llmbackend/app/Rules/ThrottleAuthToken.php

<?php

declare(strict_types=1);

namespace App\Rules;

use Illuminate\Contracts\Validation\Rule;
use Illuminate\Support\Facades\RateLimiter;
use Closure;

class ThrottleAuthToken implements Rule
{
    private const MAX_ATTEMPTS = 5;    // 最大尝试次数
    private const DECAY_MINUTES = 1;   // 重置时间（分钟）

    public function passes($attribute, $value): bool
    {
        $key = 'auth_token_' . $value;

        if (RateLimiter::tooManyAttempts($key, self::MAX_ATTEMPTS)) {
            return false;
        }

        RateLimiter::hit($key, self::DECAY_MINUTES * 60);
        return true;
    }

    public function message(): string
    {
        return '请求过于频繁，请稍后重试。';
    }
}