent by the user sending the Access request exceeds the limit number (5 times) in the flow control statistics period (1 minute), the Access request is refused to be forwarded and the error code 200 is returned to the user side, and the response information is "Access to mux, wait a move-! ". And if the limit times are not exceeded in the flow control statistics period, forwarding the access request to the API interface 1.
In another embodiment of the present disclosure, a requestor attribute "items_body" may also be configured in Policy1, and a whitelist flow control attribute may also be configured in the requestor attribute, examples are as follows:
table 1 below is an illustration of the attributes configured in the streaming policy in this embodiment:
table 1
In this embodiment, the request header attribute and the request body attribute are configured in the flow control Policy1 at the same time, and the white list flow control attribute is configured in the request header attribute and the request body attribute, and in this embodiment, if only one of the request header and the request body of the access request carries the white list flow control attribute, and the carried white list flow control attribute is consistent with the configuration in Policy1, the flow processing is not performed on the access request. For example, when a user of the API interface 1 initiates an access request to the API interface 1 to reach the Kong gateway, the access request carries a request body, and the request carries a whitelist flow control attribute, for example, "k5:v5", and the Kong gateway determines whether the Policy1 bound by the API interface 1 is configured with the request body attribute, "item_body", and if the request body attribute is configured, and the whitelist flow control attribute carried in the access request is consistent with the whitelist flow control attribute (for example, k 5:v5) configured in the request body attribute in the Policy1, the access request is directly forwarded to the API interface 1 without performing flow processing on the access request.
If the flow control strategy is not configured with the request head attribute and the request body attribute, only the basic flow control attribute is configured, or the access request does not carry the white list flow control attribute, the flow control processing is carried out on the access request based on the basic flow control attribute configured by the Policy 1.
If the request head and/or the request body are/is included in the access request, and the request head and/or the request body carry the white list flow control attribute, but the carried white list flow control attribute is inconsistent with the white list flow attribute configured in the request head attribute or the request body attribute in the flow control Policy1, the access request is processed according to the non-carried white list flow attribute, namely, the access request is subjected to flow control processing based on the basic flow control attribute configured by the Policy 1.
In another embodiment of the present disclosure, a blacklist flow control attribute may also be configured in the request header attribute and/or the request body attribute, such as adding "blacklists" in the "items_header" attribute:
when the access request carries a blacklist flow control attribute (a second preset attribute, for example, "b1: v 2") and the carried blacklist flow control attribute is consistent with the blacklist flow control attribute configured in the request header "items_header" or "items_body" in the flow control Policy1, a preset execution action, for example, refusing to forward the access request to the API interface 1, executing special processing (for example, triggering security monitoring processing, security alarm processing), sending a refusal response message to the requester, and the like can be executed.
According to the technical scheme, the flow control function of the kong gateway is expanded, the flow control white list function of a specific access request is realized by carrying the white list flow control attribute in the access request and matching with the configuration of the flow control strategy, flexible flow control requirements are met, the related competitiveness of the product gateway can be improved, and the user experience is improved.
Fig. 3 is a schematic structural diagram of a service gateway flow control device according to an embodiment of the present disclosure, where each functional module in the device 300 may be implemented in software, hardware, or a combination of software and hardware. The apparatus 300 is applied to an application program interface API gateway, the apparatus 300 comprising:
the transceiver module 301 is configured to receive an access request for the first API interface, and feed back a flow control response message to the requester according to a flow control processing result;
a first judging module 302, configured to judge whether the first API interface has a bound flow control policy, and judge whether the access request carries a first preset attribute;
the whitelist processing module 303 is configured to forward the access request to the first API interface when the access request carries a first preset attribute and the carried first preset attribute is consistent with a first preset attribute configured in a first streaming policy;
and the flow control processing module 304 performs flow control processing on the access request based on the basic flow control attribute configured in the first flow control strategy when the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first flow control strategy.
The first flow control strategy is configured with a basic flow control attribute, a request head attribute and a request body attribute, and the request head attribute and/or the request body attribute is configured with a first preset attribute;
carrying the first preset attribute in the access request means that the first preset attribute is carried in a request head and/or a request body of the access request;
when the access request carries a first preset attribute, and the carried first preset attribute is consistent with the first preset attribute configured in the first streaming policy, it means that:
the first preset attribute carried in the request header of the access request is consistent with the first preset attribute configured in the request header attribute in the first streaming control strategy; or the first preset attribute carried in the request body of the access request is consistent with the first preset attribute configured in the request body attribute in the first streaming policy.
