fix: increase rate limits to prevent lockouts (300 general, 50 auth)

This commit is contained in:
root 2026-03-20 23:36:55 +00:00
parent b0561ce714
commit acaec8e0c2

View File

@ -31,7 +31,7 @@ app.use(express.json({ limit: '10mb' }));
// Rate limiting // Rate limiting
const limiter = rateLimit({ const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, max: 300,
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
message: { error: 'Too many requests', message: 'Please try again later' }, message: { error: 'Too many requests', message: 'Please try again later' },
@ -41,7 +41,7 @@ app.use('/api/', limiter);
// Stricter rate limit for auth endpoints // Stricter rate limit for auth endpoints
const authLimiter = rateLimit({ const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, windowMs: 15 * 60 * 1000,
max: 20, max: 50,
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
message: { error: 'Too many login attempts', message: 'Please try again later' }, message: { error: 'Too many login attempts', message: 'Please try again later' },