From 6679a899c712658d8ac277c4a98addcfaf16f48f Mon Sep 17 00:00:00 2001
From: Revanza Firdaus <revanza.firdaus@gmail.com>
Date: Sun, 25 Jan 2026 03:09:24 +0700
Subject: [PATCH 1/3] [Security] Add: rate limiter for login endpoint

---
 app/Providers/RouteServiceProvider.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index cca2c9c15..59de0dc66 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -80,5 +80,9 @@ protected function configureRateLimiting()
         RateLimiter::for('api', function (Request $request) {
             return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
         });
+
+        RateLimiter::for('login', function (Request $request) {
+            return Limit::perMinute(3)->decayMinutes(60)->by($request->ip() . '|' . $request->input('email'));
+        });
     }
 }

From 4fac08207f93cae8bb2b132b0d1372587025b11d Mon Sep 17 00:00:00 2001
From: Revanza Firdaus <revanza.firdaus@gmail.com>
Date: Sun, 25 Jan 2026 03:09:54 +0700
Subject: [PATCH 2/3] fix: paginate

---
 app/Providers/RouteServiceProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
index 59de0dc66..fbd7fb02c 100644
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
@@ -82,7 +82,7 @@ protected function configureRateLimiting()
         });
 
         RateLimiter::for('login', function (Request $request) {
-            return Limit::perMinute(3)->decayMinutes(60)->by($request->ip() . '|' . $request->input('email'));
+            return Limit::perMinute(10)->by($request->ip() . '|' . $request->input('email'));
         });
     }
 }

From 25cb5a46426c987222bf1c01e2c069de25afa992 Mon Sep 17 00:00:00 2001
From: Revanza Firdaus <revanza.firdaus@gmail.com>
Date: Sun, 25 Jan 2026 03:10:07 +0700
Subject: [PATCH 3/3] [Security] add: rate limiting to login route

---
 routes/web.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/routes/web.php b/routes/web.php
index 70fbbe3af..c50182b14 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -91,8 +91,14 @@
 
 // Redirect if apps not installed
 Route::group(['middleware' => ['installed', 'xss_sanitization']], function () {
+    
+    Route::post('/login', 'Auth\LoginController@authenticate')
+        ->middleware('throttle:login')
+        ->name('login');
+
     Auth::routes([
         'register' => false,
+        'login' => false, 
     ]);
 
     // OTP Routes