RateLimitMiddleware
in package
implements
MiddlewareInterface
Middleware that enforces rate limiting for API requests.
Uses a sliding window algorithm to limit requests per IP address. Configurable limits for general API requests and auth endpoints.
Tags
Table of Contents
Interfaces
- MiddlewareInterface
- Interface for route middleware.
Constants
- AUTH_LIMIT = 10
- Stricter rate limit for authentication endpoints (requests per window).
- AUTH_WINDOW = 300
- Window size for auth endpoints in seconds (5 minutes).
- DEFAULT_LIMIT = 100
- Default rate limit for general API requests (requests per window).
- DEFAULT_WINDOW = 60
- Default window size in seconds (1 minute).
Properties
- $limit : int
- Maximum requests allowed per window.
- $storage : RateLimitStorage
- Storage backend for rate limit data.
- $window : int
- Window size in seconds.
Methods
- __construct() : mixed
- Create a new RateLimitMiddleware.
- handle() : bool
- Handle the incoming request.
- addRateLimitHeaders() : void
- Add rate limit headers to the response.
- buildKey() : string
- Build the storage key for rate limit tracking.
- getClientIdentifier() : string
- Get the client identifier (IP address).
- getEndpointType() : string
- Get the endpoint type for rate limiting.
- sendRateLimitedResponse() : never
- Send a 429 Too Many Requests response.
Constants
AUTH_LIMIT
Stricter rate limit for authentication endpoints (requests per window).
private
mixed
AUTH_LIMIT
= 10
AUTH_WINDOW
Window size for auth endpoints in seconds (5 minutes).
private
mixed
AUTH_WINDOW
= 300
DEFAULT_LIMIT
Default rate limit for general API requests (requests per window).
private
mixed
DEFAULT_LIMIT
= 100
DEFAULT_WINDOW
Default window size in seconds (1 minute).
private
mixed
DEFAULT_WINDOW
= 60
Properties
$limit
Maximum requests allowed per window.
private
int
$limit
$storage
Storage backend for rate limit data.
private
RateLimitStorage
$storage
$window
Window size in seconds.
private
int
$window
Methods
__construct()
Create a new RateLimitMiddleware.
public
__construct([RateLimitStorage|null $storage = null ][, int|null $limit = null ][, int|null $window = null ]) : mixed
Parameters
- $storage : RateLimitStorage|null = null
-
Optional storage backend
- $limit : int|null = null
-
Optional custom request limit
- $window : int|null = null
-
Optional custom window size in seconds
handle()
Handle the incoming request.
public
handle() : bool
Checks if the client has exceeded the rate limit. On failure, returns 429 Too Many Requests.
Return values
bool —True if request is allowed, false if rate limited
addRateLimitHeaders()
Add rate limit headers to the response.
private
addRateLimitHeaders(int $limit, int $remaining, int $reset) : void
Parameters
- $limit : int
-
Maximum requests allowed
- $remaining : int
-
Requests remaining in current window
- $reset : int
-
Unix timestamp when window resets
buildKey()
Build the storage key for rate limit tracking.
private
buildKey(string $clientId, string $endpoint) : string
Parameters
- $clientId : string
-
Client identifier
- $endpoint : string
-
Endpoint type
Return values
string —Storage key
getClientIdentifier()
Get the client identifier (IP address).
private
getClientIdentifier() : string
Return values
string —Client identifier
getEndpointType()
Get the endpoint type for rate limiting.
private
getEndpointType() : string
Return values
string —Endpoint type: 'auth' for auth endpoints, 'api' for others
sendRateLimitedResponse()
Send a 429 Too Many Requests response.
private
sendRateLimitedResponse(int $retryAfter, int $limit) : never
Parameters
- $retryAfter : int
-
Seconds until client can retry
- $limit : int
-
Maximum requests allowed