Level 80
@devjet So read the docs on rate limiting and add some?
Dec 12, 2023
9
Level 1
Laravel Fortify Rate Limit
Hello guys! The default rate limit in Fortify as of now is the login & two-factor auth. I want to implement the same in other routes, especially in the 'confirm-password' of the two-factor auth. BTW, I am using Laravel API with Laravel Fortify and separate Vue frontend repo.
Level 1
@martinbean I read it and you need to attach the rate limit you created to the routes. But in Laravel Fortify the routes were pre-configured and hidden so I don't know where to attach the rate limit
1 like
Level 1
@devjet You can set a rate limit in config/fortify.php like this:
'limiters' => [
'login' => 'login', // or something like '1,3'
'two-factor' => 'two-factor', // or someting like '1,3'
'verification' => '1,3',
],
I also found that vendor/laravel/fortify/routes/routes.php was quite useful in understanding how the rate limiting happens by default.
1 like
Level 1
@cabsey what's the meaning of 1.3? Is that the name of the rate limiter or the time limit?
Level 1
@devjet 1,3 means 1 request every 3 minutes. I believe it uses the throttle middleware src/Illuminate/Routing/Middleware/ThrottleRequests.php.
Level 1
@cabsey Why are the first limiters set as 'login' => 'login', 'two-factor' => 'two-factor'?
Level 1
@devjet I believe they reference the RateLimiters defined in FortifyServiceProvider::boot():
RateLimiter::for('login', function (Request $request) {
$throttleKey = Str::transliterate(Str::lower($request->input(Fortify::username())).'|'.$request->ip());
return Limit::perMinute(5)->by($throttleKey);
});
RateLimiter::for('two-factor', function (Request $request) {
return Limit::perMinute(5)->by($request->session()->get('login.id'));
});
2 likes
Level 1
@cabsey Much appreciated, buddy.
1 like
Level 1
@cabsey Thanks so much! Really appreciate your effort in answering. π
1 like
Please or to participate in this conversation.