hanghae-skillup · soonhankwon · Feb 12, 2025 · Feb 6, 2025 · Feb 6, 2025 · Feb 6, 2025
diff --git a/module-app/src/main/java/module/config/AppRedisConfig.java b/module-app/src/main/java/module/config/AppRedisConfig.java
@@ -0,0 +1,24 @@
+package module.config;
+
+import org.redisson.Redisson;
+import org.redisson.api.RedissonClient;
+import org.redisson.config.Config;
+import org.redisson.spring.data.connection.RedissonConnectionFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
+
+@Configuration
+public class AppRedisConfig {
+
+	@Bean
+	StringRedisTemplate stringRedisTemplate( RedisConnectionFactory connectionFactory) {
+		return new StringRedisTemplate(connectionFactory);
+	}
+
+}
diff --git a/module-app/src/main/java/module/config/ratelimit/RateLimitWith.java b/module-app/src/main/java/module/config/ratelimit/RateLimitWith.java
@@ -0,0 +1,16 @@
+package module.config.ratelimit;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import module.config.ratelimit.limiters.RateLimiter;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface RateLimitWith {
+	Class<? extends RateLimiter> rateLimiter();
+	boolean postProcess() default false;
+	boolean preProcess() default true;
+}
diff --git a/module-app/src/main/java/module/config/ratelimit/RateLimiterAop.java b/module-app/src/main/java/module/config/ratelimit/RateLimiterAop.java
@@ -0,0 +1,56 @@
+package module.config.ratelimit;
+
+import java.lang.reflect.Method;
+
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.util.ContentCachingRequestWrapper;
+import org.springframework.web.util.ContentCachingResponseWrapper;
+
+import lombok.RequiredArgsConstructor;
+import module.config.ratelimit.limiters.RateLimiter;
+import module.config.ratelimit.limiters.RateLimiterFactory;
+
+@Aspect
+@Component
+@RequiredArgsConstructor
+public class RateLimiterAop {
+
+	private final RateLimiterFactory rateLimiterFactory;
+
+	@Around("@annotation(module.config.ratelimit.RateLimitWith)")
+	public Object rateLimiter(final ProceedingJoinPoint joinPoint) throws Throwable {
+		MethodSignature signature = (MethodSignature)joinPoint.getSignature();
+		Method method = signature.getMethod();
+
+		// 설정된 RateLimiter 조회
+		RateLimitWith rateLimitWith = method.getAnnotation(RateLimitWith.class);
+
+		// HttpServletRequest 조회 및 캐싱
+		ServletRequestAttributes attributes =
+			(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+		ContentCachingRequestWrapper wrappedRequest = new ContentCachingRequestWrapper(attributes.getRequest());
+
+		RateLimiter rateLimiter = rateLimiterFactory.getRateLimiter(rateLimitWith.rateLimiter());
+
+		if(rateLimitWith.preProcess()){
+			if(!rateLimiter.preCheck(joinPoint.getArgs(), wrappedRequest)){
+				return false;
+			}
+		}
+
+		Object result = joinPoint.proceed();
+
+		ContentCachingResponseWrapper wrappedResponse = new ContentCachingResponseWrapper(attributes.getResponse());
+		if(rateLimitWith.postProcess()){
+			rateLimiter.postCheck(joinPoint.getArgs(), wrappedResponse);
+		}
+
+		return result;
+	}
+}
diff --git a/module-app/src/main/java/module/config/ratelimit/limiters/RateLimiter.java b/module-app/src/main/java/module/config/ratelimit/limiters/RateLimiter.java
@@ -0,0 +1,9 @@
+package module.config.ratelimit.limiters;
+
+import org.springframework.web.util.ContentCachingRequestWrapper;
+import org.springframework.web.util.ContentCachingResponseWrapper;
+
+public interface RateLimiter {
+	boolean preCheck(Object[] args, ContentCachingRequestWrapper request);
+	default void postCheck(Object[] args, ContentCachingResponseWrapper response){}
+}
diff --git a/module-app/src/main/java/module/config/ratelimit/limiters/RateLimiterFactory.java b/module-app/src/main/java/module/config/ratelimit/limiters/RateLimiterFactory.java
@@ -0,0 +1,18 @@
+package module.config.ratelimit.limiters;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.stereotype.Component;
+
+import lombok.RequiredArgsConstructor;
+
+@Component
+@RequiredArgsConstructor
+public class RateLimiterFactory {
+
+	private final ApplicationContext applicationContext;
+
+	public RateLimiter getRateLimiter(Class<? extends RateLimiter> T){
+		return applicationContext.getBean(T);
+	}
+
+}
diff --git a/module-app/src/main/java/module/config/ratelimit/limiters/ShowingSearchRateLimiter.java b/module-app/src/main/java/module/config/ratelimit/limiters/ShowingSearchRateLimiter.java
@@ -0,0 +1,72 @@
+package module.config.ratelimit.limiters;
+
+import java.util.Collections;
+
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.data.redis.core.script.DefaultRedisScript;
+import org.springframework.stereotype.Component;
+import org.springframework.web.util.ContentCachingRequestWrapper;
+
+import exception.showing.TooManyRequestException;
+import lombok.RequiredArgsConstructor;
+
