From 5d61ab425e9da291388e0abf61d1ff07165111d3 Mon Sep 17 00:00:00 2001
From: Leonid Nikitin <i@kor-elf.net>
Date: Thu, 6 Jul 2023 10:50:15 +0600
Subject: [PATCH] Extended rate limiting functionality within the
 RouteServiceProvider to limit the login requests. Now the application limits
 the number of requests both per IP address and per email. This will
 drastically improve security by minimizing automated spam and brute-force
 attack attempts.

---
 app/Providers/RouteServiceProvider.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index 63b9098..f953b4c 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -42,7 +42,13 @@ class RouteServiceProvider extends ServiceProvider
     protected function configureRateLimiting(): void
     {
         RateLimiter::for('api', function (Request $request) {
-            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
+            return Limit::perMinute(60)->by($request->user()?->id ?: $request->getClientIp());
+        });
+        RateLimiter::for('login', function (Request $request) {
+            return [
+                Limit::perHour(config('rate_limiting.login_max_request', 50))->by($request->getClientIp()),
+                Limit::perHour(config('rate_limiting.login_max_email_request', 10))->by($request->getClientIp() . '-' . $request->input('email')),
+            ];
         });
     }
 }