Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-03 06:24:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Implement API throttling, and ensure output is JSON

Browse Source
This commit is contained in:
David Bomba 2019-04-19 17:59:48 +10:00
parent 72dee9bfb6
commit 5b8f56593e
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Exceptions/Handler.php
View File

@ -3,9 +3,10 @@
namespace App\Exceptions; namespace App\Exceptions;
use Exception; use Exception;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\AuthenticationException;
use Illuminate\Database\Eloquent\ModelNotFoundException as ModelNotFoundException; use Illuminate\Database\Eloquent\ModelNotFoundException as ModelNotFoundException;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Http\Exceptions\ThrottleRequestsException;
class Handler extends ExceptionHandler class Handler extends ExceptionHandler
{ {
@ -56,7 +57,11 @@ class Handler extends ExceptionHandler
if ($exception instanceof ModelNotFoundException) if ($exception instanceof ModelNotFoundException)
{ {
return response()->json(['error'=>'Record not found'],400); return response()->json(['message'=>'Record not found'],400);
}
else if($exception instanceof ThrottleRequestsException)
{
return response()->json(['message'=>'Too many requests'],429);
} }
return parent::render($request, $exception); return parent::render($request, $exception);

12
app/Http/Controllers/Auth/LoginController.php
View File

@ -67,10 +67,20 @@ class LoginController extends BaseController
{ {
$this->validateLogin($request); $this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return response()->json(['message' => 'Too many login attempts, you are being throttled']);
}
if ($this->attemptLogin($request)) if ($this->attemptLogin($request))
return $this->itemResponse($this->guard()->user()); return $this->itemResponse($this->guard()->user());
else else {
$this->incrementLoginAttempts($request);
return response()->json(['message' => ctrans('texts.invalid_credentials')]); return response()->json(['message' => ctrans('texts.invalid_credentials')]);
}
} }