Laravel Fork to request POST and Limit requests per time

About Laravel POST Attempts/Timer

Laravel POST Attempts/timer, limits the request number stopping retries and interacting with time. I use RateLimiter and get the APP_KEY retrieved during installation, it is normal to use UserId, CompanyId, Projetc, etc.

It is very critical that the request reaches the destination and handle errors. Secure request are managed by Limits and Quotas with RateLimiter in a combination using throttle and middleware, that let us custom actions.

• Simple, fast POST request with Guzzle.
• Command Artisan using parameters.
• Multiple Errors Exception and validations.
• Real-time events and Log files.
• Application Cache to save the limit data.

Steps for Project

Fork Laravel

After Fork Laravel repository, I redefined the origin remote to be associated and be able to push changes to my own fork. For this project I will use Guzzle with latest version 6.x to use POST request

Install

Modify the composer.json file to apply installation for component.

    {
       "require": {
          "guzzlehttp/guzzle": "~6.3.3"
       }
    }

The install command reads the composer.json file from the current directory, resolves the dependencies, and installs them into vendor.

    composer install

Copy .env.example to .env file

    copy .\.env.example .env

Include in .env file the APP_KEY

    php artisan key:generate

After Key generated, I configured the extra app information adding to .env file parameters as below:

    API_URL=http://jsonplaceholder.typicode.com/posts
    POST_LIMITER_SECONDS=60
    POST_LIMITER_RETRIES=3

IMPORTANT. The last two parameters are used to limit the request number stopping retries and interacting with time. I use RateLimiter and get the APP_KEY retrieved during installation, it is normal to use UserId, CompanyId, Projetc, etc.

Command Artisan

Then new Artisan console command is configured.

    php artisan make:command Post

Added POST Class Command to use and configure parameters as below:

    timeout  	    = 2.0
    http_errors     = false
    max             = 10,        // allow at most 10 redirects.
    strict          = true,      // use "strict" RFC compliant redirects.
    referer         = true,      // add a Referer header
    protocols       = ['https'], // only allow https URLs
    track_redirects = true

Exception Handling

Created new exception and handle error, if environment is production don’t show error details and record errors in Log.

    php artisan make:exception PostNotFoundException

Review of the environment

try{
    ...POST
} catch (\Exception $e) {
    \Log::error("Incfile---l--".$e);
    if(env('APP_ENV')!='production')
        return back()->withError($e->getMessage())->withInput();
}

Limiter configurations

The RateLimiter uses a cache store to put two things:

- A **key** that holds the number attempts, and another key which holds the window of time to register new attempts. 

- The latter just appends **timer** to the original key.

Limit Attempts and Time aims to provide POST request protection and can be modified as the implementation is required.

//Init limiter
$limiter = app(RateLimiter::class);

//Get Key App
$key = env('APP_KEY');

$header = ["Attempts", "Retries Left", 'Available time (Sec)'];
//Calculate values to show in table
$info  = [
    [
      "attempts"=>(string) ($limiter->attempts($key)+1)
    ,
      "retries_left" => (string) ($limiter->retriesLeft($key, 3)<0)?0:$limiter->retriesLeft($key, env('POST_LIMITER_RETRIES'))    
    ,
      "available_time" => (string) ($limiter->availableIn($key)<0)?((int)env('POST_LIMITER_SECONDS')):($limiter->availableIn($key))
    ],
];
//show table
$this->table($header, $info);

when it is needed to increase values in Limiter

//charge attempt 
$limiter->hit($key, ((int)env('POST_LIMITER_SECONDS')));

The methods:

• attempts(): Shows you how many attempts the user has been done.
• retriesLeft(): The number of retries left.
• availableIn(): How much time must pass to retry.

Finished

    php artisan help Incfile:POST

Incfile:POST

+ Description:
  Send a simple POST request to external URL.

+ Usage:
  Incfile:POST [options]

+ Options:
  -U, --URL_POST[=URL_POST]   [default: "Incfile_defined"]
  -h, --help                 Display this help message
  -q, --quiet                Do not output any message
  -V, --version              Display this application version
      --ansi                 Force ANSI output
      --no-ansi              Disable ANSI output
  -n, --no-interaction       Do not ask any interactive question
      --env[=ENV]            The environment the command should run under
  -v|vv|vvv, --verbose       Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Executing

The application will validate if POST is acceptable, handle corresponding errors Log and manage Limits of Attempts per Time defined, Limit Attempts and Time aims to provide POST request protection and can be modified as the implementation is required.

    php artisan Incfile:POST

without parameters will request to Incfile default information as below:

    API_URL=https://atomic.incfile.com/fakepost
    POST_LIMITER_SECONDS=60
    POST_LIMITER_RETRIES=3 (can be 100K requests)

Attempts, Retries and Timeout are managed even if errors exists.

    +----------+--------------+----------------------+
    | Attempts | Retries Left | Available time (Sec) |
    +----------+--------------+----------------------+
    | 1        | 3            | 60                   |
    +----------+--------------+----------------------+
    URL: https://atomic.incfile.com/fakepost
    Unable to connect. The url is not valid or you do not have permission to the site.

    php artisan Incfile:POST -U http://jsonplaceholder.typicode.com/posts

will request using URL input in parameter and manage Attempts, Retries and Timeout as well.

    
    +----------+--------------+----------------------+
    | Attempts | Retries Left | Available time (Sec) |
    +----------+--------------+----------------------+
    | 1        | 3            | 60                   |
    +----------+--------------+----------------------+
    URL: http://jsonplaceholder.typicode.com/posts

    POST sent correctly

You can use –verbose parameter to show Headers and Json Response details

    php artisan  Incfile:POST -U http://jsonplaceholder.typicode.com/posts --verbose

    +----------+--------------+----------------------+
    | Attempts | Retries Left | Available time (Sec) |
    +----------+--------------+----------------------+
    | 1        | 3            | 60                   |
    +----------+--------------+----------------------+
    URL: http://jsonplaceholder.typicode.com/posts

    POST sent correctly

    HTTP/1.0 200 OK
    Cache-Control: no-cache, private
    Content-Type:  application/json
    Date:          Tue, 12 Nov 2019 04:17:24 GMT

    {"POST":"Completed"}
    Response:{
      "Parm1": "Parm1",
      "id": 101
    }

Contributing

Thank you for considering contributing to the Laravel framework!

Security Vulnerabilities

If you discover a security vulnerability within this project, please send an e-mail to Hector Alonso via alonso.hector@gmail.com. All security vulnerabilities will be promptly addressed.

License

The Laravel framework is open-source software licensed under the MIT license. Then... this project too!