Laravel：删除经过身份验证的用户的请求限制

Question

我希望对通过 API 进行身份验证的用户禁用请求限制。

内核：

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:240,1'
    ],
];

无论用户是否经过身份验证，此处的限制都会将请求限制为每分钟 240 个。

如何做到这一点，这样它只会限制未经身份验证的用户？

Answer 1

您可以将所有身份验证路由打包到一个组并将油门设置为无限制，或者在您的控制器类构造函数中，您可以禁用 ThrottleRequests 中间件。

请检查此线程： Disable rate limiter in Laravel?

Answer 2

对于最新版本的 Laravel 8.x。我们可以通过以下步骤使用 RateLimiter：

1. 在您的 app/Providers/RouteServiceProvider.php 中找到以下 configureRateLimiting：

    protected function configureRateLimiting()
    {

        RateLimiter::for('api', function (Request $request) {
            return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip());
        });

        // Add this for no limit throttle
        RateLimiter::for('none', function (Request $request) {
            return Limit::none();
        });

    }

1. 在您的 app/web.php 中添加“throttle:none”：

Route::group([
  'middleware' => ['auth', 'throttle:none'],
  ], function ($router) {
    Route::post('test', 'TestController@test');
});

1. 这一步是可选的，如果你正在使用其他中间件，你可以在你的 app/Http/Kernel.php 中将它们分组：

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
        'api' => [
            'throttle:api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'no_throttle' => [
            'throttle:none',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],
    ];

Route::group([
  'middleware' => ['auth', 'no_throttle'],
  ], function ($router) {
    Route::post('test', 'TestController@test');
});