Use more standardized rate limiting in Laravel; apply limits to auth routes

routes/auth.php

@@ -15,13 +15,21 @@ Route::group(['middleware' => 'guest'], function () {
     Route::get('/password', 'LoginController@index')->name('auth.forgot-password');
     Route::get('/password/reset/{token}', 'LoginController@index')->name('auth.reset');
 
-    // Login endpoints.
-    Route::post('/login', 'LoginController@login')->middleware('recaptcha');
-    Route::post('/login/checkpoint', 'LoginCheckpointController')->name('auth.login-checkpoint');
+    // Apply a throttle to authentication action endpoints, in addition to the
+    // recaptcha endpoints to slow down manual attack spammers even more. 🤷‍
+    //
+    // @see \Pterodactyl\Providers\RouteServiceProvider
+    Route::middleware(['throttle:authentication'])->group(function () {
+        // Login endpoints.
+        Route::post('/login', 'LoginController@login')->middleware('recaptcha');
+        Route::post('/login/checkpoint', 'LoginCheckpointController')->name('auth.login-checkpoint');
 
-    // Forgot password route. A post to this endpoint will trigger an
-    // email to be sent containing a reset token.
-    Route::post('/password', 'ForgotPasswordController@sendResetLinkEmail')->middleware('recaptcha');
+        // Forgot password route. A post to this endpoint will trigger an
+        // email to be sent containing a reset token.
+        Route::post('/password', 'ForgotPasswordController@sendResetLinkEmail')
+            ->name('auth.post.forgot-password')
+            ->middleware('recaptcha');
+    });
 
     // Password reset routes. This endpoint is hit after going through
     // the forgot password routes to acquire a token (or after an account