Ratelimit
Protecting Endpoints
All public facing endpoints of the Klub plugin are protected by a ratelimit with the default of 12*60 / hour
which means that after hitting 720
requests any further requests will be blocked with an 429
-HTTP status error code until that one hour has passed.
The stored data is an encrypted version of the visitors IP address.
Here is an example on how you could use the ratelimit in a custom endpoint.
site/config/config.php
<?php
return [
'routes' => [
[
'pattern' => 'my/endpoint',
'method' => 'POST',
'action' => function () {
$token = get('token');
if (csrf($token) === false) {
return Response::json([], 401);
}
if (! site()->ratelimit()) {
return Response::json([], 429);
}
$user = kirby()->user();
if (! $user) {
return Response::json([], 401);
}
// DO STUFF
$redirect = get('redirect', site()->url());
go($redirect);
},
],
],
// other options
];
In addition to changing the upper limit in the config settings you can also provide a number as parameter of the function if you want change only a single instance.
if (! site()->ratelimit(100)) {
return Response::json([], 429);
}