Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Feature rate limiting #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fulleni merged 21 commits into main from feature_rate_limiting
Jul 29, 2025
Merged
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
adcc0eb
feat(auth): introduce rate limit service interface
fulleni Jul 29, 2025
484d7db
feat(rate-limit): implement MongoDB-backed rate limit service
fulleni Jul 29, 2025
6efac46
feat(rate-limiting): implement rate limiting service
fulleni Jul 29, 2025
2f82e09
feat(database): add rate limit attempts TTL and key indexes
fulleni Jul 29, 2025
167af20
feat(middlewares): implement rate limiter middleware
fulleni Jul 29, 2025
b7e6faa
fix(error_handler): map rate limiting errors to 429 status code
fulleni Jul 29, 2025
c889ba4
feat(routes): add rate limit service to middleware
fulleni Jul 29, 2025
d2c8e7e
feat(auth): add rate limiting to request-code endpoint
fulleni Jul 29, 2025
c19ec59
lint: misc
fulleni Jul 29, 2025
f09468f
chore(env): add rate limiting configuration variables
fulleni Jul 29, 2025
9453122
feat(config): add rate limit configuration parameters
fulleni Jul 29, 2025
65f76a2
refactor(auth): move request-code handler to index.dart and apply rat...
fulleni Jul 29, 2025
9fd3a44
feat(auth): add rate limiting middleware to request code endpoint
fulleni Jul 29, 2025
17df05c
style(auth): remove extra whitespace in request-code handler
fulleni Jul 29, 2025
6134a81
feat(rbac): add rate limiting bypass permission
fulleni Jul 29, 2025
baec763
feat(api): implement rate limiting for data routes
fulleni Jul 29, 2025
8f7a85a
refactor(routes): remove redundant middleware documentation
fulleni Jul 29, 2025
cd5e29b
docs(env): clarify rate limiting configuration in .env.example
fulleni Jul 29, 2025
0377190
docs(README): add built-in API rate limiting features
fulleni Jul 29, 2025
17fc972
fix(config): update default JWT expiry hours to 1 month
fulleni Jul 29, 2025
0bab60d
docs(env): update JWT expiry default and admin configuration
fulleni Jul 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
style(auth): remove extra whitespace in request-code handler 
- Reduced the whitespace between blocks in the `onRequest` function
- Improved code readability and formatting without changing functionality
  • Loading branch information
fulleni committed Jul 29, 2025
commit 17df05c30872e0aef2ae69f0e0b3990eea383be1
42 changes: 20 additions & 22 deletions routes/api/v1/auth/request-code/index.dart
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,27 +70,25 @@ Future<Response> onRequest(RequestContext context) async {
}

try {
// Call the AuthService to handle the logic, passing the context flag.
await authService.initiateEmailSignIn(
email,
isDashboardLogin: isDashboardLogin,
);
// Call the AuthService to handle the logic, passing the context flag.
await authService.initiateEmailSignIn(
email,
isDashboardLogin: isDashboardLogin,
);

// Return 202 Accepted: The request is accepted for processing,
// but the processing (email sending) hasn't necessarily completed.
// 200 OK is also acceptable if you consider the API call itself complete.
return Response(statusCode: HttpStatus.accepted);
} on HttpException catch (_) {
// Let the central errorHandler middleware handle known exceptions
rethrow;
} catch (e, s) {
// Catch unexpected errors from the service layer
_logger.severe('Unexpected error in /request-code handler', e, s);
// Let the central errorHandler handle this as a 500
throw const OperationFailedException(
'An unexpected error occurred while requesting the sign-in code.',
);
}
// Return 202 Accepted: The request is accepted for processing,
// but the processing (email sending) hasn't necessarily completed.
// 200 OK is also acceptable if you consider the API call itself complete.
return Response(statusCode: HttpStatus.accepted);
} on HttpException catch (_) {
// Let the central errorHandler middleware handle known exceptions
rethrow;
} catch (e, s) {
// Catch unexpected errors from the service layer
_logger.severe('Unexpected error in /request-code handler', e, s);
// Let the central errorHandler handle this as a 500
throw const OperationFailedException(
'An unexpected error occurred while requesting the sign-in code.',
);
}
}


AltStyle γ«γ‚ˆγ£γ¦ε€‰ζ›γ•γ‚ŒγŸγƒšγƒΌγ‚Έ (->γ‚ͺγƒͺγ‚ΈγƒŠγƒ«) /