1

My api system has a query api, it should accept large query from the same ip. this api was written for this. but except this, others api should be protected.

here is part of my middleware Kernel.php

/**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1', // this is a default value
        'bindings',
        'cors',
    ],
];

but now this api:
Route::post('/trans_result', 'Result@trans_result');

I want to except throttle middleware from this api

like following fake code:
Route::post('/trans_result', 'Result@trans_result')->without('throttle'); // without is a non-existent function

Or another way, to set different rate limit for this api, that's ok

UPDATE

after modified, here is my code

RouteServiceProvider.php

/**
 * Define the routes for the application.
 *
 * @return void
 */
public function map()
{
    $this->mapApiRoutes();

    $this->mapWebRoutes();

    $this->mapNoThrottleRoutes(); // new change

    //
}

protected function mapNoThrottleRoutes()
{
    Route::prefix('api')
        ->middleware('api_no_throttle')
        ->namespace($this->namespace)
        ->group(base_path('routes/api_no_throttle.php'));
}

Kernal.php

/**
 * The application's route middleware groups.
 *
 * @var array
 */
protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
        'cors',
    ],

    'api_no_throttle' => [
        'bindings',
        'cors',
    ]
];

and new file in routes folder

api_no_throttle.php

<?php

use Illuminate\Http\Request;
Route::post('/trans_result', 'Result@trans_result');
afraid.jpg
  • 965
  • 2
  • 14
  • 31
  • The cleanest solution would be to use another middleware group. Check this answer https://stackoverflow.com/questions/59453409/is-it-possible-to-create-a-second-laravel-api-route-with-a-separate-api-key/59453514 – N69S Dec 25 '19 at 08:15
  • @N69S yes, this answer is very nice, but there is a problem for me. my api was not just support for one customer. the project has been online already, and this issue was discovered today. so maybe I can't change the route path. – afraid.jpg Dec 25 '19 at 09:24
  • You dont have to change the path(or prefix), but be careful not to overwrite the same route (declare the same route in both file). – N69S Dec 25 '19 at 09:46
  • it's works! thanks – afraid.jpg Dec 26 '19 at 02:52

0 Answers0