From e95a532da958bcf654dafcdff403a2b423426423 Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Thu, 2 Jul 2020 21:11:16 -0700
Subject: [PATCH] Make rate limit configurable; closes #1695

---
 app/Http/Kernel.php                    |  2 --
 app/Providers/RouteServiceProvider.php | 10 ++++++++--
 config/http.php                        | 21 +++++++++++++++++++++
 config/pterodactyl.php                 |  4 +++-
 4 files changed, 32 insertions(+), 5 deletions(-)
 create mode 100644 config/http.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 994fc0824..fa4f8a38c 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -69,7 +69,6 @@ class Kernel extends HttpKernel
             RequireTwoFactorAuthentication::class,
         ],
         'api' => [
-            'throttle:240,1',
             IsValidJson::class,
             ApiSubstituteBindings::class,
             SetSessionDriver::class,
@@ -78,7 +77,6 @@ class Kernel extends HttpKernel
             AuthenticateIPAccess::class,
         ],
         'client-api' => [
-            'throttle:240,1',
             StartSession::class,
             SetSessionDriver::class,
             AuthenticateSession::class,
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index e6cb8b169..0ea33b5da 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -38,11 +38,17 @@ class RouteServiceProvider extends ServiceProvider
             ->namespace($this->namespace . '\Server')
             ->group(base_path('routes/server.php'));
 
-        Route::middleware(['api'])->prefix('/api/application')
+        Route::middleware([
+            sprintf('throttle:%s,%s', config('http.rate_limit.application'), config('http.rate_limit.application_period')),
+            'api',
+        ])->prefix('/api/application')
             ->namespace($this->namespace . '\Api\Application')
             ->group(base_path('routes/api-application.php'));
 
-        Route::middleware(['client-api'])->prefix('/api/client')
+        Route::middleware([
+            sprintf('throttle:%s,%s', config('http.rate_limit.client'), config('http.rate_limit.client_period')),
+            'client-api',
+        ])->prefix('/api/client')
             ->namespace($this->namespace . '\Api\Client')
             ->group(base_path('routes/api-client.php'));
 
diff --git a/config/http.php b/config/http.php
new file mode 100644
index 000000000..b39845239
--- /dev/null
+++ b/config/http.php
@@ -0,0 +1,21 @@
+<?php
+
+return [
+    /*
+    |--------------------------------------------------------------------------
+    | API Rate Limits
+    |--------------------------------------------------------------------------
+    |
+    | Defines the rate limit for the number of requests per minute that can be
+    | executed against both the client and internal (application) APIs over the
+    | defined period (by default, 1 minute).
+    |
+    */
+    'rate_limit' => [
+        'client_period' => 1,
+        'client' => env('APP_API_CLIENT_RATELIMIT', 240),
+
+        'application_period' => 1,
+        'application' => env('APP_API_APPLICATION_RATELIMIT', 240),
+    ],
+];
diff --git a/config/pterodactyl.php b/config/pterodactyl.php
index 92404cd98..70014bc0a 100644
--- a/config/pterodactyl.php
+++ b/config/pterodactyl.php
@@ -223,5 +223,7 @@ return [
     |
     | 'P_SERVER_CREATED_AT' => 'created_at'
     */
-    'environment_variables' => [],
+    'environment_variables' => [
+        'P_SERVER_ALLOCATION_LIMIT' => 'allocation_limit',
+    ],
 ];