java中可以使用token来进行拦截重复提交问题,
nodejs中是否有相关的插件或者module来解决这个安全问题。。
理论上来说,越简单越好。。。队列什么的,唉。。
参考cnode中《node.js 在服务器端避免重复提交有没有什么好办法吗?》
伊谢尔伦2017-04-17 13:26:58
The simplest way is to set restrictions on the client side. No other request can be initiated until the last request does not respond.
There are many methods on the server side,
It is easiest to prevent duplicate data writing at the database level
Use some RateLimit to define how many times the same operation cannot exceed a specified time. If you are using Express, you can use this https://github.com/nfriedly/express-rate-limit
As you mentioned using queue writing
You need to apply for a token for each submission, and each token can only be used once
PHP中文网2017-04-17 13:26:58
@KaiChen: 3Q 4 U answer ~~
I implemented it using express-rate-limit,
Without rewriting this module (hereinafter referred to as rl), there will be several problems:
First of all, look at the source code. rl stores req.ip in a global variable. When using nginx as a reverse proxy, all req.ip will point to the nginx proxy IP address, so this rl is in Duplication of IP addresses should appear in production
Secondly, there is the logical problem of max limiting the number of times. When max is set to be greater than 1, the more times, the longer the delay time of the request. A solution is to set [delayMs:0]
The most important thing is that its returned message only supports string type, "first argument must be a string or Buffer". In the return of res, most of us use res.json, pure string data You need to use regular matching to determine whether it is a successful request.