Rate limit for websocket messages #307
Description
Reverb Version
1.4.6
Laravel Version
11.41.3
PHP Version
8.3.16
Description
Currently, Laravel Reverb does not provide built-in rate limiting for WebSocket messages. This allows users to send an unlimited number of messages in a short period, potentially overloading the server.
To prevent abuse, it would be helpful to have a configurable rate limiter, similar to Laravel's existing RateLimiter for HTTP requests.
Expected Behavior:
- Allow developers to set a max number of messages per user (e.g., 10 messages per 10 seconds).
- Automatically block excessive requests.
Would you consider adding a rate limiter, similar to Laravel’s RateLimiter, using Redis to track messages per connection ID over a set time window (e.g., 10 messages per 10 seconds)? Or do you have another approach in mind for handling this?
Looking forward to your thoughts! 🚀
Steps To Reproduce
function con(){
const socket = new WebSocket('wss://<YOUR_URL>/app/<CHANNEL_NAME>?protocol=7&client=js&version=8.3.0&flash=false');
socket.on('open', function open() {
console.log('Connected to the WebSocket server');
});
socket.on('message', function message(data) {
console.log( data.toString('utf8'))
for (let i = 0; i < 50; i++) {
socket.send('3')
//^ first entry
//ws.ping() second entry
//ws.pong() third entry
//etc for the rest
}
});
socket.on('close', function close() {
console.log('Disconnected from the WebSocket server');
});
socket.on('error', function error(err) {
console.error('WebSocket error:', err);
});
}
setInterval(con, 100)```