wasp icon indicating copy to clipboard operation
wasp copied to clipboard

Published 20 hours ago verified publisher icon wasp-lang

Introduce support for rate limiting

Open infomiho opened this issue 1 year ago • 1 comments

We added a rate limiter dependency in order to limit the signup and password reset actions when using the e-mail and password auth. We can reuse that to introduce a general rate limiting feature that users can customize as they wish.

Considerations

We want to enable configuration of:

  • the rate (X req/s or X req/min)
  • the routes behind the rate limiter
  • dev vs. production mode behaviour

infomiho avatar Apr 03 '23 09:04 infomiho

This would help with rate limiting Password Reset requests. Now we have different behaviour for known and unknown addresses since we depend on storing the last request timestamp in a database, we don't rate limit for unknown email addresses!

Independent rate limiting system would solve this inconsistency.

infomiho avatar Jul 25 '23 15:07 infomiho