introduce strict rate limitso on auth router endpoints

2025-12-13 11:36:04 +00:00 · 2025-07-14 18:00:41 -07:00
parent d6fdb38c22
commit b7df0b122d
6 changed files with 236 additions and 99 deletions
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -3,8 +3,6 @@ import yaml from "js-yaml";
 import { configFilePath1, configFilePath2 } from "./consts";
 import { z } from "zod";
 import stoi from "./stoi";
-import { passwordSchema } from "@server/auth/passwordSchema";
-import { fromError } from "zod-validation-error";

 const portSchema = z.number().positive().gt(0).lte(65535);

@@ -179,10 +177,21 @@ export const configSchema = z.object({
                .default({}),
            auth: z
                .object({
-                    window_minutes: z.number().positive().gt(0),
-                    max_requests: z.number().positive().gt(0)
+                    window_minutes: z
+                        .number()
+                        .positive()
+                        .gt(0)
+                        .optional()
+                        .default(1),
+                    max_requests: z
+                        .number()
+                        .positive()
+                        .gt(0)
+                        .optional()
+                        .default(500)
                })
                .optional()
+                .default({}),
        })
        .optional()
        .default({}),