From 953272cdbf3dcf32bc0c8cc5030852954c5198b9 Mon Sep 17 00:00:00 2001
From: Dave Earley <dave@hi.events>
Date: Sun, 15 Sep 2024 08:38:04 -0700
Subject: [PATCH] Make API rate limit configurable

---
 backend/app/Providers/RouteServiceProvider.php | 3 ++-
 backend/config/app.php                         | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/app/Providers/RouteServiceProvider.php b/backend/app/Providers/RouteServiceProvider.php
index 460ac40a..07606be9 100644
--- a/backend/app/Providers/RouteServiceProvider.php
+++ b/backend/app/Providers/RouteServiceProvider.php
@@ -25,7 +25,8 @@ class RouteServiceProvider extends ServiceProvider
     public function boot(): void
     {
         RateLimiter::for('api', function (Request $request) {
-            return Limit::perMinute(120)->by($request->user()?->id ?: $request->ip());
+            return Limit::perMinute(config('app.api_rate_limit_per_minute'))
+                ->by($request->user()?->id ?: $request->ip());
         });
 
         $this->routes(function () {
diff --git a/backend/config/app.php b/backend/config/app.php
index 3e61b362..e302ce32 100644
--- a/backend/config/app.php
+++ b/backend/config/app.php
@@ -14,6 +14,7 @@
     'saas_mode_enabled' => env('APP_SAAS_MODE_ENABLED', false),
     'saas_stripe_application_fee_percent' => env('APP_SAAS_STRIPE_APPLICATION_FEE_PERCENT', 1.5),
     'disable_registration' => env('APP_DISABLE_REGISTRATION', false),
+    'api_rate_limit_per_minute' => env('APP_API_RATE_LIMIT_PER_MINUTE', 180),
 
     /**
      * The number of page views to batch before updating the database