3 replies

Rate limit forgot password (password reset email)

I'm able to send multiple password reset emails in rapid succession. I've tried setting a rate limit but am unclear what I need to enter in the custom function - nothing seems to work. Example:

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },

Any help on what I'm supposed to put in place of

/forget-password/*

/forget-password/*

? I've tried several permutations of it.

Thanks for the help!

Solution

Figured it out. It's this:

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },

and it only works when running in prod - not in dev

Jump to solution

Better Auth•12mo ago•

3 replies

imonaboat

Rate limit forgot password (password reset email)

I'm able to send multiple password reset emails in rapid succession. I've tried setting a rate limit but am unclear what I need to enter in the custom function - nothing seems to work. Example:

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },

Any help on what I'm supposed to put in place of

/forget-password/*

/forget-password/*

? I've tried several permutations of it.

Thanks for the help!

Solution

Figured it out. It's this:

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },

and it only works when running in prod - not in dev

Jump to solution

Rate limit forgot password (password reset email)

Similar Threads

Rate limit forgot password (password reset email)

Similar Threads

Similar Threads

Similar Threads