It uses the default Memory Store, but you can easily integrate with other stores for more consistency: .
// Default rate limiter
const defaultRateLimiter = createRateLimiter({
max: 500,
windowMs: 15 * 60 * 1000,
message: 'errors.429',
});
app.use(defaultRateLimiter);
Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at: backend/src/api/auth/index.ts.
//...
const emailRateLimiter = createRateLimiter({
max: 6,
windowMs: 15 * 60 * 1000,
message: 'errors.429',
});
app.post(
`/auth/send-email-address-verification-email`,
emailRateLimiter,
require('./authSendEmailAddressVerificationEmail')
.default,
);
app.post(
`/auth/send-password-reset-email`,
emailRateLimiter,
require('./authSendPasswordResetEmail').default,
);
const signInRateLimiter = createRateLimiter({
max: 20,
windowMs: 15 * 60 * 1000,
message: 'errors.429',
});
app.post(
`/auth/sign-in`,
signInRateLimiter,
require('./authSignIn').default,
);
app.post(
`/tenant/:tenantId/auth/sign-in`,
signInRateLimiter,
require('./authSignIn').default,
);
const signUpRateLimiter = createRateLimiter({
max: 20,
windowMs: 60 * 60 * 1000,
message: 'errors.429',
});
app.post(
`/auth/sign-up`,
signUpRateLimiter,
require('./authSignUp').default,
);
app.post(
`/tenant/:tenantId/auth/sign-up`,
signUpRateLimiter,
require('./authSignUp').default,
);
//...
};
