boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

security: add stricter rate limit on login endpoint (20/min)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-23 08:47:03 +01:00
parent 4608494a3f
commit 9b2da944b1
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/routes/admin/auth.ts
View File

@@ -24,7 +24,14 @@ function setRefreshCookie(reply: import('fastify').FastifyReply, token: string,
export default async function authRoutes(fastify: FastifyInstance): Promise<void> { export default async function authRoutes(fastify: FastifyInstance): Promise<void> {
// POST /api/admin/login // POST /api/admin/login
fastify.post<{ Body: LoginRequest }>('/login', async (request, reply) => { fastify.post<{ Body: LoginRequest }>('/login', {
config: {
rateLimit: {
max: 20,
timeWindow: '1 minute',
},
},
}, async (request, reply) => {
const { username, password, remember_me } = request.body; const { username, password, remember_me } = request.body;
if (!username || !password) { if (!username || !password) {