add a code comment

Author: hellokaton

blade-security/src/main/java/com/hellokaton/blade/security/csrf/CsrfMiddleware.java

@@ -80,7 +80,7 @@ public boolean before(RouteContext context) {
             if (null != csrfOptions.getErrorHandler()) {
                 return csrfOptions.getErrorHandler().apply(context);
             } else {
-                context.badRequest().text("CSRF token mismatch.");
+                context.badRequest().text("CSRF token mismatch :(");
                 return false;
             }
         }

blade-security/src/main/java/com/hellokaton/blade/security/csrf/CsrfOptions.java

@@ -12,9 +12,9 @@
 import java.util.function.Function;
 
 /**
- * Csrf config
+ * Csrf Options
  * <p>
- * Created by hellokaton on 11/07/2017.
+ * Created by hellokaton on 2022/5/5
  */
 @Getter
 @Setter
@@ -24,28 +24,69 @@ public class CsrfOptions {
             Arrays.asList(HttpMethod.POST, HttpMethod.PUT, HttpMethod.DELETE)
     );
 
+    /**
+     * Enable csrf, default is enabled by default.
+     * <p>
+     * after this function is disabled, the middleware does not take effect.
+     */
     private boolean enabled = true;
+
+    /**
+     * The attribute name that puts csrf_token into the request context.
+     * <p>
+     * you can get this value from the template engine.
+     */
     private String attrKeyName = "_csrf_token";
+
+    /**
+     * The header name that carries the token in the request header.
+     */
     private String headerKeyName = "X-CSRF-TOKEN";
+
+    /**
+     * The form input name that carries the token in the request.
+     */
     private String formKeyName = "_csrf_token";
+
+    /**
+     * To generate a token key, change the value.
+     * <p>
+     * the token is generated in JWT mode.
+     */
     private String secret = "UXOwbPd+P0u8YyBkQbuyXiv7UVc1JmMS061HUuaDRms=";
 
-    private Set<String> urlExclusions = new HashSet<>();
+    /**
+     * A list of urls to exclude, which will not be limited by the frequency of requests.
+     * <p>
+     * for example:
+     * <p>
+     * /notify/**
+     * /upload/**
+     * /admin/roles/**
+     */
+    private Set<String> excludeURLs;
+
+    /**
+     * For the following set of request methods, tokens will need to be validated.
+     */
     private Set<HttpMethod> verifyMethods = DEFAULT_VERIFY_METHODS;
 
+    /**
+     * The processor that triggers the request frequency limit will, by default, prompt you for CSRF token mismatch.
+     */
     private Function<RouteContext, Boolean> errorHandler;
 
     public static CsrfOptions create() {
         return new CsrfOptions();
     }
 
     public CsrfOptions exclusion(@NonNull String... urls) {
-        this.urlExclusions.addAll(Arrays.asList(urls));
+        this.excludeURLs.addAll(Arrays.asList(urls));
         return this;
     }
 
     public boolean isExclusion(@NonNull String url) {
-        for (String excludeURL : this.urlExclusions) {
+        for (String excludeURL : this.excludeURLs) {
             if (url.equals(excludeURL)) {
                 return true;
             }

blade-security/src/main/java/com/hellokaton/blade/security/limit/LimitOptions.java

@@ -6,20 +6,56 @@
 import lombok.Setter;
 
 import java.util.Set;
-import java.util.function.Consumer;
 import java.util.function.Function;
 
 @Getter
 @Setter
 public class LimitOptions {
 
+    /**
+     * Enable request frequency limit, default is enabled by default.
+     * <p>
+     * after this function is disabled, the middleware does not take effect.
+     */
     private boolean enabled = true;
+
+    /**
+     * To determine the uniqueness of a Request, pass in a Request object.
+     * <p>
+     * The default is the md5(remote_host+request_uri+request_method)
+     */
     private Function<Request, String> keyFunc;
+
+    /**
+     * The processor that triggers the request frequency limit will, by default, prompt you for too many requests
+     */
     private Function<RouteContext, Boolean> limitHandler;
+
+    /**
+     * Use expressions to control request frequency.
+     * <p>
+     * for example:
+     * <p>
+     * 5/s         allow 5 requests per second
+     * 5/1s        allow 5 requests per second
+     * 5/1m        allow 60 requests per minute
+     * 5/3s/warmup allow 5 requests in 3 seconds.
+     * after startup, there is a warm-up period to gradually increase the distribution frequency to the configured rate.
+     */
     private String expression = "5/s";
+
+    /**
+     * A list of urls to exclude, which will not be limited by the frequency of requests.
+     * <p>
+     * for example:
+     * <p>
+     * /notify/**
+     * /upload/**
+     * /admin/roles/**
+     */
     private Set<String> excludeURLs;
 
-    public static LimitOptions create(){
+    public static LimitOptions create() {
         return new LimitOptions();
     }