Joko/order_gizi
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fixing login rate limiter

Browse Source
This commit is contained in:
JokoPrasetio 2026-05-12 15:02:13 +07:00
parent d4cd157c16
commit 4a8072e61b
1 changed files with 1 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/Http/Controllers/AuthController.php
View File

@ -5,7 +5,6 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\RateLimiter;
class AuthController extends Controller
{
@ -69,22 +68,11 @@ class AuthController extends Controller
$now = time();
$rateKey = 'login:' . $request->ip() . ':' . strtolower((string) $request->input('username'));
if (RateLimiter::tooManyAttempts($rateKey, $this->maxLoginAttempts)) {
return back()
->withInput($request->only('username'))
->with(['alertError' => 'rate']);
}
$this->ensureCaptchaValid();
$expectedCaptcha = (string) session('login_captcha', '');
$givenCaptcha = strtoupper(preg_replace('/\s+/', '', (string) $request->input('captcha', '')));
if ($expectedCaptcha === '' || !hash_equals(strtoupper($expectedCaptcha), (string) $givenCaptcha)) {
RateLimiter::hit($rateKey, $this->loginDecaySeconds);
$this->refreshCaptcha();
return back()
->withInput($request->only('username'))
->with(['alertError' => 'captcha']);
}
// One-time use
$request->session()->forget('login_captcha');
$request->session()->forget('login_captcha_created_at');
@ -98,11 +86,9 @@ class AuthController extends Controller
if(Auth::attempt($credentials)){
$request->session()->regenerate();
RateLimiter::clear($rateKey);
return redirect()->intended('/dashboard');
}
RateLimiter::hit($rateKey, $this->loginDecaySeconds);
$this->refreshCaptcha();
return back()->with(['alertError' => 'Gagal Login!']);