marko/ratelimiter

Rate limiting for Marko Framework

Maintainers

Package info

github.com/marko-php/marko-ratelimiter

Type:marko-module

pkg:composer/marko/ratelimiter

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Security

Advisories: 0

Aikido package health analysis

0.8.0 2026-05-29 12:25 UTC

Requires

Requires (Dev)

MIT e932e2c836210e3653736f1747b15dbcd9d9d5c7

This package is auto-updated.

Last update: 2026-06-12 15:01:29 UTC

README

Rate limiting for Marko — throttle requests by key with configurable windows and cache-backed hit counts.

Overview

marko/ratelimiter provides a simple, cache-backed rate limiter that integrates with Marko's routing layer via middleware. Define limits by key (IP, user ID, API token, etc.) with configurable max attempts and decay windows. The RateLimiter class is the core service; RateLimitMiddleware applies limits to routes automatically.

Installation

composer require marko/ratelimiter

Usage

Apply the middleware to a route group:

use Marko\RateLimiter\Middleware\RateLimitMiddleware;

$router->group(['middleware' => RateLimitMiddleware::class], function ($router): void {
    $router->get('/api/search', SearchController::class);
});

Use the service directly for custom logic:

use Marko\RateLimiter\RateLimiter;

$result = $rateLimiter->attempt(
    key: 'api:' . $request->ip(),
    maxAttempts: 60,
    decaySeconds: 60,
);

if ($result->exceeded()) {
    throw new TooManyRequestsException($result->retryAfter);
}

API Reference

  • RateLimiter::attempt(string $key, int $maxAttempts, int $decaySeconds) — Record a hit and return a RateLimitResult
  • RateLimiter::clear(string $key) — Reset the counter for a key
  • RateLimitResult::exceeded() — Whether the limit has been breached
  • RateLimitResult::$remaining — Remaining attempts
  • RateLimitResult::$retryAfter — Seconds until the window resets

Documentation

Full configuration and middleware usage: marko/ratelimiter