2025-08-21 15:24:40 +09:00
|
|
|
import { Injectable } from "@nestjs/common";
|
|
|
|
|
import { ThrottlerGuard } from "@nestjs/throttler";
|
2025-08-23 18:02:05 +09:00
|
|
|
import type { Request } from "express";
|
2025-08-20 18:02:50 +09:00
|
|
|
|
|
|
|
|
@Injectable()
|
|
|
|
|
export class AuthThrottleGuard extends ThrottlerGuard {
|
2025-08-23 18:02:05 +09:00
|
|
|
protected async getTracker(req: Request): Promise<string> {
|
2025-08-20 18:02:50 +09:00
|
|
|
// Track by IP address for failed login attempts
|
2025-08-22 17:02:49 +09:00
|
|
|
const forwarded = req.headers["x-forwarded-for"];
|
|
|
|
|
const forwardedIp = Array.isArray(forwarded) ? forwarded[0] : forwarded;
|
2025-08-21 15:24:40 +09:00
|
|
|
const ip =
|
2025-08-23 18:02:05 +09:00
|
|
|
(typeof forwardedIp === "string" ? forwardedIp.split(",")[0]?.trim() : undefined) ||
|
2025-08-22 17:02:49 +09:00
|
|
|
(req.headers["x-real-ip"] as string | undefined) ||
|
2025-08-23 18:02:05 +09:00
|
|
|
(req.socket as any)?.remoteAddress ||
|
|
|
|
|
(req as any).ip ||
|
2025-08-21 15:24:40 +09:00
|
|
|
"unknown";
|
|
|
|
|
|
2025-08-20 18:02:50 +09:00
|
|
|
return `auth_${ip}`;
|
|
|
|
|
}
|
|
|
|
|
}
|
