fix(auth): override Better Auth sign-in rate limit defaults

Override Better Auth default rate limits for /sign-in/* and /sign-up/* paths by adding customRules to both rateLimit blocks in auth.ts: - /sign-in/social: max 10, window 60 - /sign-in/email: max 10, window 60 - /sign-up/email: max 5, window 60 - /get-session: false (unchanged) Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 21:20:26 +00:00
parent 7e83db479c
commit 57fe69eaf7
1 changed files with 11 additions and 5 deletions
@@ -96,12 +96,15 @@ export async function initAuth(): Promise<void> {
          max: 100,
          window: 10,
          storage: "memory",
-          customRules: {
-            "/get-session": false,
-          },
+customRules: {
+          "/sign-in/social": { max: 10, window: 60 },
+          "/sign-in/email": { max: 10, window: 60 },
+          "/sign-up/email": { max: 5, window: 60 },
+          "/get-session": false,
        },
-        plugins: [
-          genericOAuth({
+      },
+      plugins: [
+        genericOAuth({
            config: [
              {
                providerId: "authentik",
@@ -247,6 +250,9 @@ export async function initAuth(): Promise<void> {
        window: 10,
        storage: "memory",
        customRules: {
+          "/sign-in/social": { max: 10, window: 60 },
+          "/sign-in/email": { max: 10, window: 60 },
+          "/sign-up/email": { max: 5, window: 60 },
          "/get-session": false,
        },
      },