Throttle requests to your application based on users IP address.
This project is maintained by MadMikeyB
Throttle requests to your application based on users IP address.
config/throttleable.php
Pull in the package using Composer
composer require madmikeyb/throttleable
Note: If you are using Laravel 5.5, the next steps are unnecessary. Laravel Throttleable supports Laravel Package Discovery.
Include the service provider within app/config/app.php
.
'providers' => [
...
MadMikeyB\Throttleable\Providers\ThrottleableServiceProvider::class,
],
You must publish the migration by running the following command:
php artisan vendor:publish --provider="MadMikeyB\Throttleable\Providers\ThrottleableServiceProvider" --tag="migrations" && php artisan migrate
Throttleable supports optional configuration.
You can publish the config file with:
php artisan vendor:publish --provider="MadMikeyB\Throttleable\Providers\ThrottleableServiceProvider" --tag="config"
When published, the config/throttleable.php
config file contains:
<?php
return [
/**
* Number of attempts permitted to a single
* IP address before being throttled.
*/
'attempt_limit' => 10,
/**
* The datetime metric to use for expirations
* Available options are hour, day or week.
*/
'expiry_metric' => 'week',
/**
* The number of hours, days or weeks to
* keep a throttle valid for.
*/
'expiry_timelimit' => 1
];
These are merely the default values and can be overriden on a case-by-case basis if needed.
Simply import the Throttle Model in your controller.
<?php
namespace App\Http\Controllers;
use MadMikeyB\Throttleable\Models\Throttle;
Then, on whichever method you’d like to throttle, new up a Throttle
instance. The minimum parameters required by this class is an instance of Illuminate\Http\Request
.
The check()
method of Throttle
returns a boolean, which indicates whether the IP address has been throttled or not.
public function create(Request $request)
{
$throttle = new Throttle($request->instance());
if (!$throttle->check()) {
alert()->error('Sorry, you have made too many requests. Please try again later.');
return back();
}
}
NB. the alert()
helper is provided by uxweb/sweet-alert and is not included in this package.
<?php
namespace App\Http\Controllers;
use App\Comment;
use MadMikeyB\Throttleable\Models\Throttle;
class CommentsController
{
public function store(Request $request)
{
$throttle = new Throttle($request->instance());
if (!$throttle->check()) {
alert()->error('Sorry, you have made too many requests. Please try again later.');
return back();
}
// save comment here
Comment::create($request->all());
alert()->success('Comment Created!');
return back();
}
}
In some cases you may want to override the default attempt and time limits which are set in the configuration file. For example, a user creating a comment may not be throttled as quickly as someone trying to log into an admin control panel.
The second and third arguments to the constructor of the Throttle
model are the attempt_limit
and the expiry_weeks
configuration variables respectively.
If you need to override the defaults set in config/throttleable.php
, you would do so as follows:
public function store(Request $request)
{
$attemptLimit = 10000;
$expiryWeeks = 52;
$throttle = new Throttle($request->instance(), $attemptLimit, $expiryWeeks);
if (!$throttle->check()) {
alert()->error('Sorry, you have made too many requests. Please try again later.');
return back();
}
// save comment here
Comment::create($request->all());
alert()->success('Comment Created!');
return back();
}
The MIT License (MIT). Please see License File for more information.