satheez / laravel-rate-limit-dashboard
A Laravel package that records, aggregates, and visualizes rate-limit activity.
Maintainers
Package info
github.com/satheez/laravel-rate-limit-dashboard
pkg:composer/satheez/laravel-rate-limit-dashboard
Requires
- php: ^8.2
- laravel/framework: ^11.0|^12.0|^13.0
Requires (Dev)
- larastan/larastan: ^2.9|^3.0
- laravel/pint: ^1.15
- orchestra/testbench: ^9.0|^10.0|^11.0
- pestphp/pest: ^3.0|^4.0
- pestphp/pest-plugin-laravel: ^3.0|^4.0
- rector/rector: ^1.0|^2.0
This package is auto-updated.
Last update: 2026-05-23 18:53:21 UTC
README
Laravel Rate-Limit Dashboard
Visibility and operational controls for Laravel rate-limiting.
Laravel's built-in RateLimiter facade and throttle middleware allow you to define rate limits, but they provide no visual interface to monitor usage or adjust limits in production.
Laravel Rate-Limit Dashboard bridges this gap with instrumentation, persisted metrics, a secured dashboard, runtime limiter configuration, health checks, JSON endpoints, retention pruning, and threshold mail alerts.
Who is hitting the rate limits? Which endpoints are being abused? Can we adjust limits without redeploying?
The Problem
When users encounter HTTP 429 (Too Many Requests) errors, developers traditionally have no built-in way to:
- See the offending IP or API token
- Identify exactly which endpoint is being hammered
- Adjust the rate limits gracefully without redeploying code
This leads to support tickets, unchecked abuse, and misconfigured limits.
Features
Real-Time Visibility
- Dashboard showing total requests, throttled requests, utilisation, hourly volume, health checks, limiter activity, and recent events
- Top offenders grouped by IP, user ID, or API token through the JSON API
Dynamic Configuration
- Save package-managed limiter settings from the UI
- Apply per-user and per-IP overrides when using the package instrumenter middleware
Alerts, Checks, and Maintenance
- Built-in health checks for storage, dashboard protection, utilisation, decay settings, offenders, and unconfigured routes
rate-limit:check-alertsmail notifications for configured threshold breachesrate-limit:pruneretention cleanup for old raw events
Storage
- Uses the host application's configured SQL database through Eloquent
- Stores raw events, runtime limiter configuration, audit entries, and minute/hour/day summaries
Installation
composer require satheez/laravel-rate-limit-dashboard
Publish configuration and migrations:
php artisan vendor:publish --provider="Sa\RateLimitDashboard\RateLimitDashboardServiceProvider" --tag="rate-limit-dashboard-config" php artisan vendor:publish --provider="Sa\RateLimitDashboard\RateLimitDashboardServiceProvider" --tag="rate-limit-dashboard-migrations" php artisan migrate
Quick Start
Use the package middleware in place of Laravel's throttle middleware for routes you want to enforce and record:
Route::middleware(\Sa\RateLimitDashboard\Http\Middleware\RateLimitInstrumenter::class.':api') ->get('/api/search', SearchController::class);
Navigate to the dashboard route (default: /admin/rate-limits) after defining the viewRateLimitDashboard gate or using your own dashboard middleware.
Documentation
| Document | Description |
|---|---|
| Installation | Requirements, setup, and migrations |
| Usage | Dashboard usage and programmatic access |
| Configuration | Full config/rate-limit-dashboard.php reference |
| Checks Reference | Built-in health checks and alert severities |
| Scoring & Thresholds | How offenders are ranked and scored |
| Output & UI | Dashboard interface details and JSON API responses |
| Architecture | System design, instrumentation layer, data processing |
| Comparison | How this compares to Laravel Pulse, Telescope, etc. |
| FAQ | Common questions regarding performance and setup |
Security
See SECURITY.md for the vulnerability reporting policy.
License
MIT — see LICENSE.md.