Extended rate limiting functionality within the RouteServiceProvider to limit the login requests. Now the application limits the number of requests both per IP address and per email. This will drastically improve security by minimizing automated spam and brute-force attack attempts.
This commit is contained in:
parent
f481ee765d
commit
5d61ab425e
@ -42,7 +42,13 @@ class RouteServiceProvider extends ServiceProvider
|
||||
protected function configureRateLimiting(): void
|
||||
{
|
||||
RateLimiter::for('api', function (Request $request) {
|
||||
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
|
||||
return Limit::perMinute(60)->by($request->user()?->id ?: $request->getClientIp());
|
||||
});
|
||||
RateLimiter::for('login', function (Request $request) {
|
||||
return [
|
||||
Limit::perHour(config('rate_limiting.login_max_request', 50))->by($request->getClientIp()),
|
||||
Limit::perHour(config('rate_limiting.login_max_email_request', 10))->by($request->getClientIp() . '-' . $request->input('email')),
|
||||
];
|
||||
});
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user