forgejo-lila/lila
1
0
Fork 0
Code Issues 50 Pull requests Projects 1 Releases Packages Wiki Activity Actions
lila/apps/api/src/middleware
History
lila 59049002fc
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m50s
Details
fix(api): skip rate limiting for non-sensitive auth endpoints 
The authLimiter was blocking legitimate users because Better Auth's
client polls /get-session frequently (on mount, route changes, focus),
and /sign-out was also getting blocked after repeated session polls.

Skip rate limiting for:
- /get-session — read-only, requires valid cookie, no attack surface
- /sign-out — no attack value in blocking logout
- /callback/* — OAuth callbacks from providers

Brute force protection remains on /sign-in, /sign-up, and other
sensitive endpoints.
2026-04-23 22:12:38 +02:00
..
authMiddleware.ts feat(api): attach session to request in requireAuth 2026-04-16 19:51:10 +02:00
errorHandler.ts feat(api): add global error handler with typed error classes 2026-04-12 08:48:43 +02:00
rateLimiters.test.ts fix(api): skip rate limiting for non-sensitive auth endpoints 2026-04-23 22:12:38 +02:00
rateLimiters.ts fix(api): skip rate limiting for non-sensitive auth endpoints 2026-04-23 22:12:38 +02:00