lamkeewei
commented
3 years ago Thinking of introducing node-rate-limiter-flexible for this given that it has support for Postgres as a backing store. Thoughts?
Open LoneRifle opened 3 years ago
lamkeewei
commented
3 years ago Thinking of introducing node-rate-limiter-flexible for this given that it has support for Postgres as a backing store. Thoughts?
prestonlimlianjie
commented
3 years ago +1 to the library. ~Given that we've decided to use SQLite for the repo's default storage, we can use node-rate-limiter-flexible's in-memory mode https://github.com/animir/node-rate-limiter-flexible/wiki/Memory~
@lamkeewei reminded me that Nest.js has a way of doing it within the framework
To prevent brute force attacks aimed at gaining unauthorized access, rate-limiting should be introduced to the endpoints that handle OTP requests. Given that we already use Sequelize to hold state, we should use Sequelize to track statistics relevant to rate-limiting.