vincendev/laraflood
Composer 安装命令:
composer require vincendev/laraflood
包简介
Flood protection for laravel 5
README 文档
README
This tool designed for limiting some user requests.
This tool is based on: ircop/Laraflood, I have added / modified things that have been useful for my current project and I publish it in case it can be useful to someone!
INSTALL
1: install via composer
composer require vincendev/laraflood
If you're using laravel 5.5: steps 2 and 3 are not necessary.
2: add service provider to providers array in config/app.php:
Vincendev\Laraflood\LarafloodServiceProvider::class,
3: add facade alias to aliases array in config/app.php:
'Laraflood' => Vincendev\Laraflood\FacadeLaraflood::class,
Usage
Checking for record existance with given identity and add attempt.
$identity - can be ip-address, user id, anything unique. Default is ip-address.
$action - What is the user trying to do? Submit-post, Login, Search, etc. Default is 'default'.
$maxAttempts - How many attempts do you want to give the user? Default is 5.
$minutes - Waiting time after attempts are over. Default is 5 minutes.
Laraflood::check( $identity = 'ip', $action = 'default', $maxAttempts = 5, $minutes = 5 ); Laraflood::check(); Laraflood::check( $user->id , 'submit-comment'); Laraflood::check( $user->id , 'report-comment', 1, 5); /* Return bool */
Only check without add attempt.
Laraflood::checkOnly( $identity = 'ip', $action = 'default', $maxAttempts = 5, $minutes = 5 ); Laraflood::checkOnly(); Laraflood::checkOnly( $user->id , 'submit-comment'); Laraflood::checkOnly( $user->id , 'report-comment', 1, 5); /* Return bool */
Add attempt for given $identity with ·$action on given $minutes. 'ip' by default is the real user ip.
Laraflood::addAttempt( $identity = 'ip', $action = 'default', $minutes = 5 ); Laraflood::addAttempt(); Laraflood::addAttempt('ip', 'like-post'); Laraflood::addAttempt( $user->id ,'default', 5 ); /* Void */
Get time left for given identity & action.
Laraflood::timeLeft( $identity = 'ip', $action = 'default'); Laraflood::timeLeft(); Laraflood::timeLeft( 'ip', 'like-post'); /* Return string */ # X hours # X minutes # X seconds
Returns array for given identity & action
Laraflood::get($identity = 'ip', $action = 'default') Laraflood::get(); Laraflood::get( 'ip', 'like-post'); /* array:3 [▼ "action" => "default" "attempts" => 1 "expiration" => "2019-09-18 19:51:01.175237" ] */
Examples:
Limiting wrong login attempts for given IP address:
This example limiting wrong login attempts from one ip-address to 5 tryes per 20 minutes:
public function postLogin() { /** * If thes user ip has >= 5 failed login attempts in last 5 minutes, redirect user * back with error: */ if( Laraflood::check( 'ip' , 'login', 5, 5 ) === FALSE ) return redirect()->back()->withErrors(["AntiFlood Protection! Try again in ".Laraflood::timeLeft('ip','login')." ."]); /** * Your code here.. */ }
Increment post views .
This code shows how increment post views only 1 view every 24 hours..
public function incrementPostViews() { $action = "post-visit:" . $post->id; // Post unique ID $visitsPerUser = 1; $minutes = 1440; // 24Hours if(Laraflood::checkOnly('ip', $action, $visitsPerUser)){ /** * Increment post views * Your code here.. */ Laraflood::addAttempt('ip', $action, $minutes); } }
vincendev/laraflood 适用场景与选型建议
vincendev/laraflood 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.22k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2017 年 09 月 18 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「spam」 「laravel」 「antispam」 「flood」 「antiflood」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 vincendev/laraflood 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 vincendev/laraflood 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 vincendev/laraflood 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Simple captcha generator
reCAPTCHA library
Client library for reCAPTCHA with proxy support, a free service that protects websites from spam and abuse.
Provide a way to secure accesses to all routes of an symfony application.
It's a barebone security class written on PHP
Contao CMS integrity check for some files
统计信息
- 总下载量: 1.22k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 26
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2017-09-18