mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(api): security hardening — helmet + auth rate limiting (#641)
Some checks failed
ci/woodpecker/push/ci Pipeline failed
Details

Browse Source 
Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
This commit was merged in pull request #641.
This commit is contained in:
Jason Woltje
2026-03-01 22:43:10 +00:00
committed by jason.woltje
parent e7da4ca25e
commit 6eb91c9eba
4 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/api/src/auth/auth.controller.ts
View File

@@ -106,7 +106,7 @@ export class AuthController {
// @SkipCsrf avoids double-protection conflicts.
// See: https://www.better-auth.com/docs/reference/security
@SkipCsrf()
@Throttle({ strict: { limit: 10, ttl: 60000 } })
@Throttle({ default: { ttl: 60_000, limit: 5 } })
async handleAuth(@Req() req: ExpressRequest, @Res() res: ExpressResponse): Promise<void> {
// Extract client IP for logging
const clientIp = this.getClientIp(req);