Open
Description
Half a comment / Half a question
Laravel: v5.6
api-guard: v4.1
In the Http/Kernel.php file, middleware section I noticed that
Is half-working since the user won't be set in the $request object throttling middleware class. $request->user() will always return null.
'api' => [
'throttle:rate_limit,1',
'auth.apikey',
...
],The following is working though
'api' => [
'auth.apikey',
'throttle:rate_limit,1',
...
],As far as I remember middlewares are prioritized so this may be expected, but the documentation is wrong and should be
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
...
'api' => [
'auth.apikey',
'throttle:60,1',
'bindings',
],
];Correct me if I am wrong, I'll be pleased to assist and give more details on our laravel setup.
Edited:
Just to clarify our use case, we want to accept visitor and limit their rate with a really low threshold. To do so we need to change the middleware to not send a unauthorized response.
Metadata
Metadata
Assignees
Labels
No labels