Exploring Laravel Rate Limiters: Control Traffic & Secure Actions ⛔

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello lover friends I like to talk about raid limits in your application I'm pretty sure you have heard about raid limits in your API but you can also rate limit any kind of action in your code sounds interesting right today I will show you both this first example is this more kind of typical rate limiting example so we have this endpoint here which could be some kind of API where we get the weather and we return some respones on the right you can see very refresh this is what I get and of course our apis are not free we want we don't want users to call them as often as possible so we want to limit that and the way we can do this in lavel is inside a service provider switch one to my app service provider I can create a new rate limit and the method that we need is four and here I'm providing first a name so let's call this maybe just weather and the second is our closure where we have access to the request and inside here we're going to return a limit and here we can say want to create a new limit per minute so let's say five times per minute is what we want and now what we can also do is we can Define how we want to group this so how do we want to identify the user so that we can say yeah this user can only try try this five times and one way also what level recommends what you can do is you can use the user itself is if this is given so if it's given then we want to use the ID and if not what we want to use is the IP of the request so the users IP so again we're creating here a new rate limit we're giving this a name so that we can use in later and we're returning here limit limit of five attempts per minute and this is valid for for a specific user ID if this is given and if not it's for a specific IP all right so this means we go back to our Rod here and here I can now add a new middleware and this one is called throttle and here level idea the pluging that I have installed here in PHP storm already knows that I have this weather rate limiter so this is the key which you add here okay let's try it out what did we say five times per minute refresh refresh refresh refresh refresh and too many requests here we go so 429 is the typical status code that you would get back in such a case of course if we clear out the cache we can start from New Again 1 2 3 4 5 and here we go so this is a very easy way to yeah save some resources on your server for your API so that not everybody can just Spam you on all the time of course you can get here quite um creative in how you want to create the limit so we could also say that if there is a user so if the user is logged in for example then we want to return a limit let's say the user has then maybe 10 attempts and we're grouping this again by the request IP like this and maybe let's copy this here and if the users is not logged in it's not a user that we know then we only allow five attempt so this is also a way where you can Define or maybe if your user has a specific role in your application then you can also create different limits so that's also something that you can do in level there's a lot more to cover so please check out the full documentation for this but yeah that's basically the idea of rate limiting an API endpoint for our second example I have this endpoint here create transcript where I'm echoing out this string and this is what you can see here on the right in the browser so let's imagine we have an application where we provide a service to create a transcript of a video and maybe we allow this for every users but maybe want to limit this so that people don't overuse this and there couple of ways that we can do this but I like to use here the rate limiter and the too many attempts method here let's start with the key so the key again is a string let's call this transcript we can can Define this and it will be unique by this key that's why I want to use the IP of the user like this here Max attempts is what we also want to provide and let's say we want to allow this five times per minute that's what this is and then if this is going to get exceeded I'm going to return to many attempts with a nice Emoji all right and if this not is being triggered then we want to create our transcript which we would do here and then after that what we also need we need to increment our limit that's where we need to copy our key here again so that we increment it for the same key and yeah let's leave it like this already okay so what happens now if I go to the browser let's refresh this 1 2 3 4 5 6 and here we go too many attempts we tried this now five times and now the six times we get here into um this condition here because this is now match because we made too many attempts of course we could also increment this by a specific amount so let's say five here and I'm also going to clear the cache so this means the first time we should see create transcript again but the second time it already doesn't work anymore so maybe there is a good idea when you have different services and all of them um have some different points of how valuable they are and maybe um this transcript service takes five points and another service take one points and then your user has a total of I don't know 10 credits per week month something like this you name it this is yeah this is the kind of stuff that you can do and I think it's good to know that rate limiter is very cool for this things as well I hope you learned something new or at least I was able to help you refresh your memory about raate limiting I would love to know which actions are limited in your code let me know in the comments see you bye [Music]
Info
Channel: Laravel
Views: 3,157
Rating: undefined out of 5
Keywords:
Id: 5YlJ8DllTFw
Channel Id: undefined
Length: 6min 42sec (402 seconds)
Published: Thu Jul 11 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.