From c2eb7513834eeb5adfa53fff897f585de87e4821 Mon Sep 17 00:00:00 2001 From: nsfisis Date: Tue, 30 Dec 2025 22:08:47 +0900 Subject: feat(security): add rate limiting and CORS middleware MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add rate limiting to login endpoint (5 requests/minute per IP) - Configure CORS middleware with environment-based origin control - Expose rate limit headers in CORS for client visibility - Update hono to 4.11.3 for rate limiter peer dependency 🤖 Generated with [Claude Code](https://claude.ai/claude-code) Co-Authored-By: Claude Opus 4.5 --- pnpm-lock.yaml | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) (limited to 'pnpm-lock.yaml') diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5b97aae..b28a5da 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -19,10 +19,10 @@ importers: version: 3.1.1(@fortawesome/fontawesome-svg-core@7.1.0)(react@19.2.1) '@hono/node-server': specifier: ^1.19.6 - version: 1.19.6(hono@4.10.7) + version: 1.19.6(hono@4.11.3) '@hono/zod-validator': specifier: ^0.7.5 - version: 0.7.5(hono@4.10.7)(zod@4.1.13) + version: 0.7.5(hono@4.11.3)(zod@4.1.13) argon2: specifier: ^0.44.0 version: 0.44.0 @@ -36,8 +36,11 @@ importers: specifier: ^0.45.0 version: 0.45.0(@types/pg@8.15.6)(pg@8.16.3) hono: - specifier: ^4.10.7 - version: 4.10.7 + specifier: ^4.11.3 + version: 4.11.3 + hono-rate-limiter: + specifier: ^0.5.3 + version: 0.5.3(hono@4.11.3) pg: specifier: ^8.16.3 version: 8.16.3 @@ -2156,8 +2159,17 @@ packages: resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==} engines: {node: '>= 0.4'} - hono@4.10.7: - resolution: {integrity: sha512-icXIITfw/07Q88nLSkB9aiUrd8rYzSweK681Kjo/TSggaGbOX4RRyxxm71v+3PC8C/j+4rlxGeoTRxQDkaJkUw==} + hono-rate-limiter@0.5.3: + resolution: {integrity: sha512-M0DxbVMpPELEzLi0AJg1XyBHLGJXz7GySjsPoK+gc5YeeBsdGDGe+2RvVuCAv8ydINiwlbxqYMNxUEyYfRji/A==} + peerDependencies: + hono: ^4.10.8 + unstorage: ^1.17.3 + peerDependenciesMeta: + unstorage: + optional: true + + hono@4.11.3: + resolution: {integrity: sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==} engines: {node: '>=16.9.0'} html-encoding-sniffer@4.0.0: @@ -4206,18 +4218,18 @@ snapshots: '@hono/cli@0.1.3': dependencies: - '@hono/node-server': 1.19.6(hono@4.10.7) + '@hono/node-server': 1.19.6(hono@4.11.3) commander: 14.0.2 esbuild: 0.25.12 - hono: 4.10.7 + hono: 4.11.3 - '@hono/node-server@1.19.6(hono@4.10.7)': + '@hono/node-server@1.19.6(hono@4.11.3)': dependencies: - hono: 4.10.7 + hono: 4.11.3 - '@hono/zod-validator@0.7.5(hono@4.10.7)(zod@4.1.13)': + '@hono/zod-validator@0.7.5(hono@4.11.3)(zod@4.1.13)': dependencies: - hono: 4.10.7 + hono: 4.11.3 zod: 4.1.13 '@isaacs/balanced-match@4.0.1': {} @@ -5154,7 +5166,11 @@ snapshots: dependencies: function-bind: 1.1.2 - hono@4.10.7: {} + hono-rate-limiter@0.5.3(hono@4.11.3): + dependencies: + hono: 4.11.3 + + hono@4.11.3: {} html-encoding-sniffer@4.0.0: dependencies: -- cgit v1.2.3-70-g09d2