blob: d2bf7d17133251bc05822ea5e413f77cf00401fb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
import { rateLimiter } from "hono-rate-limiter";
/**
* Rate limiter for login endpoint to prevent brute force attacks.
* Limits to 5 login attempts per minute per IP address.
*/
export const loginRateLimiter = rateLimiter({
windowMs: 60 * 1000, // 1 minute
limit: 5, // 5 requests per window
keyGenerator: (c) =>
c.req.header("x-forwarded-for") ?? c.req.header("x-real-ip") ?? "unknown",
message: {
error: {
message: "Too many login attempts, please try again later",
code: "RATE_LIMIT_EXCEEDED",
},
},
});
|
