diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 8677cd5..e1fc5de 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -2,7 +2,9 @@ namespace App\Http\Controllers; -abstract class Controller +use Illuminate\Routing\Controller as BaseController; + +abstract class Controller extends BaseController { // } diff --git a/app/Http/Controllers/PhoneNumberController.php b/app/Http/Controllers/PhoneNumberController.php index 9417f42..56a7a23 100644 --- a/app/Http/Controllers/PhoneNumberController.php +++ b/app/Http/Controllers/PhoneNumberController.php @@ -3,11 +3,34 @@ namespace App\Http\Controllers; use App\Models\PhoneNumber; +use Illuminate\Http\Response; +use Illuminate\Support\Facades\RateLimiter; use Illuminate\Contracts\Database\Query\Builder; +use Illuminate\Http\Request; use Illuminate\Support\Facades\Cache; +use Closure; class PhoneNumberController extends Controller { + public function __construct() + { + $this->middleware(function (Request $request, Closure $next): Response { + // Allow 10 requests every 30 seconds + $response = RateLimiter::attempt( + key: $request->route()->getName(), + maxAttempts: 10, + callback: fn() => $next($request), + decaySeconds: 30, + ); + + if (!$response) { + return response()->view('phone-number-rate-limited'); + } + + return $response; + }); + } + public function __invoke(string $phone_number) { $e164 = e164($phone_number); diff --git a/app/Http/Controllers/SearchController.php b/app/Http/Controllers/SearchController.php index 006ded0..5286ac6 100644 --- a/app/Http/Controllers/SearchController.php +++ b/app/Http/Controllers/SearchController.php @@ -13,8 +13,6 @@ public function __invoke(SearchRequest $request) phone_number: $request->validated('phone_number'), ); - // TODO: Rate limit this - return to_route('phone-number', $phone_number); } } diff --git a/resources/views/home.blade.php b/resources/views/home.blade.php index 7cf933b..a858c64 100644 --- a/resources/views/home.blade.php +++ b/resources/views/home.blade.php @@ -9,10 +9,8 @@

If you are looking for information on a loved one, they may have checked in with us. We have provided a - phone - number to local media where people can send SMS updates about their well-being. You can search for your - loved one - using their phone number below: + phone number to local media where people can send SMS updates about their well-being. You can search for + your loved one using their phone number below:

diff --git a/resources/views/phone-number-rate-limited.blade.php b/resources/views/phone-number-rate-limited.blade.php new file mode 100644 index 0000000..89494d0 --- /dev/null +++ b/resources/views/phone-number-rate-limited.blade.php @@ -0,0 +1,17 @@ + + +
+ +

+ Check-ins +

+ +
+

+ You've made a few too many requests. Please wait a few moments before refreshing this page to try again. +

+
+ +
+ +