Laravel 5.5 ThrottleRequest middleware

Question

Does anyone have info on how to implement the ThrottleRequest middleware in Laravel 5.5?

I'm not clear on the meaning of the decayMinutes parameter in particular: https://laravel.com/api/5.5/Illuminate/Routing/Middleware/ThrottleRequests.html

I understand how to apply it to a route, I just am not sure what reaosnable parameters would be.

Answer 1

I understand decayMinutes as the retention time. For intance, if you want to give a 10 try to login with wrong password but if he tries for 11 times, the user gets blocked for the number of minutes specified in decayMinutes. If you specify 10 minutes as your decayMinutes, the user is blocked for 10 minutes

Answer 2

decayMinutes - it's a time within your limit will be counted. Technically limits is a value with TTL (Time To Live) $decayMinutes * 60 secs in cache that increments on every hit. When TTL is over value automatically will be destroyed in cache and new hits count will be start.

Look at RateLimit::hit() code. It's pretty clear:

/**
 * Increment the counter for a given key for a given decay time.
 *
 * @param  string  $key
 * @param  float|int  $decayMinutes
 * @return int
 */
public function hit($key, $decayMinutes = 1)
{
    $this->cache->add(
        $key.':timer', $this->availableAt($decayMinutes * 60), $decayMinutes
    );
    $added = $this->cache->add($key, 0, $decayMinutes);
    $hits = (int) $this->cache->increment($key);
    if (! $added && $hits == 1) {
        $this->cache->put($key, 1, $decayMinutes);
    }
    return $hits;
}

If you want to limit some activity by 10 hits per 5 minutes, than decayMinutes must be 5.