Better AuthBA
Better Auth11mo ago
imonaboat

Rate limit forgot password (password reset email)

I'm able to send multiple password reset emails in rapid succession. I've tried setting a rate limit but am unclear what I need to enter in the custom function - nothing seems to work. Example:

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },


Any help on what I'm supposed to put in place of /forget-password/*? I've tried several permutations of it.

Thanks for the help!
Solution
Figured it out. It's this:

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },


and it only works when running in prod - not in dev
Jump to solution
Was this page helpful?