cdonut/laraflood
Composer 安装命令:
composer require cdonut/laraflood
包简介
Flood protection for laravel
README 文档
README
This tool designed for limiting some user requests.
This tool is based on: ircop/Laraflood, I have added / modified things that have been useful for my current project and I publish it in case it can be useful to someone!
INSTALL
1: install via composer
composer require vincendev/laraflood
If you're using laravel 5.5: steps 2 and 3 are not necessary.
2: add service provider to providers array in config/app.php:
Vincendev\Laraflood\LarafloodServiceProvider::class,
3: add facade alias to aliases array in config/app.php:
'Laraflood' => Vincendev\Laraflood\FacadeLaraflood::class,
Usage
Checking for record existance with given identity and add attempt.
$identity - can be ip-address, user id, anything unique. Default is ip-address.
$action - What is the user trying to do? Submit-post, Login, Search, etc. Default is 'default'.
$maxAttempts - How many attempts do you want to give the user? Default is 5.
$seconds - Waiting time after attempts are over. Default is 5 minutes.
Laraflood::check( $identity = 'ip', $action = 'default', $maxAttempts = 5, $seconds = 300 );
Laraflood::check();
Laraflood::check( $user->id , 'submit-comment');
Laraflood::check( $user->id , 'report-comment', 1, 5);
/* Return bool */
Only check without add attempt.
Laraflood::checkOnly( $identity = 'ip', $action = 'default', $maxAttempts = 5, $seconds = 300 );
Laraflood::checkOnly();
Laraflood::checkOnly( $user->id , 'submit-comment');
Laraflood::checkOnly( $user->id , 'report-comment', 1, 5);
/* Return bool */
Add attempt for given $identity with ·$action on given $minutes. 'ip' by default is the real user ip.
Laraflood::addAttempt( $identity = 'ip', $action = 'default', $seconds = 300 );
Laraflood::addAttempt();
Laraflood::addAttempt('ip', 'like-post');
Laraflood::addAttempt( $user->id ,'default', 5 );
/* Void */
Get time left for given identity & action.
Laraflood::secondsLeft( $identity = 'ip', $action = 'default');
Laraflood::secondsLeft();
Laraflood::secondsLeft( 'ip', 'like-post');
/* Return string */
# X hours
# X minutes
# X seconds
Returns array for given identity & action
Laraflood::get($identity = 'ip', $action = 'default')
Laraflood::get();
Laraflood::get( 'ip', 'like-post');
/*
array:3 [▼
"action" => "default"
"attempts" => 1
"expiration" => "2019-09-18 19:51:01.175237"
]
*/
Examples:
Limiting wrong login attempts for given IP address:
This example limiting wrong login attempts from one ip-address to 5 tryes per 20 minutes:
public function postLogin()
{
/**
* If thes user ip has >= 5 failed login attempts in last 5 minutes, redirect user
* back with error:
*/
if( Laraflood::check( 'ip' , 'login', 5, 5 ) === FALSE )
return redirect()->back()->withErrors(["AntiFlood Protection! Try again in ".Laraflood::secondsLeft('ip','login')." ."]);
/**
* Your code here..
*/
}
Increment post views .
This code shows how increment post views only 1 view every 24 hours..
public function incrementPostViews()
{
$action = "post-visit:" . $post->id; // Post unique ID
$visitsPerUser = 1;
$minutes = 1440; // 24Hours
if(Laraflood::checkOnly('ip', $action, $visitsPerUser)){
/**
* Increment post views
* Your code here..
*/
Laraflood::addAttempt('ip', $action, $minutes);
}
}
cdonut/laraflood 适用场景与选型建议
cdonut/laraflood 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 161 次下载、GitHub Stars 达 0, 最近一次更新时间为 2020 年 08 月 11 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「spam」 「laravel」 「antispam」 「flood」 「antiflood」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 cdonut/laraflood 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 cdonut/laraflood 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 cdonut/laraflood 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Simple captcha generator
reCAPTCHA library
Client library for reCAPTCHA with proxy support, a free service that protects websites from spam and abuse.
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Contao CMS integrity check for some files
统计信息
- 总下载量: 161
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-08-11