Spring Boot + Redis로 요청 제한 (테스트 영상 & 소스 코드 포함)

Redis를 활용해 아이피 기반 요청제한 기능 구현(짧고 간단한 영상)

역시나 레디스 공부한 것 까먹기 싫어 기록으로 남긴다.

동영상

소스

application.yml

server:
  port: 9090
  servlet:
    context-path: /
    encoding:
      charset: UTF-8
      enabled: true
      force: true

spring:
  cache:
    type: redis
  devtools:
    livereload.enabled: true
    restart.enabled: true
  datasource:
    driver-class-name: net.sf.log4jdbc.sql.jdbcapi.DriverSpy
    url: jdbc:log4jdbc:mysql://localhost:3309/db명
    hikari:
      username: 사용자
      password: 비밀번호
      connectionTimeout: 10000
      maximum-pool-size: 15
      max-lifetime: 600000
      readOnly: false
      connection-test-query: SELECT 1
  jpa:
    hibernate:
      ddl-auto: update #create update none
      naming:
        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
    show-sql: true
# Redis 설정 추가
data:
  redis:
    host: localhost   # Redis 서버 주소
    port: 6379        # Redis 포트
    password:         # (필요하면 비밀번호 추가)
    timeout: 6000     # 연결 타임아웃 (ms)
    lettuce:
      pool:
        max-active: 8  # 최대 활성 연결 수
        max-idle: 8    # 최대 유휴 연결 수
        min-idle: 0    # 최소 유휴 연결 수
        max-wait: -1   # 최대 대기 시간 (무제한)

build.gradle

plugins {
    id 'java'
    id 'org.springframework.boot' version '3.3.9'
    id 'io.spring.dependency-management' version '1.1.7'
}

group = 'com.lsy'
version = '0.0.1-SNAPSHOT'

java {
    toolchain {
        languageVersion = JavaLanguageVersion.of(21)
    }
}

configurations {
    compileOnly {
        extendsFrom annotationProcessor
    }
}

repositories {
    mavenCentral()
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    // Logging
    implementation 'org.bgee.log4jdbc-log4j2:log4jdbc-log4j2-jdbc4.1:1.16'
    // swagger
    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'
    // redis
    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
    compileOnly 'org.projectlombok:lombok'
    developmentOnly 'org.springframework.boot:spring-boot-devtools'
    runtimeOnly 'com.mysql:mysql-connector-j'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
}

tasks.named('test') {
    useJUnitPlatform()
}

RedisConfig

package com.lsy.requestlimittest1.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;

@Configuration
@EnableCaching
public class RedisConfig {

    @Value("${data.redis.host}")
    private String host;
    @Value("${data.redis.port}")
    private int port;

    @Bean
    public RedisConnectionFactory redisConnectionFactory() {
        return new LettuceConnectionFactory(host, port);
    }

    @Bean
    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
        RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
        redisTemplate.setConnectionFactory(redisConnectionFactory);

        redisTemplate.setKeySerializer(new StringRedisSerializer());
        redisTemplate.setValueSerializer(new GenericJackson2JsonRedisSerializer());

        redisTemplate.setHashKeySerializer(new StringRedisSerializer());
        redisTemplate.setHashValueSerializer(new GenericJackson2JsonRedisSerializer());

        return redisTemplate;
    }
}

Filter

package com.lsy.requestlimittest1.config.filter;

import com.lsy.requestlimittest1.service.LimitService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

import java.io.IOException;

@Component
@RequiredArgsConstructor
@Slf4j
public class LimitFilter extends GenericFilterBean {

    private final LimitService service;

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String clientIp = httpRequest.getRemoteAddr();
        //isAllow()의 값이 false인 경우엔 429 Too Manny Request를 반환
        if(!service.isAllowed(clientIp)) {
            HttpServletResponse httpResponse = (HttpServletResponse) response;
            httpResponse.setStatus(429);
            httpResponse.getWriter().write("Too Many Requests!!!!!");
            return;
        }
        //isAllow()가 true인 경우 다음 흐름으로 넘김
        chain.doFilter(request, response);
    }
}

controller

package com.lsy.requestlimittest1.controller;

import com.lsy.requestlimittest1.service.LimitService;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api")
@RequiredArgsConstructor
@Slf4j
public class LimitController {

    private final LimitService service;

    @GetMapping("/hello")
    public String hello() {
        return "Hello, World!";
    }
}

service

package com.lsy.requestlimittest1.service;

import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Service;

import java.time.Duration;

@Service
@RequiredArgsConstructor
@Slf4j
public class LimitService {

    private final StringRedisTemplate redisTemplate;
    private static final int LIMIT = 30;           // 최대 요청 횟수
    private static final int WINDOW_SECONDS = 120; // 제한 시간 (초)

    public boolean isAllowed(String clientIp) {
        String key = "rate_limit:" + clientIp;
        Long currentCount = redisTemplate.opsForValue().increment(key);

        log.info("isAllowed Request~~~~");

        if (currentCount == 1) {
            Long hasTTL = redisTemplate.getExpire(key);
            if (hasTTL == null || hasTTL < 0) {
                redisTemplate.expire(key, Duration.ofSeconds(WINDOW_SECONDS));
            }
        }
        return currentCount <= LIMIT;
    }
}

동영상에 잘못된 코드가 있어서 정정한다.

동영상에서는 아래 코드를 blooean타입으로 받아 사용했는데 잘못되었다.

Long hasTTL = redisTemplate.getExpire(key);

getExpire()의 반환타입은 Long이라서 Long으로 받아야 한다.

---

개인 스터디 기록을 메모하는 공간이라 틀린점이 있을 수 있습니다.

틀린 점 있을 경우 댓글 부탁드립니다.

Spring Boot + Redis로 세션 공유하기 (테스트 영상 & 소스 코드 포함)

Spring Boot + Redis 캐싱 구현하기 (테스트 영상 & 소스 코드 포함)

Spring Boot + Redis로 실시간 랭킹 구현 (테스트 영상 & 소스 코드 포함)