+@Component
+@RequiredArgsConstructor
+public class ShowingSearchRateLimiter implements module.config.ratelimit.limiters.RateLimiter {
+
+	private static final String LIMIT_PER_SECOND = "2";
+	private static final String LIMIT_PER_MINUTE = "50";
+	private static final DefaultRedisScript<Boolean> LUA_SCRIPT = new DefaultRedisScript(
+		"""
+			local prefix = KEYS[1]
+			local ip = ARGV[1]
+			local LIMIT_PER_SECOND = tonumber(ARGV[2])
+			local LIMIT_PER_MINUTE = tonumber(ARGV[3])
+
+			local blocked_ip_key = prefix .. ':BlockedIp:' .. ip
+			local request_counter_key = prefix .. ':PerMinuteRequestCounter:' .. ip
+			local per_second_counter_key = prefix .. ':PerSecondRequestCounter:' .. ip
+
+			if redis.call('EXISTS', blocked_ip_key) == 1 then 
+				return false 
+			end
+
+			local per_second_count = redis.call('INCR', per_second_counter_key)
+			if per_second_count == 1 then 
+				redis.call('EXPIRE', per_second_counter_key, 1) end
+			if per_second_count > LIMIT_PER_SECOND then
+				return false 
+			end
+
+			local current_count = redis.call('INCR', request_counter_key)
+			if current_count == 1 then 
+				redis.call('EXPIRE', request_counter_key, 60) 
+			end
+			if current_count > LIMIT_PER_MINUTE then
+			   redis.call('SET', blocked_ip_key, 1)
+			   redis.call('EXPIRE', blocked_ip_key, 3600)
+			   return false
+			end
+
+			return true
+		""", Boolean.class);
+
+	private final StringRedisTemplate redisTemplate;
+	private final String KEY_PREFIX = "hanghaeho:showingSearch";
+
+	@Override
+	public boolean preCheck(Object[] args, ContentCachingRequestWrapper request){
+		String ip = request.getRemoteAddr();
+		boolean isAllowed = Boolean.TRUE.equals(redisTemplate.execute(
+			LUA_SCRIPT,
+			Collections.singletonList(KEY_PREFIX),
+			ip, LIMIT_PER_SECOND, LIMIT_PER_MINUTE
+		));
+
+		if(!isAllowed){
+			throw new TooManyRequestException();
+		}
+
+		return true;
+	}
+}
diff --git a/module-app/src/main/java/module/config/ratelimit/limiters/TicketReservationRateLimiter.java b/module-app/src/main/java/module/config/ratelimit/limiters/TicketReservationRateLimiter.java
@@ -0,0 +1,70 @@
+package module.config.ratelimit.limiters;
+
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.web.util.ContentCachingRequestWrapper;
+import org.springframework.web.util.ContentCachingResponseWrapper;
+
+import dto.ticket.TicketReservationRequest;
+import exception.ticket.NoReservationInfoException;
+import exception.ticket.TwoManyReservationRequestException;
+import lombok.RequiredArgsConstructor;
+
+@Component
+@RequiredArgsConstructor
+public class TicketReservationRateLimiter implements RateLimiter {
+
+	private final String KEY_PREFIX = "hanghaeho:ticket_reservation_complete:";
+	private final RedisTemplate<String, String> redisTemplate;
+
+	@Override
+	public boolean preCheck(Object[] args, ContentCachingRequestWrapper request) {
+		TicketReservationRequest ticketReservationRequest = getTicketReservationRequest(args);
+		Long showingId = ticketReservationRequest.getShowingId();
+		String username = ticketReservationRequest.getUsername();
+
+		if(isBlocked(username,showingId)){
+			throw new TwoManyReservationRequestException();
+		} else {
+			return true;
+		}
+	}
+
+	@Override
+	public void postCheck(Object[] args, ContentCachingResponseWrapper response) {
+		if(response.getStatus() != HttpStatus.OK.value()){
+			return;
+		}
+
+		TicketReservationRequest ticketReservationRequest = getTicketReservationRequest(args);
+
+		Long showingId = ticketReservationRequest.getShowingId();
+		String username = ticketReservationRequest.getUsername();
+
+		addBlock(username, showingId);
+	}
+
+	public boolean isBlocked(String user, Long showingId) {
+		String key = keyFormatter(user, showingId);
+		return redisTemplate.opsForValue().get(key) != null;
+	}
+
+	public void addBlock(String username, Long showingId) {
+		String key = keyFormatter(username, showingId);
+		redisTemplate.opsForValue().set(key, "complete", 300000);
+	}
+
+	public TicketReservationRequest getTicketReservationRequest(Object[] args){
+		for(Object o : args){
+			if(o instanceof TicketReservationRequest){
+				return (TicketReservationRequest) o;
+			}
+		}
+		throw new NoReservationInfoException();
+	}
+
+	public String keyFormatter(String username, Long showingId){
+		return KEY_PREFIX + username + ":" + showingId;
+	}
+}
diff --git a/module-app/src/main/java/module/controller/ShowingController.java b/module-app/src/main/java/module/controller/ShowingController.java
@@ -14,6 +14,8 @@
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Size;
 import lombok.RequiredArgsConstructor;
+import module.config.ratelimit.limiters.ShowingSearchRateLimiter;
+import module.config.ratelimit.RateLimitWith;
 import module.service.showing.ShowingService;
 
