fix: Add rate limiting for login and forgot password routes

limanmys · Feb 21, 2024 · 5e50ed5 · 5e50ed5
1 parent 2b76f41
commit 5e50ed5
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 17 deletions.
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
@@ -2,7 +2,9 @@
 
 namespace App\Providers;
 
+use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
+use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\Route;
 
 /**
@@ -28,7 +30,13 @@ class RouteServiceProvider extends ServiceProvider
      */
     public function boot()
     {
-        //
+        RateLimiter::for('login', function ($request) {
+            return Limit::perMinute(3)->by($request->email.$request->ip());
+        });
+
+        RateLimiter::for('forgot-password', function ($request) {
+            return Limit::perMinutes(5, 2)->by($request->email.$request->ip());
+        });
 
         parent::boot();
     }
@@ -73,18 +81,4 @@ protected function mapWebRoutes()
             ->namespace($this->namespace)
             ->group(base_path('routes/web.php'));
     }
-
-    /**
-     * Map extension developer routes
-     *
-     * This function registers extra routes that is coming from extension developer mode
-     *
-     * @return void
-     */
-    protected function mapExtensionDeveloperRoutes()
-    {
-        Route::namespace($this->namespace)
-            ->middleware('web')
-            ->group(base_path('routes/extension_developer.php'));
-    }
 }
diff --git a/routes/api.php b/routes/api.php
@@ -26,13 +26,13 @@
     'prefix' => 'auth'
 ], function () {
     Route::post('/login', [AuthController::class, 'login'])
-        ->middleware('throttle:5,2');
+        ->middleware('throttle:login');
     Route::post('/setup_mfa', [AuthController::class, 'setupTwoFactorAuthentication']);
     Route::post('/logout', [AuthController::class, 'logout']);
     Route::get('/user', [AuthController::class, 'userProfile']);
     Route::post('/change_password', [AuthController::class, 'forceChangePassword']);
     Route::post('/forgot_password', [AuthController::class, 'sendPasswordResetLink'])
-        ->middleware('throttle:5,15');
+        ->middleware('throttle:forgot-password');
     Route::post('/reset_password', [AuthController::class, 'resetPassword']);
 });