Extended rate limiting functionality within the RouteServiceProvider to limit the login requests. Now the application limits the number of requests both per IP address and per email. This will drastically improve security by minimizing automated spam and brute-force attack attempts.

2023-07-06 10:50:15 +06:00
parent f481ee765d
commit 5d61ab425e
1 changed files with 7 additions and 1 deletions
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -42,7 +42,13 @@ class RouteServiceProvider extends ServiceProvider
    protected function configureRateLimiting(): void
    {
        RateLimiter::for('api', function (Request $request) {
-            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
+            return Limit::perMinute(60)->by($request->user()?->id ?: $request->getClientIp());
+        });
+        RateLimiter::for('login', function (Request $request) {
+            return [
+                Limit::perHour(config('rate_limiting.login_max_request', 50))->by($request->getClientIp()),
+                Limit::perHour(config('rate_limiting.login_max_email_request', 10))->by($request->getClientIp() . '-' . $request->input('email')),
+            ];
        });
    }
 }