Add ratelimit for /confirm-email

2026-05-19 14:48:37 -05:00 · 2024-04-24 16:12:09 -04:00
parent 1eac147918
commit b2e72adba9
2 changed files with 9 additions and 0 deletions
@@ -34,6 +34,11 @@ router.post('/confirm-email', auth, express.json(), async (req, res, next)=>{
    if(!req.body.code)
        req.status(400).send('code is required');

+    const svc_edgeRateLimit = req.services.get('edge-rate-limit');
+    if ( ! svc_edgeRateLimit.check('confirm-email') ) {
+        return res.status(429).send('Too many requests.');
+    }
+
    // Modules
    const db = req.services.get('database').get(DB_WRITE, 'auth');

@@ -23,6 +23,10 @@ class EdgeRateLimitService extends BaseService {
                limit: 10,
                window: HOUR,
            },
+            ['confirm-email']: {
+                limit: 10,
+                window: HOUR,
+            },
            ['send-pass-recovery-email']: {
                limit: 10,
                window: HOUR,