[Feature] Implement configurable API rate limiting (alexjustesen#1984)

alexjustesen · web-flow · commit f586165028d3 · 2025-01-13T16:45:51.000-05:00
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -39,10 +39,7 @@ public function register(): void
     public function boot(): void
     {
         $this->defineCustomIfStatements();
-
-        RateLimiter::for('api', function (Request $request) {
-            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
-        });
+        $this->setApiRateLimit();
 
         if (config('app.force_https')) {
             URL::forceScheme('https');
@@ -77,4 +74,11 @@ protected function defineCustomIfStatements(): void
             return filled($value);
         });
     }
+
+    protected function setApiRateLimit(): void
+    {
+        RateLimiter::for('api', function (Request $request) {
+            return Limit::perMinute(config('api.rate_limit'));
+        });
+    }
 }
diff --git a/config/api.php b/config/api.php
@@ -0,0 +1,7 @@
+<?php
+
+return [
+
+    'rate_limit' => env('API_RATE_LIMIT', 60),
+
+];
diff --git a/routes/api.php b/routes/api.php
@@ -24,6 +24,6 @@
 Route::get('/speedtest/latest', GetLatestController::class)
     ->name('speedtest.latest');
 
-Route::middleware('auth:sanctum')->group(function () {
+Route::middleware(['auth:sanctum', 'throttle:api'])->group(function () {
     require __DIR__.'/api/v1/routes.php';
 });

-Original file line number
+Diff line change
@@ @@ -0,0 +1,7 @@ @@
 +<?php
++
 +return [
++
 +    'rate_limit' => env('API_RATE_LIMIT', 60),
++
 +];