Skip to content

add rate limiting to /api/auth/challenge#179

Open
nice-bills wants to merge 1 commit intoritik4ever:mainfrom
nice-bills:feature/auth-challenge-rate-limiting
Open

add rate limiting to /api/auth/challenge#179
nice-bills wants to merge 1 commit intoritik4ever:mainfrom
nice-bills:feature/auth-challenge-rate-limiting

Conversation

@nice-bills
Copy link
Copy Markdown

@nice-bills nice-bills commented Apr 24, 2026

Adds rate limiting to GET /api/auth/challenge to prevent abuse.

  • express-rate-limit middleware (10 requests per IP per minute)
  • 429 response with Retry-After header when limit exceeded
  • AUTH_CHALLENGE_RATE_LIMIT env var for configurability

Closes: #141

@nice-bills
add rate limiting to /api/auth/challenge
0e8f485 
- express-rate-limit middleware (10 req/min per IP default)
- 429 response with Retry-After header when limit exceeded
- AUTH_CHALLENGE_RATE_LIMIT env var for configurability
- in-memory store (redis optional)
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 24, 2026

@nice-bills is attempting to deploy a commit to the ritik4ever's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 24, 2026

@nice-bills Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[wave4][auth] Add rate limiting to /api/auth/challenge to prevent abuse

1 participant

@nice-bills