[fix] ratelimit restrictions too low

Leantime · May 25, 2024 · c596342 · c596342
1 parent b5ba975
commit c596342
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/app/Core/Middleware/RequestRateLimiter.php b/app/Core/Middleware/RequestRateLimiter.php
@@ -48,10 +48,15 @@ public function handle(IncomingRequest $request, Closure $next): Response
     {
 
         //Key
-        $key = $request->getClientIp();
+        $keyModifier = "-1";
+        if(isset($_SESSION['userdata'])){
+            $keyModifier =  $_SESSION['userdata']['id'];
+        }
+
+        $key = $request->getClientIp()."-".$keyModifier;
 
         //General Limit per minute
-        $limit = 1000;
+        $limit = 2000;
 
         //API Routes Limit
         if ($request instanceof ApiRequest) {
@@ -63,7 +68,7 @@ public function handle(IncomingRequest $request, Closure $next): Response
         $route = Frontcontroller::getCurrentRoute();
 
         if ($route == "auth.login") {
-            $limit = 20;
+            $limit = 50;
             $key = $key . ".loginAttempts";
         }