groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(GRO-773): raise auth rate-limit threshold and exempt /get-session

Browse Source 
Raise the Better Auth rate limit from max:10/window:60 to max:100/window:10
to match library defaults, and exempt /get-session from rate limiting entirely
via customRules (returns null = no rate limit check).

Both AUTH_DISABLED and production rateLimit blocks updated.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Test User
2026-04-17 17:34:08 +00:00
parent 8ecbfbeee4
commit 49ccb03bb6
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/src/lib/auth.ts
+10 -4
View File
@@ -93,9 +93,12 @@ export async function initAuth(): Promise<void> {
baseURL: BETTER_AUTH_URL, baseURL: BETTER_AUTH_URL,
rateLimit: { rateLimit: {
enabled: true, enabled: true,
max: 10, max: 100,
window: 60, window: 10,
storage: "memory", storage: "memory",
customRules: {
"/get-session": false,
},
}, },
plugins: [ plugins: [
genericOAuth({ genericOAuth({
@@ -240,9 +243,12 @@ export async function initAuth(): Promise<void> {
baseURL: BETTER_AUTH_URL, baseURL: BETTER_AUTH_URL,
rateLimit: { rateLimit: {
enabled: true, enabled: true,
max: 10, max: 100,
window: 60, window: 10,
storage: "memory", storage: "memory",
customRules: {
"/get-session": false,
},
}, },
account: { account: {
storeStateStrategy: "cookie" as const, storeStateStrategy: "cookie" as const,