BA
Better Auth5w ago
Aditya Kirad

not getting rate limited

Hey folks I'm testing the rate limit functionality and here is my code https://mystb.in/56596703647e0db856 even though I'm making more than 2 signIn request in one minute I'm not getting rate limited or any other error also please check if I'm handling the auth error correctly
8 Replies
bekacru
bekacru5w ago
rate limiter works only on prod unless you pass enabled:true to force active it on dev
Aditya Kirad
Aditya KiradOP4w ago
you can check the code I provided I have enabled it
bekacru
bekacru4w ago
okay then sign-in and other endpoints employ custom rate limiting rules by default which is in 10 seconds window you can make max 3 requests. You can pass customRules to override this
Aditya Kirad
Aditya KiradOP4w ago
okay can you check one thing if I'm handling the auth error correctly because error.status === "FORBIDDEN" doesn't clearly suggest that error happened becaus email was not verified or I will get this status when only email is not verified etc
bekacru
bekacru4w ago
it reutrns 429 not 403
Aditya Kirad
Aditya KiradOP4w ago
what? I was talking about this piece of code 
export async function signIn(prevState: unknown, formData: FormData) {
  const submission = parseWithZod(formData, { schema: signInSchema });

  if (submission.status !== "success") {
    return submission.reply();
  }

  try {
    await signInEmail({
      body: {
        ...submission.value,
        callbackURL: "/",
      },
    });
  } catch (error) {
    if (error instanceof APIError) {
      if (error.status === "TOO_MANY_REQUESTS") {
        return submission.reply({
          formErrors: [error.message],
        });
      }
      if (error.status === "FORBIDDEN") {
        return submission.reply({
          formErrors: ["Verify your email before siging in"],
        });
      }
      if (error.status === "UNAUTHORIZED") {
        return submission.reply({
          fieldErrors: {
            email: ["Invalid Credentials"],
            password: ["Invalid Credentials"],
          },
        });
      }
      throw error;
    }
    throw error;
  }
}
export async function signIn(prevState: unknown, formData: FormData) {
  const submission = parseWithZod(formData, { schema: signInSchema });

  if (submission.status !== "success") {
    return submission.reply();
  }

  try {
    await signInEmail({
      body: {
        ...submission.value,
        callbackURL: "/",
      },
    });
  } catch (error) {
    if (error instanceof APIError) {
      if (error.status === "TOO_MANY_REQUESTS") {
        return submission.reply({
          formErrors: [error.message],
        });
      }
      if (error.status === "FORBIDDEN") {
        return submission.reply({
          formErrors: ["Verify your email before siging in"],
        });
      }
      if (error.status === "UNAUTHORIZED") {
        return submission.reply({
          fieldErrors: {
            email: ["Invalid Credentials"],
            password: ["Invalid Credentials"],
          },
        });
      }
      throw error;
    }
    throw error;
  }
}
am I handling the error correct way
bekacru
bekacru4w ago
oh sorry you should check the error message or code instead of relying on status code
Aditya Kirad
Aditya KiradOP3w ago
Hey, I would I like to report one problem with forgetPassword API which is when we invoke it, and it doesn't find the user in database the error is only logged in console not thrown due to which we can't catch it catch block also the status Boolean is always true so that's not helpful also how I am supposed to tell the user it didn't exist

Did you find this page helpful?