casa icon indicating copy to clipboard operation
casa copied to clipboard
verified publisher icon rubyforgood

Add rate limiting to /api/v1/users/sign_in endpoint

Open 7riumph opened this issue 10 months ago • 3 comments

Part of epic #3942

What type of user does this affect?

  • volunteers

How should it operate? ⚙️🛠️

Endpoint should now have rate limits.

No more than 5 requests every 60 seconds is allowed to /api/v1/users/sign_in from a given ip or email.

Acceptance Criteria

  • [ ] ip is throttled on the above criteria in config/initializers/rack_attack.rb
  • [ ] Email is throttled on the above criteria config/initializers/rack_attack.rb

Helpful Links

Rake::Attack Documentation ( Scroll down to "Throttling" header ) Rake::Attack file in this Codebase

7riumph avatar Feb 04 '25 23:02 7riumph

@7riumph I want to try on this.

Raushan998 avatar Feb 07 '25 13:02 Raushan998

@Raushan998 these issues are reserved for another dev group to work on - codethechange

xihai01 avatar Feb 07 '25 15:02 xihai01

This issue has been open without changes for a long time! What's up?

github-actions[bot] avatar Apr 12 '25 02:04 github-actions[bot]