Use custom rate limiter when asking verif email
This commit is contained in:
parent
328e607d32
commit
288fe38590
|
@ -42,6 +42,12 @@ const loginRateLimiter = new RateLimit({
|
||||||
delayMs: 0
|
delayMs: 0
|
||||||
})
|
})
|
||||||
|
|
||||||
|
const askSendEmailLimiter = new RateLimit({
|
||||||
|
windowMs: RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
|
||||||
|
max: RATES_LIMIT.ASK_SEND_EMAIL.MAX,
|
||||||
|
delayMs: 0
|
||||||
|
})
|
||||||
|
|
||||||
const usersRouter = express.Router()
|
const usersRouter = express.Router()
|
||||||
usersRouter.use('/', meRouter)
|
usersRouter.use('/', meRouter)
|
||||||
|
|
||||||
|
@ -114,7 +120,7 @@ usersRouter.post('/:id/reset-password',
|
||||||
)
|
)
|
||||||
|
|
||||||
usersRouter.post('/ask-send-verify-email',
|
usersRouter.post('/ask-send-verify-email',
|
||||||
loginRateLimiter,
|
askSendEmailLimiter,
|
||||||
asyncMiddleware(usersAskSendVerifyEmailValidator),
|
asyncMiddleware(usersAskSendVerifyEmailValidator),
|
||||||
asyncMiddleware(askSendVerifyUserEmail)
|
asyncMiddleware(askSendVerifyUserEmail)
|
||||||
)
|
)
|
||||||
|
|
|
@ -364,6 +364,10 @@ const RATES_LIMIT = {
|
||||||
LOGIN: {
|
LOGIN: {
|
||||||
WINDOW_MS: 5 * 60 * 1000, // 5 minutes
|
WINDOW_MS: 5 * 60 * 1000, // 5 minutes
|
||||||
MAX: 15 // 15 attempts
|
MAX: 15 // 15 attempts
|
||||||
|
},
|
||||||
|
ASK_SEND_EMAIL: {
|
||||||
|
WINDOW_MS: 5 * 60 * 1000, // 5 minutes
|
||||||
|
MAX: 3 // 3 attempts
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue