Reputation: 197
Throttling in Laravel
Can somebody help me out with Laravel's Throttling ? Right now, my website uses throttling to prevent user from logging in for 'x' seconds, if the password they entered are wrong for 'x' number of time.
After logging in, user will require Two-Factor Authentication to update their information but i would like to throttle the Two-FA too, so that they will be locked out from updating their account. I can actually reuse the login's throttling codes to lock the user out but the issue is that, when the user logs out, they wont be able to log in due to the temporary lock.
I would like to create a custom throttle just for Two-FA and probably prevent the user from accessing that specific route for 'x' seconds.
I have tried searching around, but everything is related to login. If somebody could suggest me a package which will fit my requirement or provide a simple tut. will really be helpful to me. Thanks for your time.
Upvotes: 0
Views: 907
Answers (1)
Reputation: 35337
This is all outlined in the ThrottlesLogins trait, but I'll try to simplify it even further.
Generate a unique key for the user and type of request:
$key = '2fa:' . $user->id;
Add a hit (increment count) on every request to the endpoint using the Illuminate\Cache\RateLimiter class:
app(RateLimiter::class)->hit($key, $timeoutInMinutes);
Check if the limit has been reached before processing the request:
$bool = app(RateLimiter::class)->tooManyAttempts($key, $maxAttempts, $timeoutInMinutes);
Upvotes: 1
Related Questions
- Laravel throttle rate limiter limites access too early
- Laravel RateLimiter/throttle increasing decay minutes
- Laravel 5.3 login throttling
- Laravel: Remove Request Throttling For Authenticated Users
- Laravel custom Login Throttling
- Laravel: Integrating Throttle in Custom Login
- Laravel - Custome Auth Throttlelogins
- Laravel 5.5 : Dynamically change throttle time
- Laravel: using throttle in a custom Login controller
- Login throttles in laravel 5.1 with ajax