API

Laravel API
Categories:
Tags:

Request Throttle Rate Limit

All Request Throttle

All Request can access /confirm-password route 6 times in 10 minutes

Route::post('/confirm-password', function (Request $request) {
    
})->middleware(['auth', 'throttle:6,10']);

Specific User Request Throttle

You can create the custom user throttle middleware and add the User.id to the resolveRequestSignature() method

// app/Http/Middleware/SpecificUserThrottleRequestsMiddleware.php
class SpecificUserThrottleRequestsMiddleware extends ThrottleRequests
{
    protected function resolveRequestSignature($request)
    {
        $UserModel = $request->user();

        if ($UserModel) {
            return sha1($UserModel->id . '|' . $request->fingerprint());
        }

        return parent::resolveRequestSignature($request);
    }
}

Then add the new custom user throttle middleware to the app/Http/Kernel.php

// app/Http/Kernel.php
protected $routeMiddleware = [
    // ...
    'user-throttle' => \App\Http\Middleware\SpecificUserThrottleRequestsMiddleware::class,
];

Add the custom throttle middleware user-throttle:6,10 to your route.

Then the different user request can access /confirm-password route 6 times in 10 minutes NOT all request

Route::post('/confirm-password', function (Request $request) {
    
})->middleware(['auth', 'user-throttle:6,10']);

Close The Request Throttle On The Debug Mode

You can create the custom user throttle middleware and if the app is in the debug mode then it will skip the throttle middleware

// app/Http/Middleware/SpecificUserThrottleRequestsMiddleware.php
class DebugModeThrottleRequestsMiddleware extends ThrottleRequests
{
    public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1, $prefix = '')
    {
        if(config('app.debug')){
            // If in the debug mode, then it will skip the throttle middleware
            return $next($request);
        }

        return parent::handle($request, $next, $maxAttempts, $decayMinutes, $prefix);
    }
}

Then add the new custom debug throttle middleware to the app/Http/Kernel.php

// app/Http/Kernel.php
protected $routeMiddleware = [
    // ...
    'debug-throttle' => \App\Http\Middleware\DebugModeThrottleRequestsMiddleware::class,
];

Add the custom throttle middleware debug-throttle:6,10 to your route.

Then all request can access /confirm-password route 6 times in 10 minutes but NOT in the debug mode.

Route::post('/confirm-password', function (Request $request) {
    
})->middleware(['auth', 'debug-throttle:6,10']);

Reference