An article explaining in detail how to use throttle middleware in laravel8

This article will give you relevant knowledge about Laravel and throttle middleware. The main content is to teach you how to use the throttle middleware in laravel8. Let’s take a look together. I hope it will be helpful to you!

laravle8 Access restriction throttle middleware

throttle middleware introduction

Frequency limits are often used in APIs for Limit the frequency of requests to a specific API by an independent requester. Each API chooses its own frequency limit time span, GitHub chooses 1 hour, and the Laravel middleware chooses 1 minute.

For example: throttle:60,1, that is, set the frequency limit to 60 times per minute. If an IP exceeds this limit within one minute, the server will return a 429 Too Many Attempts. response. [Recommended learning: laravel video tutorial]

Using throttle middleware in laravel8

We usually use throttle middleware here. Make a rate limit with certain conditions, for example, limit the number of accesses per minute for IPs that are not in the IP whitelist. Compared with before, the throttle middleware in laravel8 has a simpler method of use.

First we can see that there is such a definition in the Kernel.php file

    /**
     * The application's route middleware groups.
     *
     * @var array<string, array<int, class-string|string>>
     */
    protected $middlewareGroups = [
        &#39;web&#39; => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
        &#39;api&#39; => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            &#39;throttle:api&#39;,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];
    /**
     * The application&#39;s route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array<string, class-string|string>
     */
    protected $routeMiddleware = [
        &#39;auth&#39; => \App\Http\Middleware\Authenticate::class,
        &#39;auth.basic&#39; => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        &#39;cache.headers&#39; => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        &#39;can&#39; => \Illuminate\Auth\Middleware\Authorize::class,
        &#39;guest&#39; => \App\Http\Middleware\RedirectIfAuthenticated::class,
        &#39;password.confirm&#39; => \Illuminate\Auth\Middleware\RequirePassword::class,
        &#39;signed&#39; => \Illuminate\Routing\Middleware\ValidateSignature::class,
        &#39;throttle&#39; => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        &#39;verified&#39; => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
    ];

It is obvious that the 'throttle' defined in laravel8 => \Illuminate\Routing\Middleware\ ThrottleRequests::class, has been defined by the framework, and the throttle:api is used in the api.

Of course, the general usage may be to comment out throttle:api here, create a new throttle middleware or directly use throttle:60,1 in routing.

What if I need to make some complex judgments, for example, I have many IP whitelists that I want to exclude without rate limit, or what if there is a VVVIP user who does not limit the rate?

At this time, we can find the App\Providers\RouteServiceProvider.php file in laravel8. At the bottom of the file we can see this writing

  /**
     * Configure the rate limiters for the application.
     *
     * @return void
     */
    protected function configureRateLimiting()
    {
        RateLimiter::for('api', function (Request $request) {
            return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip());
        });
    }

The api defined here is the above in Kernel The throttle:api used in the .php file. Here, we can set custom rate limiting conditions, for example, limiting access to IPs outside the user IP whitelist to 60 times per hour, and the whitelist can access 1,000 times each time

RateLimiter::for('apiHour', function (Request $request) {
            if(!in_array($request->ip(), config('ip.whitelist'))){
                return Limit::perHour(60)->by($request->ip());
            }else{
                return Limit::perHour(1000)->by($request->ip());
            }
        });

Of course not Forgot to create a new ip.php file in the config folder

return [
    'whitelist' => [
        '192.168.0.1',
    ],
];

:heart: Warm reminder: When using api interface routing, if you want to use a custom throttle:apiHour, don’t forget to change the original Comment out throttle:api in Kernel.php!

Finally we can happily use custom rate control middleware in routing

Route::group([
    'middleware' => ['throttle:apiHour']
], function ($router) {
   Route::get('user', function (Request $request) {
       return $request->user();
   });
});

The above is my summary of the problems of using custom throttle raters in laravel8. If you have any questions , you can make corrections at any time, thank you students for watching!

This article is reprinted, original address: https://learnku.com/articles/73728

The above is the detailed content of An article explaining in detail how to use throttle middleware in laravel8. For more information, please follow other related articles on the PHP Chinese website!