What does Laravel middleware `throttle:api` mean?-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

What does Laravel middleware `throttle:api` mean?

Mary-Kate Olsen

Apr 01, 2025 pm 01:54 PM

laravelASDlaravel middleware

Detailed explanation of the speed limit function of laravel middleware

In the laravel framework, middleware plays an important role. They can intercept and process requests, implement functions such as permission verification, logging, and speed limit. This article will explore the use of throttle middleware in laravel in depth, especially the usage of 'throttle:api'.

The problem stems from a laravel routing middleware configuration code:

 'api' => [
    // \laravel\sanctum\http\middleware\ensurefrontendrequestsarestateful::class,
    'throttle:api',
    \illuminate\routing\middleware\substitutebindings::class,
],

Among them, 'throttle:api' aroused the question from the questioner. Everyone knows that this is a speed limit middleware, but the meaning of the API parameters is not clear. The common speed limit middleware configuration is often throttle:60,1, which means that 60 requests are allowed per minute. So what exactly does 'throttle:api' mean?

The answer lies in the parameter passing method of the throttle middleware. Laravel's middleware supports parameter passing, parameters start with colon: and multiple parameters are separated by commas. As a weak-type language, the flexible use of parameter types and number of parameters makes the configuration methods more diverse.

throttle:api means using a ratelimiter called api. This means that the system controls the request frequency according to a rate limiter rule called API. The rate limiter needs to be predefined in the laravel configuration, which determines the number of requests allowed and the time window.

throttle:60,1 means directly specifying the speed limit rule: 60 requests per minute (1 minute, $decayminutes = 1) are allowed ($maxattempts = 60).

The source code fragment of the throttle middleware is as follows:

 /**
     * /Illuminate/Routing/Middleware/ThrottleRequests.php
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @param int|string $maxAttempts
     * @param float|int $decayMinutes
     * @param string $prefix
     * @return \Symfony\Component\HttpFoundation\Response
     * 
     * @throws \Illuminate\Http\Exceptions\ThrottleRequestsException
     * 
     */
    public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1, $prefix = '')
    {
        if (is_string($maxAttempts)
            && func_num_args() === 3
            && ! is_null($limiter = $this->limiter->limiter($maxAttempts))) {
            return $this->handleRequestUsingNamedLimiter($request, $next, $maxAttempts, $limiter);
        }
        
        // ....
     }

This code shows how the middleware handles different parameter forms. When $maxattempts is a string and the number of parameters is 3 (that is, only the name is passed), the middleware will try to use a ratelimiter named $maxattempts.

Through analysis of source code and parameter delivery methods, we can clearly understand the meaning of 'throttle:api': it does not directly specify the speed limit rules, but refers to a predefined rate limiter called api. This allows developers to more flexibly manage speed limiting strategies for different API interfaces.

The above is the detailed content of What does Laravel middleware `throttle:api` mean?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AM

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AM

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PM

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PM

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PM

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.

See all articles