[12.x] [POC] Allow rate limit hits to only be recorded after successful responses

src/Illuminate/Cache/RateLimiting/Limit.php

@@ -25,6 +25,13 @@ class Limit
      */
     public $decaySeconds;
 
+    /**
+     * Whether to only record a hit after a successful response.
+     *
+     * @var bool
+     */
+    public $onSuccess = false;
+
     /**
      * The response generator callback.
      *
@@ -129,6 +136,19 @@ public function by($key)
         return $this;
     }
 
+    /**
+     * Set whether to only record a hit after a successful response.
+     *
+     * @param  bool  $onSuccess
+     * @return $this
+     */
+    public function onSuccess(bool $onSuccess = true)
+    {
+        $this->onSuccess = $onSuccess;
+
+        return $this;
+    }
+
     /**
      * Set the callback that should generate the response when the limit is exceeded.
      *

src/Illuminate/Routing/Middleware/ThrottleRequests.php

@@ -96,6 +96,7 @@ public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes
                     'key' => $prefix.$this->resolveRequestSignature($request),
                     'maxAttempts' => $this->resolveMaxAttempts($request, $maxAttempts),
                     'decaySeconds' => 60 * $decayMinutes,
+                    'onSuccess' => false,
                     'responseCallback' => null,
                 ],
             ]
@@ -131,6 +132,7 @@ protected function handleRequestUsingNamedLimiter($request, Closure $next, $limi
                     'key' => self::$shouldHashKeys ? md5($limiterName.$limit->key) : $limiterName.':'.$limit->key,
                     'maxAttempts' => $limit->maxAttempts,
                     'decaySeconds' => $limit->decaySeconds,
+                    'onSuccess' => $limit->onSuccess,
                     'responseCallback' => $limit->responseCallback,
                 ];
             })->all()
@@ -154,12 +156,20 @@ protected function handleRequest($request, Closure $next, array $limits)
                 throw $this->buildException($request, $limit->key, $limit->maxAttempts, $limit->responseCallback);
             }
 
-            $this->limiter->hit($limit->key, $limit->decaySeconds);
+            if (! $limit->onSuccess) {
+                $this->limiter->hit($limit->key, $limit->decaySeconds);
+            }
         }
 
         $response = $next($request);
 
+        $isSuccess = $this->isSuccessfulResponse($request, $response);
+
         foreach ($limits as $limit) {
+            if ($limit->onSuccess && $isSuccess) {
+                $this->limiter->hit($limit->key, $limit->decaySeconds);
+            }
+
             $response = $this->addHeaders(
                 $response,
                 $limit->maxAttempts,
@@ -170,6 +180,34 @@ protected function handleRequest($request, Closure $next, array $limits)
         return $response;
     }
 
+    /**
+     * Determine whether we should consider the response successful.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Symfony\Component\HttpFoundation\Response  $response
+     * @return bool
+     */
+    protected function isSuccessfulResponse($request, Response $response)
+    {
+        if ($request->isPrecognitive()) {
+            return false;
+        }
+
+        if ($response->isSuccessful()) {
+            return true;
+        }
+
+        if ($response->getStatusCode() >= 400) {
+            return false;
+        }
+
+        if (data_get($response, 'exception.status') >= 400) {
+            return false;
+        }
+
+        return $response->getStatusCode() == 302;
+    }
+
     /**
      * Resolve the number of attempts if the user is authenticated or not.
      *