Skip to content

fix: add rate limiting to POST /auth/resend-otp (#26) #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
lvhong0420 wants to merge 1 commit into from
Closed

fix: add rate limiting to POST /auth/resend-otp (#26) #32

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
203 changes: 108 additions & 95 deletions src/controllers/auth.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,95 +1,108 @@
import { Request, Response } from "express";
import { HTTPSTATUS } from "../config/http.config";
import { asyncHandler } from "../middlewares/asyncHandler.middlerware";
import {
forgotPasswordSchema,
loginSchema,
registerSchema,
resendOtpSchema,
resetPasswordSchema,
verifyOtpSchema,
} from "../validators/auth.validator";
import {
forgotPasswordService,
loginService,
registerService,
resendOtpService,
resetPasswordService,
verifyOtpService,
} from "../services/auth.service";

export const registerController = asyncHandler(
async (req: Request, res: Response) => {
const body = registerSchema.parse(req.body);

const result = await registerService(body);

return res.status(HTTPSTATUS.CREATED).json({
message: "Verification code sent to your email",
data: result,
});
}
);

export const loginController = asyncHandler(
async (req: Request, res: Response) => {
const body = loginSchema.parse({
...req.body,
});
const { user, accessToken, expiresAt, reportSetting } =
await loginService(body);

return res.status(HTTPSTATUS.OK).json({
message: "User logged in successfully",
user,
accessToken,
expiresAt,
reportSetting,
});
}
);

export const verifyOtpController = asyncHandler(
async (req: Request, res: Response) => {
const body = verifyOtpSchema.parse(req.body);
const result = await verifyOtpService(body);

return res.status(HTTPSTATUS.OK).json({
message: "Email verified successfully",
data: result,
});
}
);

export const resendOtpController = asyncHandler(
async (req: Request, res: Response) => {
const body = resendOtpSchema.parse(req.body);
const result = await resendOtpService(body);

return res.status(HTTPSTATUS.OK).json({
message: result.message,
});
}
);

export const forgotPasswordController = asyncHandler(
async (req: Request, res: Response) => {
const body = forgotPasswordSchema.parse(req.body);
const result = await forgotPasswordService(body);

return res.status(HTTPSTATUS.OK).json({
message: result.message,
});
}
);

export const resetPasswordController = asyncHandler(
async (req: Request, res: Response) => {
const body = resetPasswordSchema.parse(req.body);
const result = await resetPasswordService(body);

return res.status(HTTPSTATUS.OK).json({
message: result.message,
});
}
);
import { Request, Response } from "express";
import { HTTPSTATUS } from "../config/http.config";
import { asyncHandler } from "../middlewares/asyncHandler.middlerware";
import {
forgotPasswordSchema,
loginSchema,
registerSchema,
resendOtpSchema,
resetPasswordSchema,
verifyOtpSchema,
} from "../validators/auth.validator";
import {
forgotPasswordService,
loginService,
registerService,
resendOtpService,
resetPasswordService,
verifyOtpService,
} from "../services/auth.service";

const resendCooldowns = new Map<string, number>();

export const registerController = asyncHandler(
async (req: Request, res: Response) => {
const body = registerSchema.parse(req.body);

const result = await registerService(body);

return res.status(HTTPSTATUS.CREATED).json({
message: "Verification code sent to your email",
data: result,
});
}
);

export const loginController = asyncHandler(
async (req: Request, res: Response) => {
const body = loginSchema.parse({
...req.body,
});
const { user, accessToken, expiresAt, reportSetting } =
await loginService(body);

return res.status(HTTPSTATUS.OK).json({
message: "User logged in successfully",
user,
accessToken,
expiresAt,
reportSetting,
});
}
);

export const verifyOtpController = asyncHandler(
async (req: Request, res: Response) => {
const body = verifyOtpSchema.parse(req.body);
const result = await verifyOtpService(body);

return res.status(HTTPSTATUS.OK).json({
message: "Email verified successfully",
data: result,
});
}
);

export const resendOtpController = asyncHandler(
async (req: Request, res: Response) => {
const body = resendOtpSchema.parse(req.body);
const { email } = body;

const now = Date.now();
const lastSent = resendCooldowns.get(email);
if (lastSent && now - lastSent < 60000) {
return res.status(429).json({
message: "Too many requests. Please wait before requesting another code.",
});
}
resendCooldowns.set(email, now);

const result = await resendOtpService(body);

return res.status(HTTPSTATUS.OK).json({
message: result.message,
});
}
);

export const forgotPasswordController = asyncHandler(
async (req: Request, res: Response) => {
const body = forgotPasswordSchema.parse(req.body);
const result = await forgotPasswordService(body);

return res.status(HTTPSTATUS.OK).json({
message: result.message,
});
}
);

export const resetPasswordController = asyncHandler(
async (req: Request, res: Response) => {
const body = resetPasswordSchema.parse(req.body);
const result = await resetPasswordService(body);

return res.status(HTTPSTATUS.OK).json({
message: result.message,
});
}
);
Loading