Skip to content

Commit

Permalink
add rate limiting in /sendOTP api (#86)
Browse files Browse the repository at this point in the history
* add throttle in /sendOTP api

* bump requests number
  • Loading branch information
yuvrajsab authored Sep 21, 2023
1 parent ac66239 commit 20beac4
Showing 1 changed file with 13 additions and 5 deletions.
18 changes: 13 additions & 5 deletions src/api/api.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@ import {
Param,
Patch,
Post,
Query, UnprocessableEntityException, UseInterceptors, UsePipes, ValidationPipe,
Query,
UnprocessableEntityException,
UseInterceptors,
UsePipes,
ValidationPipe,
} from '@nestjs/common';
import {
SignupResponse,
Expand All @@ -26,6 +30,7 @@ import * as Sentry from '@sentry/node';
import { LoginDto } from './dto/login.dto';
import { SendOtpDto } from './dto/send-otp.dto';
import { VerifyOtpDto } from './dto/verify-otp.dto';
import { Throttle } from '@nestjs/throttler';
// eslint-disable-next-line @typescript-eslint/no-var-requires
const CryptoJS = require('crypto-js');

Expand All @@ -49,6 +54,7 @@ export class ApiController {
};
}

@Throttle(10, 60)
@Get('sendOTP')
@UsePipes(new ValidationPipe({ transform: true }))
async sendOTP(
Expand All @@ -68,10 +74,12 @@ export class ApiController {
Sentry.captureMessage('Phone number not registered', {
user: {
username: params.phone,
applicationId: applicationId
}
applicationId: applicationId,
},
});
throw new UnprocessableEntityException(params.errorMessage ?? 'User not found.');
throw new UnprocessableEntityException(
params.errorMessage ?? 'User not found.',
);
}
}
const status: SMSResponse = await this.otpService.sendOTP(params.phone);
Expand Down Expand Up @@ -252,7 +260,7 @@ export class ApiController {
@Headers('authorization') authHeader,
@Headers('x-application-id') applicationId,
): Promise<UsersResponse> {
const queryString = `(id: ${userId})`; // pass the strict user ID filter
const queryString = `(id: ${userId})`; // pass the strict user ID filter
return await this.apiService.fetchUsersByString(
queryString,
undefined,
Expand Down

0 comments on commit 20beac4

Please sign in to comment.