 @RestController
@@ -24,6 +26,7 @@ public class ShowingController {
 	private final ShowingService showingService;
 
 	@GetMapping("/all")
+	@RateLimitWith(rateLimiter = ShowingSearchRateLimiter.class)
 	public ResponseEntity<List<MovieShowingResponse>> getTodayShowing(
 		@Valid @Size(max = 10, message = "제목 최대 길이는 255자 이내 입니다.")
 		@Nullable @RequestParam String title,

diff --git a/module-app/src/main/java/module/controller/TicketController.java b/module-app/src/main/java/module/controller/TicketController.java
@@ -17,6 +17,8 @@
 import jakarta.validation.constraints.Pattern;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import module.config.ratelimit.RateLimitWith;
+import module.config.ratelimit.limiters.TicketReservationRateLimiter;
 import module.service.ticket.TicketService;
 
 @Slf4j
@@ -43,12 +45,13 @@ public ResponseEntity<List<TicketResponse>> getUserTicket(
 	}
 
 	@PostMapping(value = "/reservation")
+	@RateLimitWith(rateLimiter = TicketReservationRateLimiter.class, postProcess = true)
 	public ResponseEntity<String> reservation(
 		@RequestBody TicketReservationRequest request
 	) {
 		Long showingId = request.getShowingId();
 		String username = request.getUsername();
 		List<TicketDTO> ticketList = request.getTicketList();
-		return ResponseEntity.ok(ticketService.reservationWithFunctional(showingId, username, ticketList));
+		return ResponseEntity.ok(ticketService.reservation(showingId, username, ticketList));
 	}
 }
diff --git a/module-app/src/main/java/module/exception/ControllerAdvice.java b/module-app/src/main/java/module/exception/ControllerAdvice.java
@@ -9,11 +9,13 @@
 
 import exception.common.TryLockFailedException;
 import exception.showing.ShowingNotFoundException;
+import exception.showing.TooManyRequestException;
 import exception.ticket.InvalidAgeForMovieException;
 import exception.ticket.InvalidSeatConditionException;
 import exception.ticket.InvalidTicketException;
 import exception.ticket.NotOnSaleTicketException;
 import exception.ticket.TooManyReservationException;
+import exception.ticket.TwoManyReservationRequestException;
 import exception.user.UserNotFoundException;
 import lombok.extern.slf4j.Slf4j;
 
@@ -83,4 +85,18 @@ protected ResponseEntity<String> tryLockFailedException(TryLockFailedException e
 		return ResponseEntity.status(HttpStatus.NO_CONTENT)
 			.body(e.getMessage());
 	}
+
+	@ExceptionHandler(TooManyRequestException.class)
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	protected ResponseEntity<String> tooManyRequestException(TooManyRequestException e){
+		return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+			.body(e.getMessage());
+	}
+
+	@ExceptionHandler(TwoManyReservationRequestException.class)
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	protected ResponseEntity<String> tooManyReservationRequestException(TwoManyReservationRequestException e){
+		return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+			.body(e.getMessage());
+	}
 }