How to Implement Rate Limiting in Webman with Tinywan/limit-traffic Middleware
This guide explains why API rate limiting is essential, shows how to install the tinywan/limit-traffic package via Composer, configure global or route‑specific middleware in Webman, retrieve limit settings, customize response headers, status codes, and body formats for controlled API access.
Introduction
To prevent abuse, you should limit how often each user can call your API. A common rule is allowing at most 100 requests per 10 minutes; exceeding this returns HTTP status code 429 (Too Many Requests).
Installation
composer require tinywan/limit-trafficUsage
Apply Middleware Globally
Add the middleware class to config/middleware.php :
return [
// Global middleware
'' => [
// ... other middleware
Tinywan\LimitTraffic\Middleware\LimitTrafficMiddleware::class,
],
// API middleware group
'api' => [
Tinywan\LimitTraffic\Middleware\LimitTrafficMiddleware::class,
]
];Apply Middleware to Specific Routes
Requires workerman/webman-framework version >= 1.0.12 .
In config/route.php you can attach the middleware to a single route or a group:
Route::any('/admin', [app\admin\controller\Index::class, 'index'])
->middleware([Tinywan\LimitTraffic\Middleware\LimitTrafficMiddleware::class]);
// Grouped routes
Route::group('/blog', function () {
Route::any('/create', function () { return response('create'); });
})->middleware([Tinywan\LimitTraffic\Middleware\LimitTrafficMiddleware::class]);Getting the Current Rate Limit
The helper returns an array [max_requests, time_window_seconds] , e.g. [100, 600] means 100 requests are allowed within 600 seconds.
Tinywan\LimitTraffic\RateLimiter::getRateLimit(); // returns [100, 600]Customizing the Default Configuration
Edit config/plugin/tinywan/limit-traffic/app.php to change the default limit, time window, status code, or response body.
Response Headers When Rate Limiting Is Active
Each response includes the following HTTP headers:
X-Rate-Limit-Limit: maximum number of requests allowed in the current window X-Rate-Limit-Remaining: remaining requests in the current window X-Rate-Limit-Reset: seconds until the limit resets
Customizing the Response
Use cases include providing a unified output format or returning a different HTTP status code (e.g., 200) for front‑end expectations.
Standard response body: {"code":0,"msg":"Too Many Requests"} Custom body example:
{"error_code":200,"message":"Too Many Requests"}Changing the HTTP Status Code
Edit the status field in config/plugin/tinywan/limit-traffic/app.php. The default is 429.
Changing the Response Body
Modify the body field in the same config file. Example configuration:
{
"code": 0,
"msg": "Too Many Requests",
"data": null
}If you set status to 200 and define body as:
'body' => [
'error_code' => 200,
'message' => '请求太多请稍后重试'
]The resulting HTTP response will be:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"error_code": 200,
"message": "请求太多请稍后重试"
}Adjust other fields as needed to fit your business logic.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Tech Hub
Sharing cutting-edge internet technologies and practical AI resources.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.