In one embodiment of the present disclosure, the apparatus 300 further comprises:
the second judging module is used for judging whether the access request carries a second preset attribute or not under the condition that the first API interface binds a first streaming strategy and the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first streaming strategy;
and the blacklist processing module is used for refusing to forward the access request and feeding back a refusal response message to the request sender when the access request carries a second preset attribute and the carried second preset attribute is consistent with the second preset attribute configured in the first streaming policy.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure, where the device 400 includes: a processor 410 such as a Central Processing Unit (CPU), a communication bus 420, a communication interface 440, and a storage medium 430. Wherein the processor 410 and the storage medium 430 may communicate with each other via a communication bus 420. The storage medium 430 has stored therein a computer program which, when executed by the processor 410, performs the functions of the steps of the methods provided by the present disclosure.
The storage medium may include a random access Memory (Random Access Memory, RAM) or a Non-Volatile Memory (NVM), such as at least one magnetic disk Memory. In addition, the storage medium may be at least one storage device located remotely from the processor. The processor may be a general-purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processing, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
It should be appreciated that embodiments of the present disclosure may be implemented or realized by computer hardware, a combination of hardware and software, or by computer instructions stored in non-transitory memory. The method may be implemented in a computer program using standard programming techniques, including a non-transitory storage medium configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose. Furthermore, the operations of the processes described in the present disclosure may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes (or variations and/or combinations thereof) described in this disclosure may be performed under control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications), by hardware, or combinations thereof, collectively executing on one or more processors. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable computing platform, including, but not limited to, a personal computer, mini-computer, mainframe, workstation, network or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and so forth. Aspects of the disclosure may be implemented in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optical read and/or write storage medium, RAM, ROM, etc., such that it is readable by a programmable computer, which when read by a computer, is operable to configure and operate the computer to perform the processes described herein. Further, the machine readable code, or portions thereof, may be transmitted over a wired or wireless network. When such media includes instructions or programs that, in conjunction with a microprocessor or other data processor, implement the steps described above, the invention described in this disclosure includes these and other different types of non-transitory computer-readable storage media. The present disclosure also includes the computer itself when programmed according to the methods and techniques described in this disclosure.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.
Claims (6)
1. A service gateway flow control method, characterized in that the method is applied to an application program interface API gateway, the method comprising:
when an API gateway receives an access request aiming at a first API interface, judging whether the first API interface has a bound flow control strategy or not;
when the first API interface binds a first streaming strategy, judging whether the access request carries a first preset attribute or not; the first flow control strategy is configured with basic flow control attributes and request head attributes and/or request body attributes; the request head attribute and/or the request body attribute are configured with a first preset attribute;
when a first preset attribute carried in a request header of the access request is consistent with a first preset attribute configured in a request header attribute in the first streaming control strategy; or when a first preset attribute carried in a request body of the access request is consistent with a first preset attribute configured in a request body attribute in the first streaming policy, forwarding the access request to the first API interface; the first preset attribute is a white list flow control attribute, and the consistency refers to that key value pairs in the white list flow control attribute in the first flow control strategy comprise key value pairs in the white list flow control attribute carried in the access request;
and when the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first flow control strategy, performing flow control processing on the access request based on the basic flow control attribute configured in the first flow control strategy.
2. The method according to claim 1, wherein the method further comprises:
judging whether the access request carries a second preset attribute or not under the condition that the first API interface binds a first streaming strategy and the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first streaming strategy;
and refusing to forward the access request and feeding back a refusal response message to a request sender when the access request carries a second preset attribute and the carried second preset attribute is consistent with the second preset attribute configured in the first streaming control strategy.
3. A service gateway flow control device, the device being applied to an application program interface API gateway, the device comprising:
the receiving response module is used for receiving an access request aiming at the first API interface and feeding back a flow control response message to a requester according to a flow control processing result;
the first judging module is used for judging whether the first API interface is bound with a first streaming strategy or not and judging whether the access request carries a first preset attribute or not; the first flow control strategy is configured with basic flow control attributes and request head attributes and/or request body attributes; the request head attribute and/or the request body attribute are configured with a first preset attribute;
the white list processing module is used for enabling the first preset attribute carried in the request header of the access request to be consistent with the first preset attribute configured in the request header attribute in the first streaming control strategy; or when a first preset attribute carried in a request body of the access request is consistent with a first preset attribute configured in a request body attribute in the first streaming policy, forwarding the access request to the first API interface;
and the flow control processing module is used for performing flow control processing on the access request based on the basic flow control attribute configured in the first flow control strategy when the first preset attribute is not carried in the access request or is inconsistent with the first preset attribute configured in the first flow control strategy.
4. A device according to claim 3, characterized in that the device further comprises:
the second judging module is used for judging whether the access request carries a second preset attribute or not under the condition that the first API interface binds a first streaming strategy and the access request does not carry the first preset attribute or the carried first preset attribute is inconsistent with the first preset attribute configured in the first streaming strategy;
and the blacklist processing module is used for refusing to forward the access request and feeding back a refusal response message to the request sender when the access request carries a second preset attribute and the carried second preset attribute is consistent with the second preset attribute configured in the first streaming policy.
