收口聊天室安全边界并优化特效生命周期

app/Providers/AppServiceProvider.php

@@ -45,6 +45,9 @@ class AppServiceProvider extends ServiceProvider
         // 注册登录入口限流器，阻断爆破和批量注册滥用。
         $this->registerAuthRateLimiters();
 
+        // 注册聊天室高频动作限流器，避免消息、购买与特效广播被脚本刷爆。
+        $this->registerChatActionRateLimiters();
+
         // 注册婚姻系统消息订阅者（结婚/婚礼/离婚通知写入聊天历史）
         Event::subscribe(SaveMarriageSystemMessage::class);
 
@@ -133,4 +136,36 @@ class AppServiceProvider extends ServiceProvider
 
         return implode('|', [$scene, $username, $request->ip()]);
     }
+
+    /**
+     * 注册聊天室内高频动作限流器。
+     */
+    private function registerChatActionRateLimiters(): void
+    {
+        RateLimiter::for('chat-send', function (Request $request): Limit {
+            return Limit::perMinute(40)
+                ->by($this->buildChatActionRateLimitKey($request, 'chat-send'));
+        });
+
+        RateLimiter::for('chat-shop-buy', function (Request $request): Limit {
+            return Limit::perMinute(20)
+                ->by($this->buildChatActionRateLimitKey($request, 'chat-shop-buy'));
+        });
+
+        RateLimiter::for('chat-effect', function (Request $request): Limit {
+            return Limit::perMinute(6)
+                ->by($this->buildChatActionRateLimitKey($request, 'chat-effect'));
+        });
+    }
+
+    /**
+     * 构造聊天室动作限流键，按场景、用户与房间隔离计数。
+     */
+    private function buildChatActionRateLimitKey(Request $request, string $scene): string
+    {
+        $userId = (string) ($request->user()?->id ?? 'guest');
+        $roomId = (string) ($request->route('id') ?? $request->input('room_id', 'global'));
+
+        return implode('|', [$scene, $userId, $roomId, $request->ip()]);
+    }
 }