Extended rate limiting functionality within the RouteServiceProvider to limit the login requests. Now the application limits the number of requests both per IP address and per email. This will drastically improve security by minimizing automated spam and brute-force attack attempts.

This commit is contained in:
Leonid Nikitin 2023-07-06 10:50:15 +06:00
parent f481ee765d
commit 5d61ab425e
Signed by: kor-elf
GPG Key ID: 7DE8F80C5CEC2C0D

View File

@ -42,7 +42,13 @@ class RouteServiceProvider extends ServiceProvider
protected function configureRateLimiting(): void
{
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
return Limit::perMinute(60)->by($request->user()?->id ?: $request->getClientIp());
});
RateLimiter::for('login', function (Request $request) {
return [
Limit::perHour(config('rate_limiting.login_max_request', 50))->by($request->getClientIp()),
Limit::perHour(config('rate_limiting.login_max_email_request', 10))->by($request->getClientIp() . '-' . $request->input('email')),
];
});
}
}