From dfedf4058eced0beb901c98efd287aeeaa10b1ec Mon Sep 17 00:00:00 2001 From: w33b Date: Sat, 10 Jan 2026 22:15:50 +0100 Subject: [PATCH] Fix rate limit and make it more strict (1 message in 5 minutes) --- app/Livewire/Comment.php | 5 +++-- app/Livewire/Comments.php | 8 +++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/Livewire/Comment.php b/app/Livewire/Comment.php index 6ecd5f9..9fe9bf8 100644 --- a/app/Livewire/Comment.php +++ b/app/Livewire/Comment.php @@ -85,15 +85,16 @@ class Comment extends Component $user = auth()->user(); $rateLimitKey = "send-comment:{$user->id}"; + $rateLimitMinutes = 60 * 5; // 5 minutes - if (RateLimiter::tooManyAttempts($rateLimitKey, 5)) { + if (RateLimiter::tooManyAttempts($rateLimitKey, 1)) { $seconds = RateLimiter::availableIn($rateLimitKey); $this->addError('replyState.body', "Too many comments. Try again in {$seconds} seconds."); return; } - RateLimiter::hit($rateLimitKey, 60); + RateLimiter::hit($rateLimitKey, $rateLimitMinutes); $this->validate([ 'replyState.body' => 'required' diff --git a/app/Livewire/Comments.php b/app/Livewire/Comments.php index 75d499a..156ef60 100644 --- a/app/Livewire/Comments.php +++ b/app/Livewire/Comments.php @@ -31,20 +31,18 @@ class Comments extends Component 'newCommentState.body' => 'required' ]); - $this->addError('newCommentState.body', "Too many comments. Try again in 1 seconds."); - return; - $user = auth()->user(); $rateLimitKey = "send-comment:{$user->id}"; + $rateLimitMinutes = 60 * 5; // 5 minutes - if (RateLimiter::tooManyAttempts($rateLimitKey, 5)) { + if (RateLimiter::tooManyAttempts($rateLimitKey, 1)) { $seconds = RateLimiter::availableIn($rateLimitKey); $this->addError('newCommentState.body', "Too many comments. Try again in {$seconds} seconds."); return; } - RateLimiter::hit($rateLimitKey, 60); + RateLimiter::hit($rateLimitKey, $rateLimitMinutes); $comment = $this->model->comments()->make($this->newCommentState); $comment->user()->associate($user);