41 replies

Rate Limiting Does Not Work

I'm trying to test rate limiting on dev, but unfortunately it doesn't limit anything.

This is my config:

rateLimit: {
    enabled: true,
    window: 60,
    max: 1,
    storage: "memory",
},

rateLimit: {
    enabled: true,
    window: 60,
    max: 1,
    storage: "memory",
},

This is how I try to test the rate limiting:

    <button class="btn"
            on:click={async () => {
            const response = await authClient.signIn.email({
                email: "xxx",
                password: "xxx"
            });
            if (response?.data && !response.error) {
                goto("/dashboard")
            }
          }}
    >Login
    </button>

    <button class="btn"
            on:click={async () => {
            const response = await authClient.signIn.email({
                email: "xxx",
                password: "xxx"
            });
            if (response?.data && !response.error) {
                goto("/dashboard")
            }
          }}
    >Login
    </button>

Due to the config, I'd expect that I can only log in once per minute. But unfortunately, I'm not getting rate limited.

Any ideas?

Better Auth•8mo ago•

41 replies

battlesheep123

Rate Limiting Does Not Work

I'm trying to test rate limiting on dev, but unfortunately it doesn't limit anything.

This is my config:

rateLimit: {
    enabled: true,
    window: 60,
    max: 1,
    storage: "memory",
},

rateLimit: {
    enabled: true,
    window: 60,
    max: 1,
    storage: "memory",
},

This is how I try to test the rate limiting:

    <button class="btn"
            on:click={async () => {
            const response = await authClient.signIn.email({
                email: "xxx",
                password: "xxx"
            });
            if (response?.data && !response.error) {
                goto("/dashboard")
            }
          }}
    >Login
    </button>

    <button class="btn"
            on:click={async () => {
            const response = await authClient.signIn.email({
                email: "xxx",
                password: "xxx"
            });
            if (response?.data && !response.error) {
                goto("/dashboard")
            }
          }}
    >Login
    </button>

Due to the config, I'd expect that I can only log in once per minute. But unfortunately, I'm not getting rate limited.

Any ideas?

Rate Limiting Does Not Work

Similar Threads

Rate Limiting Does Not Work

Similar Threads

Similar Threads

Similar Threads