README

Rate Limiting Notifications in Laravel using Laravel's native rate limiter to avoid flooding users with duplicate notifications.

Version Compatability

Installation

You can install the package via composer:

composer require jamesmills/laravel-notification-rate-limit

Update your Notifications

Implement the ShouldRateLimit interface and add the RateLimitedNotification trait to the Notifications you would like to rate limit.

<?php

namespace App\Notifications;

use Illuminate\Bus\Queueable;
use Illuminate\Notifications\Messages\MailMessage;
use Illuminate\Notifications\Notification;
use Jamesmills\LaravelNotificationRateLimit\RateLimitedNotification;
use Jamesmills\LaravelNotificationRateLimit\ShouldRateLimit;

class NotifyUserOfOrderUpdateNotification extends Notification implements ShouldRateLimit
{
    use Queueable;
    use RateLimitedNotification;

...

Queued and delayed notifications

New since v2.1.0, rate limiting is checked only when notifications are actually being delivered. If a notification is sent to a queue, or a notification is dispatched with a delay (e.g. $user->notify($notification->delay(...))), then any rate limiting will be considered only when the notification is actually dispatched to the user. (In prior versions, rate limiting did not work at all as expected for delay()'ed notifications.)

Publish Config

Everything in this package has opinionated global defaults. However, you can override everything in the config.

Publish it using the command below.

php artisan vendor:publish --provider="Jamesmills\LaravelNotificationRateLimit\LaravelNotificationRateLimitServiceProvider"

Options

You can customize settings on an individual Notification level.

Events

By default, the NotificationRateLimitReached event will be fired when a Notification is skipped. You can customise this using the event option in the config.

Overriding the time the notification is rate limited for

By default, a rate-limited Notification will be rate-limited for 60 seconds.

Update globally with the rate_limit_seconds config setting.

Update for an individual basis by adding the below to the Notification:

// Change rate limit to 1 hour
protected $rateLimitForSeconds = 3600;

Logging skipped notifications

By default, this package will log all skipped notifications.

Update globally with the log_skipped_notifications config setting.

Update for an individual basis by adding the below to the Notification:

// Do not log skipped notifications
protected $logSkippedNotifications = false;

Skipping unique notifications

By default, the Rate Limiter uses a cache key made up of some opinionated defaults. One of these default keys is serialize($notification). You may wish to turn this off.

Update globally with the should_rate_limit_unique_notifications config setting.

Update for an individual basis by adding the below to the Notification:

// Do not log skipped notifications
protected $shouldRateLimitUniqueNotifications = false;

Customising the cache key

You may want to customise the parts used in the cache key. You can do this by adding the below to your Notification:

public function rateLimitCustomCacheKeyParts()
{
    return [
        $this->account_id
    ];
}

Customizing the Notifiable identifier

By default, we use the primary key or $id field on the Notifiable instance to identify the recipient of a notification.

If for some reason you do not want to use $id, you can add a rateLimitNotifiableKey() method to your Notifiable model and return a string containing the key to use.

For example, if multiple users could belong to a group and you only want one person (any person) in the group to receive the notification, you might return the group ID instead of the user ID:

class User extends Authenticatable
{
    use Notifiable;

    protected $fillable = ['id', 'name', 'email', 'groupId'];
    
    public function rateLimitNotifiableKey(): string
    {
        return $this->group_id;
    }
}

Similarly, if you have multiple models in your application that are Notifiable, using only the id could result in collisions (where, for example, Agent #41 receives a notification that then precludes Customer #41 from receiving a similar notification). In this case, you may want to return an identifier that also includes the class name in the key for each model:

class Customer extends Authenticatable
{
    use Notifiable;

    protected $fillable = ['id', 'name', 'email'];
    
    public function rateLimitNotifiableKey(): string
    {
        return get_class($this) . '#' . $this->id;
    }
}

class Agent extends Authenticatable
{
    use Notifiable;

    protected $fillable = ['id', 'name', 'email'];
    
    public function rateLimitNotifiableKey(): string
    {
        return get_class($this) . '#' . $this->id;
    }
}

Testing

composer test

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email anthony@trinimex.ca and james@jamesmills.co.uk instead of using the issue tracker.

Credits

• James Mills
• Anthony Tibbs
• All Contributors

License (Treeware)

This package is 100% free and open-source, under the MIT License (MIT). Use it however you want.

This package is Treeware. If you use it in production, then we ask that you buy the world a tree to thank us for our work. By contributing to the Treeware forest you’ll be creating employment for local families and restoring wildlife habitats.

Inspiration

Inspiration for this package was taken from the article Rate Limiting Notifications in Laravel by Scott Wakefield (now available only via the Internet Archive's Wayback Machine).