diff --git a/apps/api/src/federation/identity-linking.controller.spec.ts b/apps/api/src/federation/identity-linking.controller.spec.ts index 33b8510..56349e3 100644 --- a/apps/api/src/federation/identity-linking.controller.spec.ts +++ b/apps/api/src/federation/identity-linking.controller.spec.ts @@ -90,6 +90,15 @@ describe("IdentityLinkingController", () => { }); describe("POST /identity/verify", () => { + it("should have AuthGuard and Throttle decorators applied", () => { + // Verify that the endpoint has proper guards and rate limiting + const verifyMetadata = Reflect.getMetadata( + "__guards__", + IdentityLinkingController.prototype.verifyIdentity + ); + expect(verifyMetadata).toBeDefined(); + }); + it("should verify identity with valid request", async () => { const dto: VerifyIdentityDto = { localUserId: "local-user-id", diff --git a/apps/api/src/federation/identity-linking.controller.ts b/apps/api/src/federation/identity-linking.controller.ts index a1b45ab..08c69f5 100644 --- a/apps/api/src/federation/identity-linking.controller.ts +++ b/apps/api/src/federation/identity-linking.controller.ts @@ -5,6 +5,7 @@ */ import { Controller, Post, Get, Patch, Delete, Body, Param, UseGuards } from "@nestjs/common"; +import { Throttle } from "@nestjs/throttler"; import { AuthGuard } from "../auth/guards/auth.guard"; import { IdentityLinkingService } from "./identity-linking.service"; import { IdentityResolutionService } from "./identity-resolution.service"; @@ -45,8 +46,11 @@ export class IdentityLinkingController { * * Verify a user's identity from a remote instance. * Validates signature and OIDC token. + * Rate limit: "strict" tier (10 req/min) - public endpoint requiring authentication */ @Post("verify") + @UseGuards(AuthGuard) + @Throttle({ strict: { limit: 10, ttl: 60000 } }) async verifyIdentity(@Body() dto: VerifyIdentityDto): Promise { return this.identityLinkingService.verifyIdentity(dto); }