If you are using Laravel’s built-in AuthController
class, theIlluminate\Foundation\Auth\ThrottlesLogins
trait may be used to throttle login attempts to your application. By default, the user will not be able to login for one minute if they fail to provide the correct credentials after several attempts. The throttling is unique to the user’s username / e-mail address and their IP address:
If you’re not familiar with it, rate limiting is a tool—most often used in APIs—that limits the rate at which any individual requester can make requests.
That means, for example, if some bot is hitting a particularly expensive API route a thousand times a minute, your application won’t crash, because after the nth try, they will instead get a429: Too Many Attempts.
response back from the server.
Usually a well-written application that implements rate limiting will also pass back three headers that might not be on another application: X-RateLimit-Limit
, X-RateLimit-Remaining
, and Retry-After
(you’ll only get Retry-After
if you’ve hit the limit). X-RateLimit-Limit
tells you the max number of requests you’re allowed to make within this application’s time period, X-RateLimit-Remaining
tells you how many requests you have left within this current time period, and Retry-After
tells you how many seconds to wait until you try again. (Retry-After
could also be a date instead of a number of seconds)
This interface defines the public methods a throttler class must implement. All 5 methods here accept no parameters.
The 'attempt'
method will hit the throttle (increment the hit count), and then will return a boolean representing whether or not the hit limit has been exceeded.
The 'hit'
method will hit the throttle (increment the hit count), and the will return $this
so you can make another method call if you so choose.
The 'clear'
method will clear the throttle (set the hit count to zero), and the will return $this
so you can make another method call if you so choose.
The 'count'
method will return the number of hits to the throttle.
The 'check'
method will return a boolean representing whether or not the hit limit has been exceeded.
Example to user Throttle
->middleware(‘throttle’) //60 request per minutes
->middleware(‘throttle:30’) //30 request per minutes
->middleware(‘throttle:30,5’) //30 request 5 minutes
useage :
EXAMPLE1
Route::get(‘foo’, [‘middleware’ => ‘throttle:2,2’, function () {
return ‘Why herro there!’;
}]);
EXAMPLE2
Route::get(‘/’,[ ‘middleware’ => ‘throttle:5’,function () {
return view(‘shop.index’);
}]);
EXAMPLE3
Route::group(['prefix' => 'api', 'middleware' => 'throttle:5,10'], function () {
Route::get('people', function () {
return Person::all();
});
});
EXAMPLE4
Route::group(['prefix' => 'auth', 'namespace' => 'Auth'], function(){
Route::group(['middleware' => 'guest'], function(){
// Login
Route::get('login', ['as' => 'auth.login', 'uses' => 'AuthController@getLogin']);
Route::post('login', ['as' => 'auth.login.store', 'before' => 'throttle:2,60', 'uses' => 'AuthController@postLogin']);
// Register
Route::get('register', ['as' => 'auth.register', 'uses' => 'AuthController@getRegister']);
Route::post('register', ['as' => 'auth.register.store', 'uses' => 'AuthController@postRegister']);
});
Route::group(['middleware' => 'auth'], function(){
// Logout
Route::get('logout', ['as' => 'auth.logout', 'uses' => 'AuthController@getLogout']);
});
});
Route::controllers([
'password' => 'Auth\PasswordController',
]);