sam-api/app/Http/Middleware/ApiRateLimiter.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Cache\RateLimiter;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;

class ApiRateLimiter
{
    protected $limiter;

    public function __construct(RateLimiter $limiter)
    {
        $this->limiter = $limiter;
    }

    public function handle(Request $request, Closure $next)
    {
        $key = 'api-key-attempts:'.$request->ip();

        // API Key가 없거나 유효하지 않은 경우 Rate Limiting 적용
        if (! $request->header('X-API-KEY')) {
            if ($this->limiter->tooManyAttempts($key, 10)) {
                $seconds = $this->limiter->availableIn($key);

                Log::warning('API Rate Limit Exceeded', [
                    'ip' => $request->ip(),
                    'uri' => $request->getRequestUri(),
                    'retry_after' => $seconds,
                ]);

                return response()->json([
                    'message' => 'Too many attempts. Please try again later.',
                    'retry_after' => $seconds,
                ], 429);
            }

            $this->limiter->hit($key, 60); // 1분 동안 유지
        }

        return $next($request);
    }
}
feat: API Key 보안 강화 및 Rate Limiting 구현 - 글로벌 미들웨어로 API Key 검증 적용 - 화이트리스트 확장 (Swagger, Health check 등) - Rate Limiting 미들웨어 추가 (10회/분) - 보안 로그 강화 (무단 접근 시도 기록) - 민감 정보 로깅 제외 (password 필드) 2025-11-13 20:30:34 +09:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Cache\RateLimiter;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Log;`

			`class ApiRateLimiter`
			`{`
			`protected $limiter;`

			`public function __construct(RateLimiter $limiter)`
			`{`
			`$this->limiter = $limiter;`
			`}`

			`public function handle(Request $request, Closure $next)`
			`{`
			`$key = 'api-key-attempts:'.$request->ip();`

			`// API Key가 없거나 유효하지 않은 경우 Rate Limiting 적용`
			`if (! $request->header('X-API-KEY')) {`
			`if ($this->limiter->tooManyAttempts($key, 10)) {`
			`$seconds = $this->limiter->availableIn($key);`

			`Log::warning('API Rate Limit Exceeded', [`
			`'ip' => $request->ip(),`
			`'uri' => $request->getRequestUri(),`
			`'retry_after' => $seconds,`
			`]);`

			`return response()->json([`
			`'message' => 'Too many attempts. Please try again later.',`
			`'retry_after' => $seconds,`
			`], 429);`
			`}`

			`$this->limiter->hit($key, 60); // 1분 동안 유지`
			`}`

			`return $next($request);`
			`}`
			`}`