ankhbayar/Assist_Design
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

refactor: update rate limiting configuration and enhance account event handling

Browse Source 
- Increased default login rate limit from 5 to 20 and adjusted TTL from 15 to 5 minutes for improved security.
- Updated login captcha threshold from 3 to 5 attempts to enhance user experience.
- Modified AccountEventsListener to invalidate additional queries for account updates and support case changes, improving responsiveness to real-time events.
This commit is contained in:
barsa 2026-03-03 14:13:24 +09:00
parent 790e3e65e3
commit 0bf367ffec
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/bff/src/modules/auth/infra/rate-limiting/auth-rate-limit.service.ts
View File

@ -44,8 +44,8 @@ export class AuthRateLimitService {
private readonly configService: ConfigService, private readonly configService: ConfigService,
@Inject(Logger) private readonly logger: Logger @Inject(Logger) private readonly logger: Logger
) { ) {
const loginLimit = this.configService.get<number>("LOGIN_RATE_LIMIT_LIMIT", 5); const loginLimit = this.configService.get<number>("LOGIN_RATE_LIMIT_LIMIT", 20);
const loginTtlMs = this.configService.get<number>("LOGIN_RATE_LIMIT_TTL", 900000); const loginTtlMs = this.configService.get<number>("LOGIN_RATE_LIMIT_TTL", 300000);
const signupLimit = this.configService.get<number>("SIGNUP_RATE_LIMIT_LIMIT", 5); const signupLimit = this.configService.get<number>("SIGNUP_RATE_LIMIT_LIMIT", 5);
const signupTtlMs = this.configService.get<number>("SIGNUP_RATE_LIMIT_TTL", 900000); const signupTtlMs = this.configService.get<number>("SIGNUP_RATE_LIMIT_TTL", 900000);
@ -59,7 +59,7 @@ export class AuthRateLimitService {
const refreshLimit = this.configService.get<number>("AUTH_REFRESH_RATE_LIMIT_LIMIT", 10); const refreshLimit = this.configService.get<number>("AUTH_REFRESH_RATE_LIMIT_LIMIT", 10);
const refreshTtlMs = this.configService.get<number>("AUTH_REFRESH_RATE_LIMIT_TTL", 300000); const refreshTtlMs = this.configService.get<number>("AUTH_REFRESH_RATE_LIMIT_TTL", 300000);
this.loginCaptchaThreshold = this.configService.get<number>("LOGIN_CAPTCHA_AFTER_ATTEMPTS", 3); this.loginCaptchaThreshold = this.configService.get<number>("LOGIN_CAPTCHA_AFTER_ATTEMPTS", 5);
this.captchaAlwaysOn = this.configService.get("AUTH_CAPTCHA_ALWAYS_ON", "false") === "true"; this.captchaAlwaysOn = this.configService.get("AUTH_CAPTCHA_ALWAYS_ON", "false") === "true";
this.loginLimiter = this.createLimiter("auth-login", loginLimit, loginTtlMs); this.loginLimiter = this.createLimiter("auth-login", loginLimit, loginTtlMs);

14
apps/portal/src/features/realtime/components/AccountEventsListener.tsx
View File

@ -42,9 +42,13 @@ export function AccountEventsListener() {
const parsed = JSON.parse(event.data) as RealtimeEventEnvelope; const parsed = JSON.parse(event.data) as RealtimeEventEnvelope;
if (!parsed || typeof parsed !== "object") return; if (!parsed || typeof parsed !== "object") return;
if (parsed.event === "services.eligibility.changed") { if (parsed.event === "account.updated") {
logger.info("Received services.eligibility.changed; invalidating services queries"); logger.info("Received account.updated; invalidating services + verification queries");
void queryClient.invalidateQueries({ queryKey: queryKeys.services.all() }); void queryClient.invalidateQueries({ queryKey: queryKeys.services.all() });
void queryClient.invalidateQueries({
queryKey: queryKeys.verification.residenceCard(),
});
void queryClient.invalidateQueries({ queryKey: queryKeys.me.status() });
return; return;
} }
@ -54,6 +58,12 @@ export function AccountEventsListener() {
return; return;
} }
if (parsed.event === "support.case.changed") {
logger.info("Received support.case.changed; invalidating support queries");
void queryClient.invalidateQueries({ queryKey: queryKeys.support.cases() });
return;
}
if (parsed.event === "orders.changed") { if (parsed.event === "orders.changed") {
logger.info("Received orders.changed; invalidating orders + dashboard queries"); logger.info("Received orders.changed; invalidating orders + dashboard queries");
void queryClient.invalidateQueries({ queryKey: queryKeys.orders.list() }); void queryClient.invalidateQueries({ queryKey: queryKeys.orders.list() });