Throttle #4
Comments
|
This is something I will most likely want to pickup and work on as well. Not sure at what point I will get to it, but I noticed the references listed are pretty outdated and the first two seem abandoned with the third not getting a lot of activity. I can start looking at what is out there, but wanted to see if you have any others you like or think would work well? |
|
I don't have more references. The main challenge here is building something easy to use and, at the same time, flexible enough for any casuistry. There's no a psr standard for data session, and there are several ways to handle this data, so this middleware should be highly cusomizable, but this makes it hard to use. |
|
No worries wasn't sure how far you got with it. I was also thinking that this might be difficult to make simple to use. At a high level a global throttle needs at very least some kind of persistent storage like a database or file to be able to keep track requests. A user specific one needs that plus a way to identify that specific user, from a security standpoint that can tricky since bots and hackers will IP hop and do everything they can to look like a different user for each request. I'm not sure if there is a PSR spec for tagging requests from an authenticated user. If there is that might make that part just a little easier. |
|
Anybody is working on this? I am interested in this topic. |
|
I have looked at it, but didn't see a clear way to make this fit with the other middlewares. |
Middleware for limiting how often individual user can make requests or execute any action. Like #3 it brings some challenges: how to manage the data (session, database, etc...)
Some referencies:
The text was updated successfully, but these errors were encountered: