fix: align PHP requirement and implement rate limiting
- Update composer.json to require PHP ^8.3 (required by grazulex/laravel-apiroute ^1.2) - Add rate limiting to routes using laravel-apiroute's rateLimit() and Laravel's throttle middleware - Public routes (login/register): throttle:auth (5/min for brute force protection) - Protected routes: throttle:authenticated (120/min) - Global version rate limit: 60 req/min via ->rateLimit(60) - Remove unused import in routes/web.php (fixes Pint style issue) - Update composer.lock with synchronized dependencies
This commit is contained in:
Jean-Marc Strauven
@@ -6,7 +6,7 @@
|
|||||||
"keywords": ["laravel", "api", "rest", "starter-kit", "sanctum"],
|
"keywords": ["laravel", "api", "rest", "starter-kit", "sanctum"],
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"require": {
|
"require": {
|
||||||
"php": "^8.2",
|
"php": "^8.3",
|
||||||
"dedoc/scramble": "^0.12",
|
"dedoc/scramble": "^0.12",
|
||||||
"grazulex/laravel-apiroute": "^1.2",
|
"grazulex/laravel-apiroute": "^1.2",
|
||||||
"laravel/framework": "^12.0",
|
"laravel/framework": "^12.0",
|
||||||
|
|||||||
4
composer.lock
generated
4
composer.lock
generated
@@ -4,7 +4,7 @@
|
|||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "4b69ad7f7f6df7f731ce0d46d9332a05",
|
"content-hash": "e6f1d7122781eed56575ee487696ba47",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "brick/math",
|
"name": "brick/math",
|
||||||
@@ -9838,7 +9838,7 @@
|
|||||||
"prefer-stable": true,
|
"prefer-stable": true,
|
||||||
"prefer-lowest": false,
|
"prefer-lowest": false,
|
||||||
"platform": {
|
"platform": {
|
||||||
"php": "^8.2"
|
"php": "^8.3"
|
||||||
},
|
},
|
||||||
"platform-dev": {},
|
"platform-dev": {},
|
||||||
"plugin-api-version": "2.9.0"
|
"plugin-api-version": "2.9.0"
|
||||||
|
|||||||
@@ -17,13 +17,17 @@ use Illuminate\Support\Facades\Route;
|
|||||||
|
|
||||||
// Version 1 - Current stable version
|
// Version 1 - Current stable version
|
||||||
ApiRoute::version('v1', function () {
|
ApiRoute::version('v1', function () {
|
||||||
// Public routes
|
// Public routes with auth rate limiter (5/min - brute force protection)
|
||||||
Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
|
Route::middleware('throttle:auth')->group(function () {
|
||||||
Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
|
Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
|
||||||
|
Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
|
||||||
|
});
|
||||||
|
|
||||||
// Protected routes
|
// Protected routes with authenticated rate limiter (120/min)
|
||||||
Route::middleware('auth:sanctum')->group(function () {
|
Route::middleware(['auth:sanctum', 'throttle:authenticated'])->group(function () {
|
||||||
Route::post('logout', [AuthController::class, 'logout'])->name('api.v1.logout');
|
Route::post('logout', [AuthController::class, 'logout'])->name('api.v1.logout');
|
||||||
Route::get('me', [AuthController::class, 'me'])->name('api.v1.me');
|
Route::get('me', [AuthController::class, 'me'])->name('api.v1.me');
|
||||||
});
|
});
|
||||||
})->current();
|
})
|
||||||
|
->current()
|
||||||
|
->rateLimit(60); // Global rate limit: 60 requests/minute for v1
|
||||||
|
|||||||
@@ -1,6 +1,4 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Illuminate\Support\Facades\Route;
|
|
||||||
|
|
||||||
// Web routes disabled - API only application
|
// Web routes disabled - API only application
|
||||||
// Scramble documentation available at /docs/api
|
// Scramble documentation available at /docs/api
|
||||||
|
|||||||
Reference in New Issue
Block a user