josh/Vector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: remove auth rate limiting
CI / Lint · Typecheck · Test · Build (push) Successful in 51s
Details
CI / Playwright (smoke) (push) Has been skipped
Details
CI / Build & push images (push) Successful in 1m59s
Details

Browse Source 
Vector is an internal service — throttling /api/auth requests provides
no meaningful protection and gets in the way of legitimate use. Drops
the express-rate-limit middleware and dependency.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Josh Wright
2026-04-19 20:19:12 -04:00
parent da6bd071ee
commit be20fe587a
3 changed files with 1 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/package.json
-1
View File
@@ -22,7 +22,6 @@
"cors": "^2.8.6",
"dotenv": "^17.4.2",
"express": "^5.2.1",
"express-rate-limit": "^8.3.2",
"helmet": "^8.1.0",
"jsonwebtoken": "^9.0.3",
"pino": "^10.3.1",
apps/api/src/app.ts
+1 -10
View File
@@ -3,7 +3,6 @@ import cookieParser from 'cookie-parser';
import cors from 'cors';
import helmet from 'helmet';
import { pinoHttp } from 'pino-http';
import rateLimit from 'express-rate-limit';
import { prisma } from '@vector/db';
import { env } from './env.js';
@@ -69,15 +68,7 @@ app.get('/readyz', async (_req, res) => {
}
});
const authLimiter = rateLimit({
windowMs: 60 * 1000,
limit: env.NODE_ENV === 'production' ? 5 : 50,
standardHeaders: 'draft-7',
legacyHeaders: false,
message: { code: 'RATE_LIMITED', message: 'Too many auth requests. Try again soon.' },
});
app.use('/api/auth', authLimiter, authRoutes);
app.use('/api/auth', authRoutes);
app.use('/api', requireCsrf);
app.use('/api/users', userRoutes);
app.use('/api/manufacturers', manufacturerRoutes);
pnpm-lock.yaml
Generated
-20
View File
@@ -41,9 +41,6 @@ importers:
express:
specifier: ^5.2.1
version: 5.2.1
express-rate-limit:
specifier: ^8.3.2
version: 8.3.2(express@5.2.1)
helmet:
specifier: ^8.1.0
version: 8.1.0
@@ -1936,12 +1933,6 @@ packages:
resolution: {integrity: sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==}
engines: {node: '>=12.0.0'}
express-rate-limit@8.3.2:
resolution: {integrity: sha512-77VmFeJkO0/rvimEDuUC5H30oqUC4EyOhyGccfqoLebB0oiEYfM7nwPrsDsBL1gsTpwfzX8SFy2MT3TDyRq+bg==}
engines: {node: '>= 16'}
peerDependencies:
express: '>= 4.11'
express@5.2.1:
resolution: {integrity: sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==}
engines: {node: '>= 18'}
@@ -2138,10 +2129,6 @@ packages:
resolution: {integrity: sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==}
engines: {node: '>=12'}
ip-address@10.1.0:
resolution: {integrity: sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==}
engines: {node: '>= 12'}
ipaddr.js@1.9.1:
resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==}
engines: {node: '>= 0.10'}
@@ -4572,11 +4559,6 @@ snapshots:
expect-type@1.3.0: {}
express-rate-limit@8.3.2(express@5.2.1):
dependencies:
express: 5.2.1
ip-address: 10.1.0
express@5.2.1:
dependencies:
accepts: 2.0.0
@@ -4778,8 +4760,6 @@ snapshots:
internmap@2.0.3: {}
ip-address@10.1.0: {}
ipaddr.js@1.9.1: {}
is-extglob@2.1.1: {}