admin/samreshu_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add rate limiting to auth endpoints

Browse Source 
Made-with: Cursor
This commit is contained in:
Anton
2026-03-04 14:11:29 +03:00
parent 78809a064e
commit 682885ce5a
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/plugins/rateLimit.ts
View File

@@ -29,6 +29,7 @@ const rateLimitPlugin: FastifyPluginAsync = async (app: FastifyInstance) => {
app.decorate('rateLimitOptions', options); app.decorate('rateLimitOptions', options);
await app.register(rateLimit, { await app.register(rateLimit, {
global: false,
max: options.apiGuest.max, max: options.apiGuest.max,
timeWindow: options.apiGuest.timeWindow, timeWindow: options.apiGuest.timeWindow,
keyGenerator: (req) => { keyGenerator: (req) => {

15
src/routes/auth.ts
View File

@@ -70,10 +70,11 @@ const resetPasswordSchema = {
export async function authRoutes(app: FastifyInstance) { export async function authRoutes(app: FastifyInstance) {
const authService = new AuthService(app.db); const authService = new AuthService(app.db);
const { rateLimitOptions } = app;
app.post( app.post(
'/register', '/register',
{ schema: registerSchema }, { schema: registerSchema, config: { rateLimit: rateLimitOptions.register } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { email: string; password: string; nickname: string }; const body = req.body as { email: string; password: string; nickname: string };
const { userId, verificationCode } = await authService.register(body); const { userId, verificationCode } = await authService.register(body);
@@ -88,7 +89,7 @@ export async function authRoutes(app: FastifyInstance) {
app.post( app.post(
'/login', '/login',
{ schema: loginSchema }, { schema: loginSchema, config: { rateLimit: rateLimitOptions.login } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { email: string; password: string }; const body = req.body as { email: string; password: string };
const userAgent = req.headers['user-agent']; const userAgent = req.headers['user-agent'];
@@ -107,7 +108,7 @@ export async function authRoutes(app: FastifyInstance) {
app.post( app.post(
'/logout', '/logout',
{ schema: logoutSchema }, { schema: logoutSchema, config: { rateLimit: rateLimitOptions.apiGuest } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { refreshToken: string }; const body = req.body as { refreshToken: string };
await authService.logout(body.refreshToken); await authService.logout(body.refreshToken);
@@ -117,7 +118,7 @@ export async function authRoutes(app: FastifyInstance) {
app.post( app.post(
'/refresh', '/refresh',
{ schema: refreshTokenSchema }, { schema: refreshTokenSchema, config: { rateLimit: rateLimitOptions.apiGuest } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { refreshToken: string }; const body = req.body as { refreshToken: string };
const userAgent = req.headers['user-agent']; const userAgent = req.headers['user-agent'];
@@ -135,7 +136,7 @@ export async function authRoutes(app: FastifyInstance) {
app.post( app.post(
'/verify-email', '/verify-email',
{ schema: verifyEmailSchema }, { schema: verifyEmailSchema, config: { rateLimit: rateLimitOptions.verifyEmail } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { userId: string; code: string }; const body = req.body as { userId: string; code: string };
await authService.verifyEmail(body.userId, body.code); await authService.verifyEmail(body.userId, body.code);
@@ -145,7 +146,7 @@ export async function authRoutes(app: FastifyInstance) {
app.post( app.post(
'/forgot-password', '/forgot-password',
{ schema: forgotPasswordSchema }, { schema: forgotPasswordSchema, config: { rateLimit: rateLimitOptions.forgotPassword } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { email: string }; const body = req.body as { email: string };
await authService.forgotPassword(body.email); await authService.forgotPassword(body.email);
@@ -157,7 +158,7 @@ export async function authRoutes(app: FastifyInstance) {
app.post( app.post(
'/reset-password', '/reset-password',
{ schema: resetPasswordSchema }, { schema: resetPasswordSchema, config: { rateLimit: rateLimitOptions.forgotPassword } },
async (req, reply) => { async (req, reply) => {
const body = req.body as { token: string; newPassword: string }; const body = req.body as { token: string; newPassword: string };
await authService.resetPassword(body.token, body.newPassword); await authService.resetPassword(body.token, body.newPassword);