mirror/textbee
1
0
Fork 0
mirror of https://github.com/vernu/textbee.git synced 2026-05-19 14:02:04 -04:00
Code Issues Packages Projects Releases Wiki Activity

chore(api): limit max 5 pw reset requests per day

Browse Source
This commit is contained in:
isra el
2025-06-20 19:45:01 +03:00
parent 0fe0f48ef9
commit 6252e4f04e
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/src/auth/auth.service.ts
View File

@@ -160,6 +160,20 @@ export class AuthService {
}
}
// Check if user has requested password reset more than 5 times in the last 24 hours
const twentyFourHoursAgo = new Date(Date.now() - 24 * 60 * 60 * 1000)
const resetCount = await this.passwordResetModel.countDocuments({
user: user._id,
createdAt: { $gte: twentyFourHoursAgo }
})
if (resetCount >= 5) {
throw new HttpException(
{ error: 'Too many password reset requests. Please try again later.' },
HttpStatus.TOO_MANY_REQUESTS
)
}
const otp = Math.floor(100000 + Math.random() * 900000).toString()
const expiresAt = new Date(Date.now() + 20 * 60 * 1000)
@@ -169,7 +183,7 @@ export class AuthService {
otp: hashedOtp,
expiresAt,
})
passwordReset.save()
await passwordReset.save()
const resetLink = `${process.env.FRONTEND_URL || 'https://textbee.dev'}/reset-password?email=${encodeURIComponent(user.email)}&otp=${otp}`