From c1f765af011b26c8424e56353f7cf0befa511515 Mon Sep 17 00:00:00 2001
From: SahrulGnwn <shrlgnwn385@gmail.com>
Date: Thu, 11 Aug 2022 18:45:27 +0700
Subject: [PATCH] Add Throttle Rate Limit

---
 app/Http/Controllers/TicketsController.php | 2 +-
 app/Providers/RouteServiceProvider.php     | 6 ++++++
 routes/web.php                             | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/TicketsController.php b/app/Http/Controllers/TicketsController.php
index 8155037b..8f4391ce 100644
--- a/app/Http/Controllers/TicketsController.php
+++ b/app/Http/Controllers/TicketsController.php
@@ -91,7 +91,7 @@ class TicketsController extends Controller
                 return $tickets->ticketcategory->name;
             })
             ->editColumn('title', function (Ticket $tickets) {
-                return '<a class="text-info" target="_blank" href="' . route('moderator.ticket.show', ['ticket_id' => $tickets->ticket_id]) . '">' . "#" . $tickets->ticket_id . " - " . $tickets->title . '</a>';
+                return '<a class="text-info"  href="' . route('ticket.show', ['ticket_id' => $tickets->ticket_id]) . '">' . "#" . $tickets->ticket_id . " - " . $tickets->title . '</a>';
             })
             ->editColumn('status', function (Ticket $tickets) {
                 switch ($tickets->status) {
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index 3bd3c81e..6dbbc407 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -59,5 +59,11 @@ class RouteServiceProvider extends ServiceProvider
         RateLimiter::for('api', function (Request $request) {
             return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip());
         });
+        RateLimiter::for('ticket-new', function (Request $request) {
+            return Limit::perMinute(3)->by(optional($request->user())->id ?: $request->ip());
+        });
+        RateLimiter::for('ticket-reply', function (Request $request) {
+            return Limit::perMinute(4)->by(optional($request->user())->id ?: $request->ip());
+        });
     }
 }
diff --git a/routes/web.php b/routes/web.php
index 01fce126..2dbbb757 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -98,9 +98,9 @@ Route::middleware(['auth', 'checkSuspended'])->group(function () {
         Route::get('ticket', [TicketsController::class, 'index'])->name('ticket.index');
         Route::get('ticket/datatable', [TicketsController::class, 'datatable'])->name('ticket.datatable');
         Route::get('ticket/new', [TicketsController::class, 'create'])->name('ticket.new');
-        Route::post('ticket/new', [TicketsController::class, 'store'])->name('ticket.new.store');
+        Route::post('ticket/new', [TicketsController::class, 'store'])->middleware(['throttle:ticket-new'])->name('ticket.new.store');
         Route::get('ticket/show/{ticket_id}', [TicketsController::class, 'show'])->name('ticket.show');
-        Route::post('ticket/reply', [TicketsController::class, 'reply'])->name('ticket.reply');
+        Route::post('ticket/reply', [TicketsController::class, 'reply'])->middleware(['throttle:ticket-reply'])->name('ticket.reply');
     }
 
     #admin