[FEATURE] Adding Rate limiting to the OTP verify #210
Conversation
|
@RishabhRawatt is attempting to deploy a commit to the ajaynegi45's projects Team on Vercel. A member of the Team first needs to authorize it. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
🎉 Thank you @RishabhRawatt for your contribution! Your pull request has been submitted successfully. A maintainer will review it as soon as possible. We appreciate your support in making this project better.
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Hi @RishabhRawatt,
Thank you for your prompt work on this issue. I appreciate your dedication to the project.
I have reviewed your work, and I'm pleased to inform you that I have merged your pull request. Your changes looks fantastic, and it aligns perfectly with the project's design and usability goals. Great job!
If you have any more contributions or if there's anything else you'd like to work on in the future, please don't hesitate to let us know. Your efforts are valuable to the project's success.
Once again, thank you for your contribution! ❤️
ajaynegi45
added
status: ready for dev
|
@RishabhRawatt, now you can work on feature edit profile details or forget password etc. |
|
Sure I will try to contribute more later ⛰️ |
Description
Added rate limiting mechanism was implemented for the OTP verification route to prevent brute force attacks.
In-Memory Store:
An in-memory store was added to track the number of OTP verification attempts per user.
Rate Limit Configuration:
The rate limit was set to a maximum of 3 requests per 5-minute window.
Check Rate Limit: A function
checkRateLimitwas introduced to check and update the request count for each user. If the limit is exceeded, a 429 status code is returned with a message indicating the limit has been reached.This enhancement addresses issue #208, ensuring that the OTP verification route is protected from excessive requests and potential exploitation.
Screenshots