Authentication Rate Limiter for Security-Critical Endpoints
Strict rate limiter specifically designed for authentication endpoints to prevent
brute force attacks, credential stuffing, and account enumeration attempts. This
limiter has much lower thresholds than the default limiter and is applied to
login, registration, and password reset endpoints.
The restrictive limits help protect user accounts while still allowing legitimate
authentication attempts. Failed authentication attempts are logged for security
monitoring and potential account lockout mechanisms.
Strict rate limiting middleware for auth endpoints
Example
// Usage in authentication routes import { authRateLimiter } from'@/shared/middleware/security';
Authentication Rate Limiter for Security-Critical Endpoints
Strict rate limiter specifically designed for authentication endpoints to prevent brute force attacks, credential stuffing, and account enumeration attempts. This limiter has much lower thresholds than the default limiter and is applied to login, registration, and password reset endpoints.
The restrictive limits help protect user accounts while still allowing legitimate authentication attempts. Failed authentication attempts are logged for security monitoring and potential account lockout mechanisms.
Strict rate limiting middleware for auth endpoints