lila/apps at 762cf91f86cd8a2316a021c74db45b9f34316692 - forgejo-lila/lila

History

lila 59049002fc All checks were successful Build and Deploy / build-and-deploy (push) Successful in 1m50s Details fix(api): skip rate limiting for non-sensitive auth endpoints The authLimiter was blocking legitimate users because Better Auth's client polls /get-session frequently (on mount, route changes, focus), and /sign-out was also getting blocked after repeated session polls. Skip rate limiting for: - /get-session — read-only, requires valid cookie, no attack surface - /sign-out — no attack value in blocking logout - /callback/* — OAuth callbacks from providers Brute force protection remains on /sign-in, /sign-up, and other sensitive endpoints.	2026-04-23 22:12:38 +02:00
..
api	fix(api): skip rate limiting for non-sensitive auth endpoints	2026-04-23 22:12:38 +02:00
web	adding labels	2026-04-21 14:44:14 +02:00

Build and Deploy / build-and-deploy (push) Successful in 1m50s

Details

fix(api): skip rate limiting for non-sensitive auth endpoints

The authLimiter was blocking legitimate users because Better Auth's
client polls /get-session frequently (on mount, route changes, focus),
and /sign-out was also getting blocked after repeated session polls.

Skip rate limiting for:
- /get-session — read-only, requires valid cookie, no attack surface
- /sign-out — no attack value in blocking logout
- /callback/* — OAuth callbacks from providers

Brute force protection remains on /sign-in, /sign-up, and other
sensitive endpoints.

2026-04-23 22:12:38 +02:00

api

fix(api): skip rate limiting for non-sensitive auth endpoints

2026-04-23 22:12:38 +02:00

web

adding labels

2026-04-21 14:44:14 +02:00