configureRateLimiting(); $this->routes(function () { Route::middleware('api') ->prefix('api') ->group(base_path('routes/api.php')); Route::middleware('web') ->group(base_path('routes/web.php')); }); } /** * Configure the rate limiters for the application. */ protected function configureRateLimiting(): void { // API rate limit: 150 per minute for authenticated users, 100 for guests RateLimiter::for('api', function (Request $request) { $userId = $request->user()?->id; $key = $userId ?: $request->ip(); $maxAttempts = $userId ? 150 : 100; return Limit::perMinute($maxAttempts)->by($key); }); // Web rate limit for authenticated users RateLimiter::for('web', function (Request $request) { $userId = $request->user()?->id; $key = $userId ?: $request->ip(); $maxAttempts = $userId ? 200 : 100; return Limit::perMinute($maxAttempts)->by($key); }); // Strict rate limit for login attempts (security) - increased for usability RateLimiter::for('login', fn (Request $request) => Limit::perMinute(20)->by($request->ip())); // Two-factor authentication rate limit RateLimiter::for('two-factor', fn (Request $request) => Limit::perMinute(15)->by($request->ip())); // Rate limit for radio endpoints (high traffic) RateLimiter::for('radio', fn (Request $request) => Limit::perMinute(120)->by($request->user()?->id ?: $request->ip())); } }