add rate limiter for registration route

TobMoeller · TobMoeller · commit 11898e7b876c · 2025-02-18T15:09:42.000+01:00
diff --git a/routes/routes.php b/routes/routes.php
@@ -32,6 +32,7 @@
     }
 
     $limiter = config('fortify.limiters.login');
+    $registrationLimiter = config('fortify.limiters.registration');
     $twoFactorLimiter = config('fortify.limiters.two-factor');
     $verificationLimiter = config('fortify.limiters.verification', '6,1');
 
@@ -75,7 +76,10 @@
         }
 
         Route::post(RoutePath::for('register', '/register'), [RegisteredUserController::class, 'store'])
-            ->middleware(['guest:'.config('fortify.guard')])
+            ->middleware(array_filter([
+                'guest:'.config('fortify.guard'),
+                $registrationLimiter ? 'throttle:'.$registrationLimiter : null,
+            ]))
             ->name('register.store');
     }
 
diff --git a/stubs/FortifyServiceProvider.php b/stubs/FortifyServiceProvider.php
@@ -42,5 +42,9 @@ public function boot(): void
         RateLimiter::for('two-factor', function (Request $request) {
             return Limit::perMinute(5)->by($request->session()->get('login.id'));
         });
+
+        RateLimiter::for('registration', function (Request $request) {
+            return Limit::perMinute(5)->by($request->ip());
+        });
     }
 }
diff --git a/stubs/fortify.php b/stubs/fortify.php
@@ -117,6 +117,7 @@
     'limiters' => [
         'login' => 'login',
         'two-factor' => 'two-factor',
+        'registration' => 'registration',
     ],
 
     /*

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`$limiter = config('fortify.limiters.login');`
	`35`	`+ $registrationLimiter = config('fortify.limiters.registration');`
`35`	`36`	`$twoFactorLimiter = config('fortify.limiters.two-factor');`
`36`	`37`	`$verificationLimiter = config('fortify.limiters.verification', '6,1');`
`37`	`38`
`@@ -75,7 +76,10 @@`
`75`	`76`	`}`
`76`	`77`
`77`	`78`	`Route::post(RoutePath::for('register', '/register'), [RegisteredUserController::class, 'store'])`
`78`		`- ->middleware(['guest:'.config('fortify.guard')])`
	`79`	`+ ->middleware(array_filter([`
	`80`	`+ 'guest:'.config('fortify.guard'),`
	`81`	`+ $registrationLimiter ? 'throttle:'.$registrationLimiter : null,`
	`82`	`+ ]))`
`79`	`83`	`->name('register.store');`
`80`	`84`	`}`
`81`	`85`
Original file line number	Diff line number	Diff line change
`@@ -42,5 +42,9 @@ public function boot(): void`
`42`	`42`	`RateLimiter::for('two-factor', function (Request $request) {`
`43`	`43`	`return Limit::perMinute(5)->by($request->session()->get('login.id'));`
`44`	`44`	`});`
	`45`	`+`
	`46`	`+ RateLimiter::for('registration', function (Request $request) {`
	`47`	`+ return Limit::perMinute(5)->by($request->ip());`
	`48`	`+ });`
`45`	`49`	`}`
`46`	`50`	`}`