51 lines
1.3 KiB
PHP
51 lines
1.3 KiB
PHP
|
|
<?php
|
||
|
|
|
||
|
|
namespace App\Providers;
|
||
|
|
|
||
|
|
use Illuminate\Cache\RateLimiting\Limit;
|
||
|
|
use Illuminate\Http\Request;
|
||
|
|
use Illuminate\Support\Facades\RateLimiter;
|
||
|
|
use Illuminate\Support\ServiceProvider;
|
||
|
|
|
||
|
|
class AppServiceProvider extends ServiceProvider
|
||
|
|
{
|
||
|
|
/**
|
||
|
|
* Register any application services.
|
||
|
|
*/
|
||
|
|
public function register(): void
|
||
|
|
{
|
||
|
|
//
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Bootstrap any application services.
|
||
|
|
*/
|
||
|
|
public function boot(): void
|
||
|
|
{
|
||
|
|
$this->configureRateLimiting();
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Configure the rate limiters for the application.
|
||
|
|
*/
|
||
|
|
protected function configureRateLimiting(): void
|
||
|
|
{
|
||
|
|
// Default API rate limiter - 60 requests per minute
|
||
|
|
RateLimiter::for('api', function (Request $request) {
|
||
|
|
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
|
||
|
|
});
|
||
|
|
|
||
|
|
// Auth endpoints - more restrictive (prevent brute force)
|
||
|
|
RateLimiter::for('auth', function (Request $request) {
|
||
|
|
return Limit::perMinute(5)->by($request->ip());
|
||
|
|
});
|
||
|
|
|
||
|
|
// Authenticated user requests - higher limit
|
||
|
|
RateLimiter::for('authenticated', function (Request $request) {
|
||
|
|
return $request->user()
|
||
|
|
? Limit::perMinute(120)->by($request->user()->id)
|
||
|
|
: Limit::perMinute(60)->by($request->ip());
|
||
|
|
});
|
||
|
|
}
|
||
|
|
}
|