Added login throttling
This commit is contained in:
+4
-2
@@ -123,6 +123,7 @@ return [
|
||||
'Illuminate\Workbench\WorkbenchServiceProvider',
|
||||
|
||||
'Dingo\Api\Provider\ApiServiceProvider',
|
||||
'GrahamCampbell\Throttle\ThrottleServiceProvider',
|
||||
'Thujohn\Rss\RssServiceProvider',
|
||||
|
||||
'CachetHQ\Cachet\Support\ServiceProviders\RepositoryServiceProvider',
|
||||
@@ -196,8 +197,9 @@ return [
|
||||
'Validator' => 'Illuminate\Support\Facades\Validator',
|
||||
'View' => 'Illuminate\Support\Facades\View',
|
||||
|
||||
'API' => 'Dingo\Api\Facade\API',
|
||||
'RSS' => 'Thujohn\Rss\RssFacade',
|
||||
'API' => 'Dingo\Api\Facade\API',
|
||||
'Throttle' => 'GrahamCampbell\Throttle\Facades\Throttle',
|
||||
'RSS' => 'Thujohn\Rss\RssFacade',
|
||||
|
||||
],
|
||||
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of Laravel Throttle by Graham Campbell.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at http://bit.ly/UWsjkb.
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
return [
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Cache Driver
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This defines the cache driver to be used. It may be the name of any
|
||||
| driver set in app/config/cache.php. Setting it to null will use the
|
||||
| driver you have set as default in app/config/cache.php. Please note that
|
||||
| a driver that supports cache tags is required.
|
||||
|
|
||||
| Default: null
|
||||
|
|
||||
*/
|
||||
|
||||
'driver' => null,
|
||||
|
||||
];
|
||||
@@ -23,6 +23,7 @@ class AuthController extends Controller
|
||||
if (Auth::attempt(Input::only(['email', 'password']))) {
|
||||
return Redirect::intended('dashboard');
|
||||
} else {
|
||||
Throttle::hit(Request::instance(), 10, 10);
|
||||
return Redirect::back()
|
||||
->withInput(Input::except('password'))
|
||||
->with('error', 'Invalid email or password');
|
||||
|
||||
@@ -4,6 +4,7 @@ Route::filter('is_setup', 'IsSetupFilter');
|
||||
Route::filter('has_setting', 'HasSettingFilter');
|
||||
Route::filter('cors', 'CORSFilter');
|
||||
Route::filter('allowed_domains', 'AllowedDomainsFilter');
|
||||
Route::filter('login_throttling', 'LoginThrottlingFilter');
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
class LoginThrottlingFilter
|
||||
{
|
||||
public function filter($route, $request, $response)
|
||||
{
|
||||
// check if we've reached the rate limit, but don't hit the throttle yet
|
||||
// we can hit the throttle later on in the if validation passes
|
||||
if (!Throttle::check($request, 10, 10)) {
|
||||
return Redirect::back()
|
||||
->with('error', 'You have made too many login requests.');
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
+1
-1
@@ -2,7 +2,7 @@
|
||||
|
||||
Route::group(['before' => 'has_setting:app_name'], function () {
|
||||
Route::get('/auth/login', ['before' => 'guest', 'as' => 'login', 'uses' => 'AuthController@showLogin']);
|
||||
Route::post('/auth/login', ['before' => 'guest|csrf', 'as' => 'logout', 'uses' => 'AuthController@postLogin']);
|
||||
Route::post('/auth/login', ['before' => 'guest|csrf|login_throttling', 'as' => 'logout', 'uses' => 'AuthController@postLogin']);
|
||||
});
|
||||
|
||||
Route::get('/auth/logout', ['before' => 'auth', 'as' => 'logout', 'uses' => 'AuthController@logoutAction']);
|
||||
|
||||
Reference in New Issue
Block a user