feat: api endpoints throttle (#837)

* feat: api endpoints throttle
2026-02-16 04:40:32 +00:00 · 2025-10-30 22:06:05 +02:00
parent 844a050c9a
commit 41143d8bbd
8 changed files with 215 additions and 119 deletions
--- a/packages/server/src/modules/Auth/Auth.controller.ts
+++ b/packages/server/src/modules/Auth/Auth.controller.ts
@@ -8,6 +8,7 @@ import {
  Request,
  UseGuards,
 } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
 import {
  ApiTags,
  ApiOperation,
@@ -28,6 +29,7 @@ import { SystemUser } from '../System/models/SystemUser';
@ApiTags('Auth')
@ApiExcludeController()
@PublicRoute()
+@Throttle({ auth: {} })
 export class AuthController {
  constructor(
    private readonly authApp: AuthenticationApplication,
--- a/packages/server/src/modules/Auth/Authed.controller.ts
+++ b/packages/server/src/modules/Auth/Authed.controller.ts
@@ -6,6 +6,7 @@ import {
 } from '@nestjs/swagger';
 import { GetAuthenticatedAccount } from './queries/GetAuthedAccount.service';
 import { Controller, Get, Post } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
 import { IgnoreTenantSeededRoute } from '../Tenancy/EnsureTenantIsSeeded.guards';
 import { IgnoreTenantInitializedRoute } from '../Tenancy/EnsureTenantIsInitialized.guard';
 import { AuthenticationApplication } from './AuthApplication.sevice';
@@ -18,11 +19,12 @@ import { IgnoreUserVerifiedRoute } from './guards/EnsureUserVerified.guard';
@IgnoreTenantSeededRoute()
@IgnoreTenantInitializedRoute()
@IgnoreUserVerifiedRoute()
+@Throttle({ auth: {} })
 export class AuthedController {
  constructor(
    private readonly getAuthedAccountService: GetAuthenticatedAccount,
    private readonly authApp: AuthenticationApplication,
-  ) {}
+  ) { }

  @Post('/signup/verify/resend')
  @ApiOperation({ summary: 'Resend the signup confirmation message' })