diff --git a/config/cachet.php b/config/cachet.php index f185ec5d..adeded5a 100644 --- a/config/cachet.php +++ b/config/cachet.php @@ -75,8 +75,20 @@ // \Cachet\Http\Middleware\AuthenticateRemoteUser::class, ], + /* + |-------------------------------------------------------------------------- + | Cachet API Middleware + |-------------------------------------------------------------------------- + | + | This is the middleware that will be applied to the Cachet API routes. + | Cachet manages its own rate limiting via the "cachet.api_rate_limit" + | option, so the host application's "api" middleware group (which may + | register its own, more restrictive "throttle:api" limiter) is + | intentionally not included here. + | + */ 'api_middleware' => [ - 'api', + \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'trusted_proxies' => env('CACHET_TRUSTED_PROXIES', ''), diff --git a/tests/Feature/RateLimitTest.php b/tests/Feature/RateLimitTest.php index 0decd259..1dd5fbaf 100644 --- a/tests/Feature/RateLimitTest.php +++ b/tests/Feature/RateLimitTest.php @@ -1,5 +1,7 @@ Limit::perMinute(60)); + Route::middlewareGroup('api', ['throttle:api']); + + Route::get('/cachet-api-test', fn () => response()->json()) + ->middleware(['cachet:api', 'throttle:cachet-api']); + + $response = getJson('/cachet-api-test'); + + expect($response->status())->toBe(200) + ->and($response->headers->get('X-RateLimit-Limit'))->toBe('300'); +});