Make rate limit configurable; closes #1695

This commit is contained in:
Dane Everitt 2020-07-02 21:11:16 -07:00
parent fde8465f35
commit e95a532da9
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 32 additions and 5 deletions

View file

@ -69,7 +69,6 @@ class Kernel extends HttpKernel
RequireTwoFactorAuthentication::class, RequireTwoFactorAuthentication::class,
], ],
'api' => [ 'api' => [
'throttle:240,1',
IsValidJson::class, IsValidJson::class,
ApiSubstituteBindings::class, ApiSubstituteBindings::class,
SetSessionDriver::class, SetSessionDriver::class,
@ -78,7 +77,6 @@ class Kernel extends HttpKernel
AuthenticateIPAccess::class, AuthenticateIPAccess::class,
], ],
'client-api' => [ 'client-api' => [
'throttle:240,1',
StartSession::class, StartSession::class,
SetSessionDriver::class, SetSessionDriver::class,
AuthenticateSession::class, AuthenticateSession::class,

View file

@ -38,11 +38,17 @@ class RouteServiceProvider extends ServiceProvider
->namespace($this->namespace . '\Server') ->namespace($this->namespace . '\Server')
->group(base_path('routes/server.php')); ->group(base_path('routes/server.php'));
Route::middleware(['api'])->prefix('/api/application') Route::middleware([
sprintf('throttle:%s,%s', config('http.rate_limit.application'), config('http.rate_limit.application_period')),
'api',
])->prefix('/api/application')
->namespace($this->namespace . '\Api\Application') ->namespace($this->namespace . '\Api\Application')
->group(base_path('routes/api-application.php')); ->group(base_path('routes/api-application.php'));
Route::middleware(['client-api'])->prefix('/api/client') Route::middleware([
sprintf('throttle:%s,%s', config('http.rate_limit.client'), config('http.rate_limit.client_period')),
'client-api',
])->prefix('/api/client')
->namespace($this->namespace . '\Api\Client') ->namespace($this->namespace . '\Api\Client')
->group(base_path('routes/api-client.php')); ->group(base_path('routes/api-client.php'));

21
config/http.php Normal file
View file

@ -0,0 +1,21 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| API Rate Limits
|--------------------------------------------------------------------------
|
| Defines the rate limit for the number of requests per minute that can be
| executed against both the client and internal (application) APIs over the
| defined period (by default, 1 minute).
|
*/
'rate_limit' => [
'client_period' => 1,
'client' => env('APP_API_CLIENT_RATELIMIT', 240),
'application_period' => 1,
'application' => env('APP_API_APPLICATION_RATELIMIT', 240),
],
];

View file

@ -223,5 +223,7 @@ return [
| |
| 'P_SERVER_CREATED_AT' => 'created_at' | 'P_SERVER_CREATED_AT' => 'created_at'
*/ */
'environment_variables' => [], 'environment_variables' => [
'P_SERVER_ALLOCATION_LIMIT' => 'allocation_limit',
],
]; ];