--- tags: Laravel, fortify, RateLimiter, login --- # 於Fortify環境下設定登入次數頻率 > 參考資料 https://laravel.com/docs/8.x/rate-limiting ### 在`config/fortify.php`中設定限制所使用的名稱 ```php= /* |-------------------------------------------------------------------------- | Rate Limiting |-------------------------------------------------------------------------- | | By default, Fortify will throttle logins to five requests per minute for | every email and IP address combination. However, if you would like to | specify a custom rate limiter to call then you may specify it here. | */ 'limiters' => [ 'login' => 'login', 'two-factor' => 'two-factor', ], ``` ### 若無自訂參數，**預設為根據EMAIL和IP合併限制每分鐘5次**，若要自訂則在`app/Providers/FortifyServiceProvider.php` 設定自訂限制參數。 ```php= //設定登入錯誤 3 次要等待 15 分鐘 RateLimiter::for('login', function (Request $request) { return Limit::perMinutes(15,3)->by($request->email.$request->ip()); }); //若要自訂錯誤訊息 RateLimiter::for('login', function (Request $request) { return Limit::perMinutes(15,3)->by($request->email.$request->ip())->response(function () { return response(view('rateLimitMessage'), 429); }); }); //設定2階段驗證錯誤 3 次要等待 15 分鐘 RateLimiter::for('two-factor', function (Request $request) { return Limit::perMinutes(15,3)->by($request->session()->get('login.id')); }); ``` ### 若要設定 email 驗證頻率次數，一樣是在`config/fortify.php`中設定，**預設每分鐘6次**，若要自訂則同上方設定即可。 ```php= /* |-------------------------------------------------------------------------- | Rate Limiting |-------------------------------------------------------------------------- | | By default, Fortify will throttle logins to five requests per minute for | every email and IP address combination. However, if you would like to | specify a custom rate limiter to call then you may specify it here. | */ 'limiters' => [ 'login' => 'login', 'two-factor' => 'two-factor', 'verification' => '6,1' ], ```