Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Explicitly define throttle limits for self host and hosted

Browse Source
This commit is contained in:
David Bomba 2023-03-09 13:38:09 +11:00
parent 3328f805fb
commit ea475f8d56
2 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
app/Providers/RouteServiceProvider.php
View File

@ -11,16 +11,20 @@
namespace App\Providers;
use App\Utils\Ninja;
use App\Models\Scheduler;
use App\Utils\Traits\MakesHash;
use Illuminate\Support\Facades\Route;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Database\Eloquent\ModelNotFoundException as ModelNotFoundException;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Route;
class RouteServiceProvider extends ServiceProvider
{
use MakesHash;
private int $default_rate_limit = 1000;
/**
* Define your route model bindings, pattern filters, etc.
*
@ -40,6 +44,37 @@ class RouteServiceProvider extends ServiceProvider
->company()
->where('id', $this->decodePrimaryKey($value))->firstOrFail();
});
RateLimiter::for('login', function () {
if(Ninja::isSelfHost())
return Limit::perMinute($this->default_rate_limit);
else {
return Limit::perMinute(50);
}
});
RateLimiter::for('api', function () {
if(Ninja::isSelfHost())
return Limit::perMinute($this->default_rate_limit);
else {
return Limit::perMinute(300);
}
});
RateLimiter::for('refresh', function () {
if(Ninja::isSelfHost())
return Limit::perMinute($this->default_rate_limit);
else {
return Limit::perMinute(200);
}
});
}
/**

8
routes/api.php
View File

@ -98,17 +98,17 @@ use App\Http\Controllers\WebCronController;
use App\Http\Controllers\WebhookController;
use Illuminate\Support\Facades\Route;
Route::group(['middleware' => ['throttle:300,1', 'api_secret_check']], function () {
Route::group(['middleware' => ['throttle:api', 'api_secret_check']], function () {
Route::post('api/v1/signup', [AccountController::class, 'store'])->name('signup.submit');
Route::post('api/v1/oauth_login', [LoginController::class, 'oauthApiLogin']);
});
Route::group(['middleware' => ['throttle:50,1','api_secret_check','email_db']], function () {
Route::group(['middleware' => ['throttle:login','api_secret_check','email_db']], function () {
Route::post('api/v1/login', [LoginController::class, 'apiLogin'])->name('login.submit')->middleware('throttle:20,1');
Route::post('api/v1/reset_password', [ForgotPasswordController::class, 'sendResetLinkEmail']);
});
Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () {
Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale'], 'prefix' => 'api/v1', 'as' => 'api.'], function () {
Route::put('accounts/{account}', [AccountController::class, 'update'])->name('account.update');
Route::resource('bank_integrations', BankIntegrationController::class); // name = (clients. index / create / show / update / destroy / edit
Route::post('bank_integrations/refresh_accounts', [BankIntegrationController::class, 'refreshAccounts'])->name('bank_integrations.refresh_accounts')->middleware('throttle:30,1');
@ -265,7 +265,7 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale
Route::post('recurring_quotes/bulk', [RecurringQuoteController::class, 'bulk'])->name('recurring_quotes.bulk');
Route::put('recurring_quotes/{recurring_quote}/upload', [RecurringQuoteController::class, 'upload']);
Route::post('refresh', [LoginController::class, 'refresh'])->middleware('throttle:300,2');
Route::post('refresh', [LoginController::class, 'refresh'])->middleware('throttle:refresh');
Route::post('reports/clients', ClientReportController::class);
Route::post('reports/contacts', ClientContactReportController::class);