Extended rate limiting functionality within the RouteServiceProvider to limit the login requests. Now the application limits the number of requests both per IP address and per email. This will drastically improve security by minimizing automated spam and brute-force attack attempts.

2023-07-06 10:50:15 +06:00 · 2023-07-06 10:50:15 +06:00 · 5d61ab425e
commit 5d61ab425e
parent f481ee765d
1 changed files with 7 additions and 1 deletions
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@ -42,7 +42,13 @@ class RouteServiceProvider extends ServiceProvider
    protected function configureRateLimiting(): void
    {
        RateLimiter::for('api', function (Request $request) {
-            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
+            return Limit::perMinute(60)->by($request->user()?->id ?: $request->getClientIp());
+        });
+        RateLimiter::for('login', function (Request $request) {
+            return [
+                Limit::perHour(config('rate_limiting.login_max_request', 50))->by($request->getClientIp()),
+                Limit::perHour(config('rate_limiting.login_max_email_request', 10))->by($request->getClientIp() . '-' . $request->input('email')),
+            ];
        });
    }
 }