Weave Code
Ratelimiter Laravel Package
artisansdk/ratelimiter
ArtisanSDK RateLimiter is a Laravel/PHP package for adding configurable request throttling to your app. Define limits per route or key, enforce rate rules, and protect APIs from abuse with simple integration and clear control over retry/decay settings.
A leaky bucket rate limiter and corresponding middleware with route-level granularity compatible with Laravel.
Frequently asked questions about Ratelimiter
- How do I set up route-specific rate limiting in Laravel using artisansdk/ratelimiter?
- Use the middleware in your route definitions or route groups. For example, add `RateLimiter::middleware(['api', 'rate:60,1']) to your routes file to limit requests to 60 per minute. The package supports both route-level and key-based limits via middleware configuration.
- Does artisansdk/ratelimiter support Laravel 9.x, or is it Laravel 10+ only?
- The package targets Laravel 10.x+, but you should verify compatibility by checking its `composer.json` for supported Laravel versions. If you’re on Laravel 9.x, ensure no breaking changes exist in the middleware or service provider bootstrapping.
- Can I use artisansdk/ratelimiter with a database instead of Redis for storage?
- Yes, the package supports database storage as a fallback, but Redis is recommended for distributed systems. Configure the storage backend in your `.env` or service provider. Note that database storage may introduce latency under high traffic.
- How does the leaky bucket algorithm differ from fixed-window rate limiting in this package?
- The leaky bucket algorithm allows bursts of traffic up to the bucket’s capacity while gradually refilling tokens, unlike fixed-window limits that reset at strict intervals. This makes it ideal for APIs expecting variable traffic spikes, like payment gateways or auth systems.
- What happens if Redis fails in a production environment using artisansdk/ratelimiter?
- The package defaults to database storage if Redis is unavailable, but this may impact performance. Ensure you have a fallback mechanism or retry logic in your middleware to handle transient failures gracefully. Monitor Redis health closely in distributed setups.
- Can I customize the 429 Too Many Requests response when rate limits are exceeded?
- Yes, override the default response by extending the middleware’s `handle()` method or creating a custom middleware that wraps the RateLimiter. You can return JSON, HTML, or redirect users as needed for your API.
- Does artisansdk/ratelimiter support IP-based or user-based rate limiting out of the box?
- The package supports key-based rate limiting, which can be configured for IPs, user IDs, or custom keys. For IP-based limiting, pass the IP as the key in middleware (e.g., `rate:60,1,{$request->ip()}`). User-based limits require passing a user-specific key.
- How do I test rate limiting behavior in my Laravel application?
- Use Laravel’s HTTP tests to simulate rapid requests. For example, `Http::fake() -> toRoute('/api/endpoint') -> times(61)` to test a 60-request limit. Mock Redis or database storage in tests to isolate behavior. Load test with tools like Artillery or k6 for production validation.
- Are there performance considerations when using database storage instead of Redis?
- Database storage can introduce latency, especially under high traffic, as it lacks Redis’s in-memory speed. For production, use Redis unless you’re certain your traffic is low and consistent. Index the rate-limiting key column in your database for optimal performance.
- What alternatives exist to artisansdk/laravel-ratelimiter for Laravel rate limiting?
- Consider `spatie/laravel-rate-limiting` for simpler fixed-window limits or `laravel/throttle` for basic middleware. For advanced use cases, `predis/predis` with custom Lua scripts offers more control but requires manual setup. Evaluate based on your need for leaky bucket precision or ease of integration.
Weaver
How can I help you explore Laravel packages today?