Open oscarotero opened 7 years ago
mav2287
commented
3 years ago This is something I will most likely want to pickup and work on as well. Not sure at what point I will get to it, but I noticed the references listed are pretty outdated and the first two seem abandoned with the third not getting a lot of activity. I can start looking at what is out there, but wanted to see if you have any others you like or think would work well?
oscarotero
commented
3 years ago I don't have more references. The main challenge here is building something easy to use and, at the same time, flexible enough for any casuistry. There's no a psr standard for data session, and there are several ways to handle this data, so this middleware should be highly cusomizable, but this makes it hard to use.
mav2287
commented
3 years ago No worries wasn't sure how far you got with it. I was also thinking that this might be difficult to make simple to use.
At a high level a global throttle needs at very least some kind of persistent storage like a database or file to be able to keep track requests. A user specific one needs that plus a way to identify that specific user, from a security standpoint that can tricky since bots and hackers will IP hop and do everything they can to look like a different user for each request. I'm not sure if there is a PSR spec for tagging requests from an authenticated user. If there is that might make that part just a little easier.
Ilgrim
commented
3 years ago Anybody is working on this? I am interested in this topic.
mav2287
commented
3 years ago I have looked at it, but didn't see a clear way to make this fit with the other middlewares.
Middleware for limiting how often individual user can make requests or execute any action. Like #3 it brings some challenges: how to manage the data (session, database, etc...)
Some referencies: