Skip to content

Commit 2e959a4

Browse files
tomast1337tomast1337
committed
feat: implement throttling guard and update throttling configuration for improved rate limiting
1 parent fb977ce commit 2e959a4

File tree

2 files changed

+19
-17
lines changed

2 files changed

+19
-17
lines changed

server/src/app.module.ts

Lines changed: 11 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import { Logger, Module } from '@nestjs/common';
22
import { ConfigModule, ConfigService } from '@nestjs/config';
33
import { MongooseModule, MongooseModuleFactoryOptions } from '@nestjs/mongoose';
4-
import { ThrottlerModule } from '@nestjs/throttler';
4+
import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler';
55
import { MailerModule } from '@nestjs-modules/mailer';
66
import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter';
77

@@ -15,6 +15,7 @@ import { SeedModule } from './seed/seed.module';
1515
import { SongModule } from './song/song.module';
1616
import { SongBrowserModule } from './song-browser/song-browser.module';
1717
import { UserModule } from './user/user.module';
18+
import { APP_GUARD } from '@nestjs/core';
1819

1920
@Module({
2021
imports: [
@@ -67,19 +68,8 @@ import { UserModule } from './user/user.module';
6768
// Throttler
6869
ThrottlerModule.forRoot([
6970
{
70-
name: 'short',
71-
ttl: 1000,
72-
limit: 3,
73-
},
74-
{
75-
name: 'medium',
76-
ttl: 10000,
77-
limit: 20,
78-
},
79-
{
80-
name: 'long',
81-
ttl: 60000,
82-
limit: 100,
71+
ttl: 60,
72+
limit: 256, // 256 requests per minute
8373
},
8474
]),
8575
SongModule,
@@ -92,7 +82,13 @@ import { UserModule } from './user/user.module';
9282
MailingModule,
9383
],
9484
controllers: [],
95-
providers: [ParseTokenPipe],
85+
providers: [
86+
ParseTokenPipe,
87+
{
88+
provide: APP_GUARD,
89+
useClass: ThrottlerGuard,
90+
},
91+
],
9692
exports: [ParseTokenPipe],
9793
})
9894
export class AppModule {

server/src/auth/auth.controller.ts

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ import { AuthGuard } from '@nestjs/passport';
1212
import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
1313
import type { Request, Response } from 'express';
1414

15-
import { UseThrottle } from '@server/Throttle/Throttles';
15+
import { Throttle } from '@nestjs/throttler';
1616
import { AuthService } from './auth.service';
1717
import { MagicLinkEmailStrategy } from './strategies/magicLinkEmail.strategy';
1818

@@ -27,7 +27,13 @@ export class AuthController {
2727
private readonly magicLinkEmailStrategy: MagicLinkEmailStrategy,
2828
) {}
2929

30-
@UseThrottle('very-long')
30+
@Throttle({
31+
default: {
32+
// one every 1 hour
33+
ttl: 60 * 60 * 1000,
34+
limit: 1,
35+
},
36+
})
3137
@Post('login/magic-link')
3238
@ApiOperation({
3339
summary:

0 commit comments

Comments
 (0)