Initial commit - WASL Digital Wallet

2026-06-20 21:55:06 +03:00
commit 7306c47368
61 changed files with 4157 additions and 0 deletions
--- a/Backend/app/Http/Middleware/ThrottleSensitiveActions.php
+++ b/Backend/app/Http/Middleware/ThrottleSensitiveActions.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\RateLimiter;
+use Symfony\Component\HttpFoundation\Response;
+
+class ThrottleSensitiveActions
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response)  $next
+     * @param  string  $action
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next, string $action)
+    {
+        $config = config("wasl.throttle.{$action}");
+
+        if (!$config) {
+            return $next($request);
+        }
+
+        $maxAttempts = $config['max'] ?? 5;
+        $decayMinutes = $config['minutes'] ?? 1;
+
+        // Generate key based on action, user_id (if logged in) or phone hash / IP
+        $userId = $request->user()?->id;
+        $ip = $request->ip();
+        
+        $phoneHash = '';
+        if ($request->has('phone_number')) {
+            $phoneHash = hash_phone($request->input('phone_number'));
+        }
+
+        $key = 'throttle:' . $action . ':' . ($userId ?: ($phoneHash ?: $ip));
+
+        if (RateLimiter::tooManyAttempts($key, $maxAttempts)) {
+            $seconds = RateLimiter::availableIn($key);
+            
+            return response()->json([
+                'error' => 'Too Many Requests',
+                'message' => "Too many attempts for {$action}. Please retry in {$seconds} seconds.",
+                'retry_after' => $seconds,
+            ], Response::HTTP_TOO_MANY_REQUESTS);
+        }
+
+        RateLimiter::hit($key, $decayMinutes * 60);
+
+        $response = $next($request);
+
+        // Optional: clear the rate limit on successful authentication for login
+        if ($action === 'login' && $response->getStatusCode() === Response::HTTP_OK) {
+            RateLimiter::clear($key);
+        }
+
+        return $response;
+    }
+}