5. An electronic device is characterized by comprising a processor, a communication interface, a storage medium and a communication bus, wherein the processor, the communication interface and the storage medium are communicated with each other through the communication bus;
a storage medium storing a computer program;
a processor for carrying out the method steps of any one of claims 1-2 when executing a computer program stored on a storage medium.
6. A storage medium having stored thereon a computer program, which when executed by a processor performs the method steps of any of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110787715.6A CN113726673B (en) | 2021-07-13 | 2021-07-13 | Service gateway flow control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110787715.6A CN113726673B (en) | 2021-07-13 | 2021-07-13 | Service gateway flow control method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113726673A CN113726673A (en) | 2021-11-30 |
| CN113726673B true CN113726673B (en) | 2023-07-18 |
Family
ID=78673156
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110787715.6A Active CN113726673B (en) | 2021-07-13 | 2021-07-13 | Service gateway flow control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726673B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244624A (en) * | 2021-12-31 | 2022-03-25 | 北京市商汤科技开发有限公司 | Flow control method and device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3107243A1 (en) * | 2010-05-25 | 2016-12-21 | Headwater Partners I LLC | Device- assisted services for protecting network capacity |
| CN109756448A (en) * | 2017-11-02 | 2019-05-14 | 广东亿迅科技有限公司 | API gateway method for managing security and its system based on micro services |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190034210A1 (en) * | 2017-07-28 | 2019-01-31 | Kong Inc. | Systems and methods for distributed api gateways |
| EP4250676A3 (en) * | 2018-03-21 | 2024-01-10 | Huawei Cloud Computing Technologies Co., Ltd. | Control method for application programming interface (api) gateway cluster, and api gateway cluster |
| CN110569638B (en) * | 2018-06-06 | 2021-08-06 | 中移(苏州)软件技术有限公司 | API authentication method and device, storage medium and computing equipment |
| CN110535777B (en) * | 2019-08-12 | 2022-07-12 | 新华三大数据技术有限公司 | Access request control method and device, electronic equipment and readable storage medium |
| CN112217738B (en) * | 2020-11-04 | 2023-08-25 | 成都中科大旗软件股份有限公司 | Flow control method, system, storage medium and terminal for travel data service |
| CN112437006B (en) * | 2020-11-20 | 2023-03-24 | 北京百度网讯科技有限公司 | Request control method and device based on API gateway, electronic equipment and storage medium |
-
2021
- 2021-07-13 CN CN202110787715.6A patent/CN113726673B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3107243A1 (en) * | 2010-05-25 | 2016-12-21 | Headwater Partners I LLC | Device- assisted services for protecting network capacity |
| CN109756448A (en) * | 2017-11-02 | 2019-05-14 | 广东亿迅科技有限公司 | API gateway method for managing security and its system based on micro services |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113726673A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11456965B2 (en) | Network service request throttling system | |
| US8918837B2 (en) | Web application container for client-level runtime control | |
| JP6132973B2 (en) | Methods and devices for updating clients | |
| US11134035B2 (en) | Method and device for securely sending message | |
| CN109743315A (en) | For Activity recognition method, apparatus, equipment and the readable storage medium storing program for executing of website | |
| US9462011B2 (en) | Determining trustworthiness of API requests based on source computer applications' responses to attack messages | |
| US10419377B2 (en) | Method and system for categorizing instant messages | |
| CN113542214B (en) | Access control method, device, equipment and machine-readable storage medium | |
| CN111464525B (en) | Session identification method, session identification device, session identification control equipment and storage medium | |
| CN104680075A (en) | Framework for fine-grain access control from high-level application permissions | |
| CN111371772A (en) | Intelligent gateway current limiting method and system based on redis and computer equipment | |
| CN113726673B (en) | Service gateway flow control method, device, equipment and storage medium | |
| CN113765818A (en) | Distributed current limiting method, device, equipment, storage medium and system | |
| CN111245732A (en) | Flow control method, device and equipment | |
| CN107079025B (en) | Apparatus, method, and computer-readable medium for networking request anonymization | |
| US8635692B2 (en) | System and method for user friendly detection of spammers | |
| CN108965108B (en) | Message pushing method and related equipment | |
| US9871873B2 (en) | Adapter for communication between web applications within a browser | |
| CN108809909B (en) | Data processing method and data processing device | |
| US9106766B2 (en) | Phone call management | |
| CN107689979B (en) | method and equipment for processing download request | |
| CN114039893A (en) | API gateway speed limiting method and device | |
| JP2015528139A5 (en) | ||
| CN108449252B (en) | Dump method and device for access log | |
| CN108111501B (en) | Control method and device for cheating flow and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |