登录接口防刷，登录频繁限制

application/api/controller/User.php

@@ -39,6 +39,15 @@ class User extends Api
         if (!Validate::regex($mobile, "^1\d{10}$")) {
             $this->error(__('Mobile is incorrect'));
         }
+
+        if(!$this->apiLimit(60,10,request()->ip())){
+            $this->error('当前登录人数过多，请稍后再试');
+        };
+        if(!$this->apiLimit(3600,10,$mobile)){
+            $this->error('您的手机号登录频繁，请稍后再试');
+        };
+
+
         if (!Sms::check($mobile, $captcha, 'mobilelogin')) {
             $this->error(__('Captcha is incorrect'));
         }

application/common/controller/Api.php

@@ -369,12 +369,12 @@ class Api
 
     /**
      * 接口请求限制
-     * @param int $apiLimit
      * @param int $apiLimitTime 单位:秒（s）
+     * @param int $apiLimit
      * @param string $key
      * @return bool | true:通过 false:拒绝
      */
-    public function apiLimit($apiLimit = 1, $apiLimitTime = 1, $key = '')
+    public function apiLimit($apiLimitTime = 1,$apiLimit = 1, $key = '')
     {
         $userId = $this->auth->id;
         $controller = request()->controller();
@@ -382,9 +382,11 @@ class Api
 
         if (!$key) {
             $key = strtolower($controller) . '_' . strtolower($action) . '_' . $userId;
+        }else{
+            $key = strtolower($controller) . '_' . strtolower($action) . '_' . $key;
         }
 
-        if (!RedisUtil::getInstance($key)->tryTimes(intval($apiLimit),intval($apiLimitTime))){
+        if (!RedisUtil::getInstance($key)->tryTimes(intval($apiLimitTime),intval($apiLimit))){
             return false;
         }
         return true;