From 2a2cc968637401d722af9280f19d5a94daf05e11 Mon Sep 17 00:00:00 2001 From: Artem Niehrieiev Date: Mon, 9 Feb 2026 12:41:13 +0000 Subject: [PATCH] feat: update throttle limits for company and user endpoints --- .../entities/company-info/company-info.controller.ts | 5 +++-- backend/src/entities/user/user.controller.ts | 10 ++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/backend/src/entities/company-info/company-info.controller.ts b/backend/src/entities/company-info/company-info.controller.ts index 2d62193b3..dca117414 100644 --- a/backend/src/entities/company-info/company-info.controller.ts +++ b/backend/src/entities/company-info/company-info.controller.ts @@ -210,7 +210,7 @@ export class CompanyInfoController { type: FoundUserFullCompanyInfoDs, }) @UseGuards(CompanyUserGuard) - @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) + @Throttle({ default: { limit: isTest() ? 200 : 10, ttl: 60000 } }) @Get('my/full') async getUserCompanies(@UserId() userId: string): Promise { return await this.getUserFullCompanyInfoUseCase.execute(userId); @@ -224,7 +224,7 @@ export class CompanyInfoController { type: InvitedUserInCompanyAndConnectionGroupDs, }) @UseGuards(CompanyAdminGuard) - @Throttle({ default: { limit: isTest() ? 200 : 10, ttl: 60000 } }) + @Throttle({ default: { limit: isTest() ? 200 : 15, ttl: 60000 } }) @Put('user/:companyId') async inviteUserInCompanyAndConnectionGroup( @UserId() userId: string, @@ -294,6 +294,7 @@ export class CompanyInfoController { description: 'User was successfully invited.', type: TokenExpirationResponseDto, }) + @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) @Post('/invite/verify/:verificationString') async verifyCompanyInvitation( @Req() request: Request, diff --git a/backend/src/entities/user/user.controller.ts b/backend/src/entities/user/user.controller.ts index 7cf2b9997..16bf7ccbd 100644 --- a/backend/src/entities/user/user.controller.ts +++ b/backend/src/entities/user/user.controller.ts @@ -145,7 +145,7 @@ export class UserController { description: 'Login successful.', type: TokenExpDs, }) - @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) + @Throttle({ default: { limit: isTest() ? 200 : 10, ttl: 60000 } }) @Post('user/login/') async usualLogin( @Res({ passthrough: true }) response: Response, @@ -252,6 +252,7 @@ export class UserController { description: 'Email verification requested.', type: OperationResultMessageDs, }) + @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) @Get('user/email/verify/request') async requestEmailVerification(@UserId() userId: string): Promise { return await this.requestEmailVerificationUseCase.execute(userId, InTransactionEnum.ON); @@ -263,6 +264,7 @@ export class UserController { description: 'Email verified.', type: OperationResultMessageDs, }) + @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) @Get('user/email/verify/:verificationString') async verifyEmail( @VerificationString('verificationString') verificationString: string, @@ -270,7 +272,6 @@ export class UserController { return await this.verifyEmailUseCase.execute(verificationString, InTransactionEnum.ON); } - //todo: make admin endpoint @ApiOperation({ summary: 'Verify user password reset' }) @ApiBody({ type: PasswordDto }) @ApiResponse({ @@ -278,6 +279,7 @@ export class UserController { description: 'Password reset verified.', type: RegisteredUserDs, }) + @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) @Post('user/password/reset/verify/:verificationString') async resetUserPassword( @Body() passwordData: PasswordDto, @@ -309,6 +311,7 @@ export class UserController { description: 'Email change requested.', type: OperationResultMessageDs, }) + @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) @Get('user/email/change/request/') async askChangeUserEmail(@UserId() userId: string): Promise { return await this.requestChangeUserEmailUseCase.execute(userId, InTransactionEnum.ON); @@ -321,6 +324,7 @@ export class UserController { description: 'Email change verified.', type: OperationResultMessageDs, }) + @Throttle({ default: { limit: isTest() ? 200 : 5, ttl: 60000 } }) @Post('user/email/change/verify/:verificationString') async verifyChangeUserEmail( @BodyEmail('email') email: string, @@ -407,6 +411,7 @@ export class UserController { description: 'Token verified.', type: OtpValidationResultDS, }) + @Throttle({ default: { limit: isTest() ? 200 : 10, ttl: 60000 } }) @Post('user/otp/verify/') async verifyOtp(@UserId() userId: string, @Body() otpTokenData: OtpTokenDto): Promise { const { otpToken } = otpTokenData; @@ -433,6 +438,7 @@ export class UserController { description: 'Two-factor authentication token validated.', type: TokenExpDs, }) + @Throttle({ default: { limit: isTest() ? 200 : 10, ttl: 60000 } }) @Post('user/otp/login/') async validateOtp( @Req() request: Request,