Introduce support for rate limiting

wasp-lang / wasp

The fastest way to develop full-stack web apps with React & Node.js.

https://wasp-lang.dev

MIT License

13.38k stars 1.18k forks source link

Introduce support for rate limiting #1098

Open infomiho opened 1 year ago

infomiho commented 1 year ago

We added a rate limiter dependency in order to limit the signup and password reset actions when using the e-mail and password auth. We can reuse that to introduce a general rate limiting feature that users can customize as they wish.

Considerations

We want to enable configuration of:

the rate (X req/s or X req/min)
the routes behind the rate limiter
dev vs. production mode behaviour

infomiho commented 1 year ago

This would help with rate limiting Password Reset requests. Now we have different behaviour for known and unknown addresses since we depend on storing the last request timestamp in a database, we don't rate limit for unknown email addresses!

Independent rate limiting system would solve this inconsistency.