/** * Run the login throttling middleware. * * We're verifying that the user is not attempting to brute force Cachet's * login system. If the user has reached the rate limit, then we're sending * them away, otherwise, we do nothing, and allow them to continue. * * Note that this filter is not responsible for incrementing the hit count. * Another part of Cachet will increment the hit count for the given route * only if validation passes, and the user did not successfully login. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { if (!Throttle::check($request, 10, 10)) { return Redirect::back()->with('error', 'You have made too many login requests.'); } return $next($request); }
<?php /* * This file is part of Bootstrap CMS. * * (c) Graham Campbell <*****@*****.**> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ use GrahamCampbell\Throttle\Facades\Throttle; use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException; /* |-------------------------------------------------------------------------- | Throttling Filters |-------------------------------------------------------------------------- | | This is where we check the user is not spamming our system by limiting | certain types of actions with a throttler. | */ $router->filter('throttle.comment', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 10, 1)) { throw new TooManyRequestsHttpException(60, 'Rate limit exceed.'); } });
/** * Run the login throttling filter. * * We're verifying that the user is not attempting to brute force Cachet's * login system. If the user has reached the rate limit, then we're sending * them away, otherwise, we do nothing, and allow them to continue. * * Note that this filter is not responsible for incrementing the hit count. * Another part of Cachet will increment the hit count for the given route * only if validation passes, and the user did not successfully login. * * @param \Illuminate\Routing\Route $route * @param \Illuminate\Http\Request $request * * @return \Illuminate\Http\Response|null */ public function filter(Route $route, Request $request) { if (!Throttle::check($request, 10, 10)) { return Redirect::back()->with('error', 'You have made too many login requests.'); } }
$router->filter('throttle.activate', function ($route, $request) { // check if we've reached the rate limit, and hit the throttle // no validation is required, we should always hit the throttle if (!Throttle::attempt($request, 10, 10)) { return Redirect::route('account.login')->withInput()->with('error', 'You have made too many activation requests. Please try again in 10 minutes.'); } }); $router->filter('throttle.resend', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 5, 30)) { return Redirect::route('account.resend')->withInput()->with('error', 'You have been suspended from resending activation emails. Please contact support.'); } }); $router->filter('throttle.reset', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 5, 30)) { return Redirect::route('account.reset')->withInput()->with('error', 'You have been suspended from resetting passwords. Please contact support.'); } }); $router->filter('throttle.register', function ($route, $request) { // check if we've reached the rate limit, but don't hit the throttle yet // we can hit the throttle later on in the if validation passes if (!Throttle::check($request, 5, 30)) { return Redirect::route('account.register')->withInput()->with('error', 'You have been suspended from registration. Please contact support.'); } }); $router->filter('localization', function () { App::setLocale(Route::input('lang')); });