Skip to content

Commit 8a343b0

Browse files
author
Max Azatian
committed
SEC 1.3: rate limits for auth routes
1 parent 8ee6bbd commit 8a343b0

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

backend/app/api/routes/auth.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717

1818
@router.post("/login")
19+
@limiter.limit("10/minute")
1920
async def login(
2021
request: Request,
2122
response: Response,
@@ -109,6 +110,7 @@ async def login(
109110

110111

111112
@router.post("/register", response_model=UserResponse)
113+
@limiter.limit("5/minute")
112114
async def register(
113115
request: Request,
114116
user: UserCreate,
@@ -167,6 +169,7 @@ async def register(
167169

168170

169171
@router.get("/verify-token")
172+
@limiter.limit("30/minute")
170173
async def verify_token(
171174
request: Request,
172175
current_user: UserInDB = Depends(security_service.get_current_user),
@@ -213,6 +216,7 @@ async def verify_token(
213216

214217

215218
@router.post("/logout")
219+
@limiter.limit("10/minute")
216220
async def logout(
217221
request: Request,
218222
response: Response,

0 commit comments

Comments
 (0)