refactor: update rate limiting configuration and enhance account event handling

- Increased default login rate limit from 5 to 20 and adjusted TTL from 15 to 5 minutes for improved security. - Updated login captcha threshold from 3 to 5 attempts to enhance user experience. - Modified AccountEventsListener to invalidate additional queries for account updates and support case changes, improving responsiveness to real-time events.
2026-03-03 14:13:24 +09:00 · 2026-03-03 14:13:24 +09:00 · 0bf367ffec
commit 0bf367ffec
parent 790e3e65e3
2 changed files with 15 additions and 5 deletions
--- a/apps/bff/src/modules/auth/infra/rate-limiting/auth-rate-limit.service.ts
+++ b/apps/bff/src/modules/auth/infra/rate-limiting/auth-rate-limit.service.ts
@ -44,8 +44,8 @@ export class AuthRateLimitService {
    private readonly configService: ConfigService,
    @Inject(Logger) private readonly logger: Logger
  ) {
-    const loginLimit = this.configService.get<number>("LOGIN_RATE_LIMIT_LIMIT", 5);
-    const loginTtlMs = this.configService.get<number>("LOGIN_RATE_LIMIT_TTL", 900000);
+    const loginLimit = this.configService.get<number>("LOGIN_RATE_LIMIT_LIMIT", 20);
+    const loginTtlMs = this.configService.get<number>("LOGIN_RATE_LIMIT_TTL", 300000);

    const signupLimit = this.configService.get<number>("SIGNUP_RATE_LIMIT_LIMIT", 5);
    const signupTtlMs = this.configService.get<number>("SIGNUP_RATE_LIMIT_TTL", 900000);
@ -59,7 +59,7 @@ export class AuthRateLimitService {
    const refreshLimit = this.configService.get<number>("AUTH_REFRESH_RATE_LIMIT_LIMIT", 10);
    const refreshTtlMs = this.configService.get<number>("AUTH_REFRESH_RATE_LIMIT_TTL", 300000);

-    this.loginCaptchaThreshold = this.configService.get<number>("LOGIN_CAPTCHA_AFTER_ATTEMPTS", 3);
+    this.loginCaptchaThreshold = this.configService.get<number>("LOGIN_CAPTCHA_AFTER_ATTEMPTS", 5);
    this.captchaAlwaysOn = this.configService.get("AUTH_CAPTCHA_ALWAYS_ON", "false") === "true";

    this.loginLimiter = this.createLimiter("auth-login", loginLimit, loginTtlMs);
--- a/apps/portal/src/features/realtime/components/AccountEventsListener.tsx
+++ b/apps/portal/src/features/realtime/components/AccountEventsListener.tsx
@ -42,9 +42,13 @@ export function AccountEventsListener() {
          const parsed = JSON.parse(event.data) as RealtimeEventEnvelope;
          if (!parsed || typeof parsed !== "object") return;

-          if (parsed.event === "services.eligibility.changed") {
-            logger.info("Received services.eligibility.changed; invalidating services queries");
+          if (parsed.event === "account.updated") {
+            logger.info("Received account.updated; invalidating services + verification queries");
            void queryClient.invalidateQueries({ queryKey: queryKeys.services.all() });
+            void queryClient.invalidateQueries({
+              queryKey: queryKeys.verification.residenceCard(),
+            });
+            void queryClient.invalidateQueries({ queryKey: queryKeys.me.status() });
            return;
          }

@ -54,6 +58,12 @@ export function AccountEventsListener() {
            return;
          }

+          if (parsed.event === "support.case.changed") {
+            logger.info("Received support.case.changed; invalidating support queries");
+            void queryClient.invalidateQueries({ queryKey: queryKeys.support.cases() });
+            return;
+          }
+
          if (parsed.event === "orders.changed") {
            logger.info("Received orders.changed; invalidating orders + dashboard queries");
            void queryClient.invalidateQueries({ queryKey: queryKeys.orders.list() });